Privacy Policy

1. Data Collection and Usage

We collect various types of personal information and related information to provide, maintain, improve, and secure our Site and Service. This includes:

Directly Collected Information:

• Personal Information: When you sign up for our Service, we may collect information such as your name, email address, company name, billing information, and other account or registration information provided during registration or account updates.
• Usage Data: Information about how you use our Site or Service, such as pages visited, features used, time and date of visits, diagnostic data, prompts or queries submitted through the Service, and related interaction data collected from your use of the Service.
• Communications: Information provided when contacting us, including message content, prompts, requests, support communications, feedback, and attachments, collected to respond to inquiries and provide customer support.
• Uploaded or Connected Data: Information, files, datasets, documents, or other content uploaded to the Service or made available through connected databases, integrations, applications, CRMs, data warehouses, or other third-party services connected by users.

Indirectly Collected Information:

• Technical Information: Technical information related to your device and internet connection, such as IP address, browser type and version, operating system, device identifiers, log data, and related technical information collected automatically during use of the Site or Service.
• Cookies and Tracking Technologies: Cookies and similar tracking technologies track activity on our Site and Service and store certain information to analyze, maintain, improve, and secure user experience. You can manage cookie preferences through browser settings.

Sensitive or Regulated Data:

• The Service is not intended for the upload, storage, or processing of protected health information regulated by HIPAA or other highly sensitive or regulated information unless expressly authorized by Athenic AI in writing.
• Users are responsible for ensuring they have all necessary rights, permissions, and authority to provide information to the Service and for ensuring that they do not upload or connect information they are prohibited from disclosing.

Cached Data:

• Data Caching: We may cache previews of your data and other related information to enhance user experience, improve Service functionality, and provide faster access to frequently used information. Cached data may be stored temporarily and periodically cleared.

2. Purpose and Lawful Basis of Data Usage

Your data is used for the following purposes:

• To Provide and Maintain our Site and Service: We use your data to ensure the functionality, operation, performance, and security of our Site and Service, including troubleshooting issues, monitoring usage, generating analytics or outputs, maintaining integrations, and improving user experience. Lawful basis: performance of a contract with you.
• To Notify You About Changes to Our Site or Service: We use contact information to inform you about updates, new features, changes to terms or policies, security notifications, administrative communications, or other important information related to the Site or Service. Lawful basis: our legitimate interest in keeping users informed about important updates related to the Site or Service.
• To Improve Our Site and Service: We analyze usage patterns, prompts, queries, interactions, feedback, and related information to improve functionality, develop new features, enhance platform performance, improve AI-powered features and outputs, and support research and development activities. Lawful basis: our legitimate interest in improving and developing our Site and Service.
• To Provide Customer Support: We use your data to respond to and resolve inquiries efficiently, using message content, prompts, requests, support communications, and attachments to understand and address concerns. Lawful basis: performance of a contract with you and our legitimate interest in providing effective customer support.
• To Process Transactions and Administer Accounts: We may use your information to administer accounts, manage subscriptions, process payments, administer prepaid credits or usage-based access, and maintain related records. Lawful basis: performance of a contract with you and our legitimate interest in administering the Site and Service.
• To Maintain Security and Prevent Misuse: We may use your information to detect, investigate, prevent, or address fraud, abuse, unauthorized access, security incidents, violations of our Terms of Use, or other unlawful or harmful activity. Lawful basis: our legitimate interest in maintaining the integrity, security, and reliability of the Site and Service.
• To Comply with Legal Obligations: We may process your data to comply with applicable laws, regulations, legal processes, or governmental requests. Lawful basis: compliance with a legal obligation.
• To Conduct Marketing Activities: With your consent where required by applicable law, we may use your data to send promotional materials, product updates, marketing communications, special offers, or information regarding new features or services. You may opt out of marketing communications at any time. Lawful basis: your consent and/or our legitimate interests, as permitted by applicable law.
• To Enforce Our Terms and Policies: We may use your data to enforce our Terms of Use and other policies, investigate potential violations, and take appropriate action. Lawful basis: our legitimate interest in maintaining the integrity and security of the Site and Service.

3. Data Sharing

We may share your data and related information with third parties under specific circumstances. This includes third-party service providers, vendors, contractors, and subprocessors who assist us in operating, maintaining, securing, improving, and providing the Site and Service, such as hosting providers, cloud infrastructure providers, analytics providers, payment processors, customer support platforms, integration providers, and AI or machine learning service providers. These providers are authorized to access and use information only as necessary to provide services to us and are obligated to protect information in accordance with applicable contractual and legal requirements. Details regarding certain subprocessors may be made available on our Sub-processors page.

