Privacy Policy

1. Data controller

The data controller is Allera, based in Argentina. For privacy inquiries, you can contact us at info@allera.io.

Where applicable under Argentine law (Law 25,326 on Personal Data Protection and supplementary regulations) or data protection laws of other Latin American countries where we operate, Allera acts as data controller with respect to its direct users' data, and as data processor with respect to data entrusted to it by its corporate clients.

2. Data we collect

We collect data in the following categories:

• Account data: name, surname, email address, job title, and company name, required to create and manage your account.
• Platform usage data: actions taken within the platform (dashboard views, reviewed recommendations, parameter adjustments), access logs, and session times.
• Technical performance data: IP address, browser type, operating system, and pages visited, collected automatically to maintain security and improve the service.
• Commercial contact data: if you complete a demo form or email us, we store that information to manage the business relationship.
• Billing data: billing information required for payment processing, managed through PCI-DSS certified payment providers. Allera does not store credit card numbers.

3. Purpose and legal basis

We process your personal data for the following purposes and legal bases:

• Provision of the contracted service: necessary for the performance of the contract (terms of service) you agreed to when activating your account.
• Service-related communications: technical notifications, security alerts, and relevant platform updates, based on our legitimate interest in keeping users informed.
• Commercial communications and marketing: with your prior explicit consent, we may send you information about new features, webinars, or related content. You may unsubscribe at any time.
• Legal compliance and rights protection: when necessary to comply with legal obligations or to exercise or defend rights in judicial or administrative proceedings.
• Service improvement: aggregated and anonymized usage analysis to improve the platform, based on legitimate interest.

4. Our customers' end-user data

Allera processes operational data that our corporate clients (retail brands) upload to the platform. This data may include information on sales, inventory, and SKU performance by store. In no case does it include personal data of end consumers: the platform works exclusively with product data and aggregated commercial performance data.

In the context where our clients provide us with data about their internal staff (for example, to manage platform users), Allera acts as data processor and processes such data solely under the client's instructions, as set out in the Data Processing Agreement (DPA) included in the service contract.

5. Sharing data with third parties

We do not sell, rent, or share your personal data with third parties for advertising or commercial purposes of our own. We may share data in the following cases:

• Service providers: companies that provide services on our behalf (cloud infrastructure, payment processing, transactional email delivery). They are subject to confidentiality agreements and may not use your data for other purposes.
• Legal obligations: when required by law, a court order, or a competent authority, we may disclose the necessary information.
• Business reorganization: in the event of a merger, acquisition, or asset sale, data may be transferred to the successor, which will be bound by the same privacy obligations.

The main sub-processors we currently work with include cloud infrastructure services located in North America and Europe, all with international security certifications (SOC 2, ISO 27001).

6. International data transfers

Part of our infrastructure operates on servers located outside Argentina or your country of residence. In such cases, we adopt the necessary safeguards to ensure your data receives a level of protection equivalent to that of your jurisdiction, including standard contractual clauses and the selection of providers located in countries with a recognized adequate level of protection.

7. Retention periods

We retain your personal data for as long as necessary for the purposes described in this policy:

• Active account data: while your account is active and for 12 months after service cancellation.
• Billing data: for the periods required by applicable tax regulations (generally 5 to 10 years).
• Support and communication data: up to 3 years from the last interaction, unless required by law.
• Technical logs: up to 90 days, unless required for ongoing security investigations.

8. Your rights

Depending on the regulations applicable in your country, you may exercise the following rights regarding your personal data:

• Access: request a copy of the personal data we hold about you.
• Rectification: correct inaccurate or incomplete data.
• Erasure: request the deletion of your data when it is no longer necessary or when you withdraw your consent.
• Portability: receive your data in a structured, commonly used format.
• Objection and restriction: object to processing based on legitimate interest or request its restriction in certain circumstances.
• Withdrawal of consent: withdraw at any time consent given for non-essential processing (e.g., marketing).

To exercise any of these rights, send us an email to info@allera.io with the subject line "Data Rights Request". We will respond within 30 business days.

If you believe that the processing of your data does not comply with regulations, you have the right to lodge a complaint with the data protection supervisory authority in your country.

9. Data security

Allera implements appropriate technical and organizational measures to protect your data against unauthorized access, loss, alteration, or disclosure. These measures include:

• Encryption in transit (TLS 1.2+) and at rest for all stored data.
• Role-based access and least-privilege principle for internal staff.
• Two-factor authentication for access to production systems.
• Regular security reviews and vulnerability management.
• Automated backups with retention according to the periods indicated in the previous section.

In the event of a security breach affecting your personal data, we will notify you in accordance with the deadlines and requirements established by applicable regulations.

10. Cookies and similar technologies

Our website uses cookies and similar technologies to improve the browsing experience and analyze traffic. The cookies we use are:

• Essential cookies: necessary for the basic functioning of the site (e.g., maintaining the logged-in session). No consent required.
• Preference cookies: store your language preference (allera_lang) so you do not have to select it every time you visit the site.
• Analytics cookies: we use web analytics tools to understand how the site is used. Data is anonymized and not used to identify you.

You can configure your browser to reject cookies or to alert you before accepting them. Note that some site features may not be available if you disable essential cookies.

11. Changes to this policy

We may update this Privacy Policy periodically. When we make significant changes, we will notify you by email (if you have an active account) or through a prominent notice on the website, at least 30 days before the changes take effect.

The date of the last update always appears in the header of this document. Continued use of the platform or website after the effective date implies acceptance of the updated policy.

12. Contact

For any inquiries, exercise of rights, or incident reports related to the privacy of your data, you can contact us through the following means:

• Email: info@allera.io

We do our best to respond to all inquiries within 5 business days, and formal rights exercise requests within 30 business days.