Privacy Policy

Last Modified: August 19, 2024

Athenic AI operates www.Athenic.com, which provides the SERVICE.

This page informs website visitors regarding our policies with the collection, use, and disclosure of Personal Information if anyone decided to use our Service. If you choose to use our Service, then you agree to the collection and use of information in relation with this policy. The Personal Information that we collect is used for providing and improving the Service. We will not use or share your information with anyone except as described in this Privacy Policy.

1. Data Collection and Usage

We collect various types of personal data to provide and improve our Service. This includes:

Directly Collected Information:

  • Personal Information: When you sign up for our Service, we collect your email address provided during registration or account updates.
  • Usage Data: Information about how you use our Service, such as pages visited, time and date of visit, and diagnostic data collected from your interactions.
  • Communications: Information provided when contacting us, including message content and attachments, collected to respond to inquiries and provide customer support.

Indirectly Collected Information:

  • Technical Information: Technical information related to your device and internet connection, such as IP address, browser type, and version, collected automatically during Service use.
  • Cookies and Tracking Technologies: Cookies and similar tracking technologies track activity on our Service and store certain information to analyze and improve user experience. You can manage cookie preferences through browser settings.

Special Category Data and Criminal Conviction Data:

  • Special Category Data: We do not collect special category data such as data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, health data, or data concerning sex life or sexual orientation.
  • Criminal Conviction Data: We do not collect or process data related to criminal convictions and offenses.

Cached Data:

  • Data Caching: We cache previews of your data to enhance user experience and provide faster access to frequently used information. This cached data is stored temporarily and used solely to improve Service performance.

2. Purpose and Lawful Basis of Data Usage

Your data is used for the following purposes:

  • To Provide and Maintain our Service: We use your data to ensure functionality and performance of our Service, including troubleshooting issues, monitoring usage, and improving user experience. Lawful basis: performance of a contract with you.
  • To Notify You About Changes to Our Service: We use contact information to inform you about updates, new features, or changes to terms and policies. Lawful basis: our legitimate interest in keeping you informed about important updates related to the Service.
  • To Improve Our Service: We analyze user behavior and preferences to enhance user experience and develop new features. Lawful basis: our legitimate interest in improving and developing our Service.
  • To Provide Customer Support: We use your data to respond to and resolve inquiries efficiently, using message content and attachments to understand and address concerns. Lawful basis: performance of a contract with you and our legitimate interest in providing effective customer support.
  • To Comply with Legal Obligations: We may process your data to comply with applicable laws, regulations, and legal processes, including responding to lawful requests from public authorities. Lawful basis: compliance with a legal obligation.
  • To Protect Your Vital Interests: In certain situations, we may process your data to protect your vital interests or those of another person, ensuring your safety and security in emergency situations. Lawful basis: protection of vital interests.
  • To Conduct Marketing Activities: With your consent, we may use your data to send promotional materials and updates about our Service, including special offers and new features. Lawful basis: your consent, which you can withdraw at any time.
  • To Enforce Our Terms and Policies: We may use your data to enforce our terms and policies, investigating potential violations and taking appropriate action. Lawful basis: our legitimate interest in maintaining the integrity and security of our Service.

3. Data Sharing

We may share your data with third parties under specific circumstances. This includes third-party service providers who assist us in operating our Service, such as hosting providers, analytics services, and customer support platforms. These providers are obligated to protect your data and use it only for purposes specified by us. Details can be found on our Sub-processors page. We may also disclose your data if required to do so by law or in response to valid requests by public authorities.

4. Data Retention

We retain your personal data only for as long as necessary for the purposes set out in this Privacy Policy:

  • Contact information and communication data: retained for 12 months to respond to inquiries and provide customer support
  • Usage data and technical data: retained for 6 months to analyze and improve our Service
  • Cached data previews: retained temporarily to enhance user experience and periodically cleared

We regularly review our data retention periods to ensure we are not keeping your data longer than necessary.

5. Data Access

Access to your data is restricted to authorized personnel within Athenic AI. Our team of engineers, responsible for maintaining and improving the Service, have access to your data. Access is granted based on the principle of least privilege, ensuring only those who need access for specific tasks are granted permission. Third-party service providers may also have access to your data and are obligated to protect it and use it only for specified purposes. We implement strict access controls and regularly review permissions.