We may also disclose your information:

• if required to do so by law, regulation, legal process, or valid governmental request;
• to enforce our Terms of Use or other policies;
• to detect, investigate, prevent, or address fraud, security incidents, or other unlawful or harmful activity;
• to protect the rights, property, safety, security, or integrity of Athenic AI, our users, customers, or others;
• in connection with a merger, acquisition, financing, asset sale, reorganization, bankruptcy, or similar business transaction;
• or with your consent or at your direction.

We may also use and disclose aggregated, anonymized, or deidentified information that does not reasonably identify any individual for lawful business purposes, including analytics, research, product improvement, and Service optimization.

4. Data Retention

We retain personal information and related information for as long as reasonably necessary for the purposes described in this Privacy Policy, including to:

• provide, maintain, and improve the Site and Service;
• maintain accounts and customer relationships;
• support integrations and Service functionality;
• provide customer support;
• comply with legal, regulatory, tax, accounting, or reporting obligations;
• resolve disputes and enforce agreements;
• maintain security and prevent fraud, abuse, or misuse;
• and support legitimate business and operational needs.

Retention periods may vary depending on the nature of the information, the context in which it was collected, applicable legal requirements, and operational or technical considerations. We may retain aggregated, anonymized, or deidentified information for lawful business purposes to the extent permitted by applicable law. Cached data, previews, analytics, outputs, and other temporary or performance-related data may be stored for limited periods to enhance user experience, improve functionality, maintain security, and support Service performance.

5. Data Access

Access to personal information and related information is restricted to authorized personnel, service providers, contractors, and subprocessors who require access for legitimate business, operational, security, support, development, or legal purposes related to the Site or Service. We implement administrative, technical, and organizational measures designed to limit access to information based on the principle of least privilege and to help prevent unauthorized access, use, disclosure, alteration, or destruction of information. Third-party service providers and subprocessors that process information on our behalf are required to protect information in accordance with applicable contractual and legal obligations.

6. Data Security

We take the security of your data seriously and implement commercially reasonable administrative, technical, and organizational measures designed to protect personal information and related information against unauthorized access, disclosure, alteration, loss, misuse, or destruction. These measures may include safeguards relating to system security, access controls, authentication, encryption, monitoring, and secure cloud infrastructure. While we strive to use commercially reasonable means to protect information, no method of transmission over the internet or method of electronic storage is completely secure or error-free, and we cannot guarantee absolute security.

7. Handling Data Requests

If you contact us regarding your personal information or applicable privacy rights, we may take reasonable steps to verify your identity before responding to your request in order to protect the security of your information and prevent unauthorized access or disclosure. We will handle requests relating to personal information in accordance with applicable laws and our policies, which may include providing access to personal information, correcting inaccuracies, deleting information, or otherwise responding to applicable privacy rights requests. In certain circumstances, we may limit or decline a request where permitted or required by applicable law, including where we are unable to verify identity, locate responsive information, or where an exception or legal obligation applies.

8. Our Role as a Data Controller and Data Processor

Athenic AI may act as either a data controller or a data processor depending on the context in which personal information is processed.

As a Data Controller:

Athenic AI acts as a data controller when we determine the purposes and means of processing personal information, including information collected in connection with the Site, account administration, communications, business operations, security, analytics, and related activities described in this Privacy Policy. When acting as a data controller, we process personal information in accordance with applicable laws and implement measures designed to protect personal information and facilitate applicable privacy rights.

As a Data Processor:

In certain circumstances, Athenic AI may process personal information on behalf of customers in connection with the Service, including where customers upload information, connect databases or integrations, or otherwise use the Service to process customer-controlled data. In those circumstances, Athenic AI generally processes personal information on behalf of and under the instructions of the applicable customer, subject to applicable agreements and law. Where applicable, additional terms relating to data processing, security, privacy, or compliance may be addressed in separate agreements, including data processing addenda or enterprise customer agreements. If you have any questions about our role as a data controller or data processor, please contact us at privacy@athenic.com.

9. Cookies

Cookies are files with a small amount of data that are commonly used as anonymous unique identifiers. These are sent to your browser from websites or online services you visit and are stored on your device. Our Site and Service use cookies and similar tracking technologies to collect information and to help operate, maintain, analyze, improve, and secure the Site and Service. You have the option to accept or refuse certain cookies through your browser settings. However, if you choose to refuse certain cookies, you may not be able to use some portions or functionality of the Site or Service.

