Privacy Policy
Last updated: 22 June 2026
This Privacy Policy explains how we collect, use and protect personal data when you use Orpheas AI and our website. We respect your privacy and process data in accordance with the General Data Protection Regulation (GDPR) and applicable law.
1. Data controller
The data controller is Παπατάσιος και ΣΙΑ ΕΕ, with registered office at 47 Solonos St., Kolonaki, Athens, 10672, Greece (VAT EL802838365 · GEMI 183697103000). For any matter regarding your data, contact us at apapatasios@earmedical.gr.
2. What data we collect
- Account & business details: name, email, phone, business name, industry — what you provide at sign-up or in contact forms.
- Usage data: information about how you use the service (actions, volume metrics), so it can operate and improve.
- Technical data: IP address, device/browser type and basic logs, for security and availability.
- Your end-customer data: when you use Orpheas to serve your own customers, we process their data on your behalf as a processor.
3. Purposes & legal basis
- Providing and operating the service — performance of a contract.
- Security, abuse prevention and improvement — legitimate interest.
- Communications and updates you request (e.g. early access) — consent or legitimate interest.
- Compliance with legal obligations (e.g. tax) — legal obligation.
4. Sharing & subprocessors
We do not sell personal data. We share data only with providers that help us operate the service (hosting, email delivery, infrastructure), bound by data processing agreements. Indicative providers: Papaki (application hosting, Greece), Neon (database, EU/Frankfurt).
5. International transfers
We aim to keep data within the EU/EEA. Where a transfer outside the EEA is needed, it is made with appropriate safeguards (e.g. Standard Contractual Clauses).
6. Retention
We keep data for as long as your account is active and for as long as required for legal, accounting or operational reasons. After that it is deleted or anonymised.
7. Your rights
You have the right to access, rectify, erase, restrict, port and object, as well as to withdraw consent. To exercise your rights, contact apapatasios@earmedical.gr. You also have the right to lodge a complaint with the Data Protection Authority.
8. Security
We apply appropriate technical and organisational measures (encryption in transit, access controls, per-business data isolation). No method is completely secure, but we continuously work to protect your data.
9. Cookies
We use limited, essential cookies. See our Cookie Policy.
10. Children
The service is intended for businesses and is not directed at minors.
11. Changes to this policy
We may update this policy. We will revise the "Last updated" date and, for material changes, notify you where required.
12. Contact
For privacy questions: apapatasios@earmedical.gr — Παπατάσιος και ΣΙΑ ΕΕ, Greece.