6. Data Security

We take the security of your data very seriously and implement a variety of measures to protect it:

  • We use encryption to protect your data both in transit and at rest
  • Our servers are hosted in secure cloud environments with robust physical and electronic security measures
  • We implement strict access controls including strong passwords, multi-factor authentication, and regular access reviews
  • We conduct regular security audits and assessments to identify and address potential vulnerabilities

We value your trust in providing us your Personal Information and strive to use commercially acceptable means of protecting it. However, no method of transmission over the internet or method of electronic storage is 100% secure and reliable, and we cannot guarantee its absolute security.

7. Handling Data Requests

If you contact us regarding your data, we will verify your identity to ensure we are communicating with the correct individual. We will handle your data request in accordance with our policies and applicable laws, which may include providing you with access to your data, correcting any inaccuracies, or deleting your data upon request.

8. Our Role and Obligations as a Data Controller and Processor

Athenic AI may act as both a data controller and a data processor, depending on the context in which we handle your personal data.

As a Data Controller:

When we determine the purposes and means of processing your personal data, we act as a data controller. This includes data such as your email address, usage data, and technical data collected through our website and services. Our obligations as a data controller include:

  • Lawful Processing: We ensure that all personal data is processed lawfully, fairly, and transparently, providing clear information about the purposes of data collection and the lawful basis for processing.
  • Data Minimization: We collect only the personal data that is necessary for the specified purposes and ensure that it is adequate, relevant, and limited to what is necessary.
  • Accuracy: We take reasonable steps to ensure that the personal data we hold is accurate and, where necessary, kept up to date. We promptly rectify any inaccuracies upon request.
  • Data Retention: We retain personal data only for as long as necessary for the purposes for which it was collected, in accordance with our data retention policy.
  • Data Security: We implement appropriate technical and organizational measures to protect personal data against unauthorized access, loss, or destruction.
  • Data Subject Rights: We respect and facilitate the exercise of data subject rights, including the right of access, rectification, erasure, restriction of processing, objection to processing, and data portability.

As a Data Processor:

When we process personal data on behalf of our users, we act as a data processor. This includes connecting to user databases, running queries through OpenAI, executing SQL queries on their databases, and returning results. Our obligations as a data processor include:

  • Processing Instructions: We process personal data only on the documented instructions of the data controller (our users).
  • Confidentiality: We ensure that all personnel authorized to process personal data are bound by confidentiality obligations.
  • Security Measures: We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including measures to protect against unauthorized access, loss, or destruction of personal data.
  • Sub-processors: We ensure that any sub-processors we engage are subject to the same data protection obligations. If you wish to subscribe to notifications about changes in sub-processors, please contact us at privacy@athenic.com.
  • Assistance to Data Controller: We assist the data controller in fulfilling their obligations, including responding to data subject requests and ensuring compliance with data security and breach notification requirements.
  • Data Breach Notification: We promptly notify the data controller of any personal data breach and provide all necessary information to facilitate compliance with data breach notification requirements.
  • Data Deletion or Return: Upon termination of the processing services, we will, at the choice of the data controller, delete or return all personal data and delete existing copies, unless retention is required by law.

If you have any questions about our role and obligations as a data controller or processor, please contact us at privacy@athenic.com.

9. Cookies

Cookies are files with a small amount of data that is commonly used as an anonymous unique identifier. These are sent to your browser from the website that you visit and are stored on your computer's hard drive.

Our website uses these "cookies" to collect information and to improve our Service. You have the option to either accept or refuse these cookies, and know when a cookie is being sent to your computer. If you choose to refuse our cookies, you may not be able to use some portions of our Service.

For more general information on cookies, please read "What Are Cookies"

10. Links to Other Sites

Our Service may contain links to other sites. If you click on a third-party link, you will be directed to that site. Note that these external sites are not operated by us. Therefore, we strongly advise you to review the Privacy Policy of these websites. We have no control over, and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.