10. Links to Other Sites

Our Site or Service may contain links to third-party websites, applications, or services. If you click on a third-party link, you may be directed to that third party's website, application, or service. Please note that these third-party sites and services are not operated or controlled by Athenic AI. We strongly encourage you to review the privacy policies and terms of any third-party websites or services that you visit or use. We have no control over, and assume no responsibility for, the content, privacy practices, or policies of any third-party websites, applications, or services.

11. Children's Privacy

Our Site and Service are not directed to children under the age of 13, and we do not knowingly collect personal information from children under 13. If we become aware that a child under 13 has provided personal information through the Site or Service, we will take reasonable steps to delete such information from our systems. If you are a parent or guardian and believe that your child has provided personal information to us, please contact us so that we may take appropriate action.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes to the Site, Service, applicable law, or our business practices. When we make material changes to this Privacy Policy, we may provide notice through the Site or Service, by email, or through other appropriate means, as required by applicable law. Your continued use of the Site or Service following the posting or effective date of an updated Privacy Policy constitutes your acknowledgment of the revised Privacy Policy.

13. California-Specific Disclosures

These California-specific disclosures apply solely to individual residents of the State of California, within the scope of the California Consumer Privacy Act of 2018 ("CCPA") as amended by the California Privacy Rights Act ("CPRA"). In addition, we may not be able to process your request if you do not provide us with sufficient detail to allow us to confirm your identity or understand and respond to it. For purposes of this section, the term "Personal Information" has the meaning given to "personal data," "Personal Information," or other similar terms in the CCPA and does not include information exempted from the scope of the CCPA, such as publicly available information. "Sensitive Personal Information" has the meaning given to such term in the CCPA.

Your Privacy Rights

We do not "sell" or "share" Personal Information as those terms are defined in the CCPA (and have not done so during the prior 12 months). We do not engage in any "Profiling" (as such term is defined under the CCPA) in furtherance of decisions that produce legal or similarly significant effects about you, where regulated by the CCPA. We also do not use or disclose Sensitive Personal Information for purposes that California residents have a right to limit under the CCPA, and where required by applicable law, we obtain your consent before we collect Sensitive Personal Information from you.

• Right to Know: You have the right to request disclosure of Personal Information that we collect about you and how it is used and shared.
• Right to Correct: You may request to correct inaccurate Personal Information that we have collected about you.
• Right to Request Deletion: You may ask us to delete certain Personal Information that we have collected from you.
• Right to Opt-Out of Sale of Personal Information: You have the right to opt out of the sale of your Personal Information. Please note that we do not sell any Personal Information.
• Right to Limit Disclosure: You have the right to limit the use and disclosure of Sensitive Personal Information about you.
• Right to Non-discrimination: You are entitled to exercise the rights described above free from discrimination as prohibited by applicable law.

Exercising your rights:

If you would like to exercise any of these rights, please contact us as set forth in "Contact Us" below. We will process such requests in accordance with applicable laws. To verify your identity, we may require government identification, a declaration under penalty of perjury, or other information, where permitted by law.

14. European Privacy Rights

If you are located in the European Economic Area, Switzerland, or the United Kingdom, you may have certain rights regarding your personal data under applicable data protection laws, including the GDPR and UK GDPR. These rights include:

• Right of Access: You have the right to access the personal data we hold about you.
• Right to Rectification: You have the right to request the correction of any inaccurate or incomplete personal data.
• Right to Erasure: In certain circumstances, you may request deletion of your personal data.
• Right to Restriction of Processing: You have the right to request the restriction of certain processing activities under applicable law.
• Right to Object to Processing: You have the right to object to certain processing activities, including certain processing based on legitimate interests or direct marketing.
• Right to Data Portability: You may request a copy of certain personal data in a structured, commonly used, and machine-readable format, where applicable.

To exercise any applicable privacy rights, please contact us at privacy@athenic.com. We may take reasonable steps to verify your identity before responding to a request. We will respond to applicable requests within the time periods required by applicable law. In certain circumstances, we may limit or decline a request where permitted or required by law.

15. Contact

If you have any questions regarding this Privacy Policy or our privacy practices, please contact us at:

Email: privacy@athenic.com

Athenic AI
1440 Broadway, STE 800
Oakland, CA 94612

Our EU Representative:

Under Article 27 of the GDPR, we have appointed an EU Representative to act as our data protection agent. Our nominated EU Representative is:

Instant EU GDPR Representative Ltd.
Adam Brogden
contact@gdprlocal.com
Tel +35315549700