11. Children's Privacy

Our Services do not address anyone under the age of 13. We do not knowingly collect personal identifiable information from children under 13. In the case we discover that a child under 13 has provided us with personal information, we immediately delete this from our servers. If you are a parent or guardian and you are aware that your child has provided us with personal information, please contact us so that we will be able to do necessary actions.

12. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. Thus, we advise you to review this page periodically for any changes. We will notify you of any changes by posting the new Privacy Policy on this page. These changes are effective immediately, after they are posted on this page.

13. Restrictions on Use

While using the Service, you will comply with all applicable laws, rules and regulations. Your use of the Service is conditioned on your compliance with the restrictions listed below. Any failure to comply may result in termination of your access to the Service, at Athenic AI sole discretion. In using the Service, you agree that you will not, and will not allow or authorize any third party to:

Input, distribute, upload, post, email, transmit or otherwise make available any content through the Service.

14. California-Specific Disclosures

These California-specific disclosures apply solely to individual residents of the State of California, within the scope of the California Consumer Privacy Act of 2018 ("CCPA") as amended by the California Privacy Rights Act ("CPRA"). In addition, we may not be able to process your request if you do not provide us with sufficient detail to allow us to confirm your identity or understand and respond to it.

For purposes of this section, the term "Personal Information" has the meaning given to "personal data," "Personal Information," or other similar terms in the CCPA and does not include information exempted from the scope of the CCPA, such as publicly available information. "Sensitive Personal Information" has the meaning given to such term in the CCPA.

Your Privacy Rights:

We do not "sell" or "share" Personal Information as those terms are defined in the CCPA (and have not done so during the prior 12 months). We do not engage in any "Profiling" (as such term is defined under the CCPA) in furtherance of decisions that produce legal or similarly significant effects about you, where regulated by the CCPA. We also do not use or disclose Sensitive Personal Information for purposes that California residents have a right to limit under the CCPA, and where required by applicable law, we obtain your consent before we collect Sensitive Personal Information from you.

  • Right to Know: You have the right to request disclosure of Personal Information that we collect about you and how it is used and shared.
  • Right to Correct: You may request to correct inaccurate Personal Information that we have collected about you.
  • Right to Request Deletion: You may ask us to delete certain Personal Information that we have collected from you.
  • Right to Opt-Out of Sale of Personal Information: You have the right to opt out of the sale of your Personal Information. Please note that we do not sell any Personal Information.
  • Right to Limit Disclosure: You have the right to limit the use and disclosure of Sensitive Personal Information about you.
  • Right to Non-discrimination: You are entitled to exercise the rights described above free from discrimination as prohibited by applicable law.

Exercising your rights:

If you would like to exercise any of these rights, please contact us as set forth in "Contact Us" below. We will process such requests in accordance with applicable laws. To verify your identity, we may require government identification, a declaration under penalty of perjury, or other information, where permitted by law.

15. Subject Access Request (GDPR)

If you are a resident in the European Economic Area, under European Union law, including the provisions of the General Data Protection Regulation (GDPR), or if you are a resident of the United Kingdom, under the Data Protection Act 2018, you have several rights regarding your personal data. These rights include:

  • Right of Access: You have the right to access the personal data we hold about you. This is known as a Subject Access Request (SAR). To initiate a SAR, please email us. In your email, please include the following information to help us process your request efficiently:
    • The email address associated with your account
    • A description of the information you are requesting

We will respond to your request within the time frame required by GDPR, typically within one month.

  • Right to Rectification: You have the right to request the correction of any inaccurate or incomplete personal data we hold about you. If you believe that any information we have is incorrect or incomplete, please contact us to make the necessary corrections.
  • Right to Erasure: Also known as the "right to be forgotten," you have the right to request the deletion of your personal data under certain circumstances, such as when the data is no longer necessary for the purposes for which it was collected or if you withdraw your consent.
  • Right to Restriction of Processing: You have the right to request the restriction of processing your personal data under certain conditions, such as when you contest the accuracy of the data or object to the processing.
  • Right to Object to Processing: You have the right to object to the processing of your personal data for certain purposes, such as direct marketing or when processing is based on legitimate interests.
  • Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller, where technically feasible.

To exercise any of these rights, please contact us at privacy@athenic.com. We will respond to your request within the time frame required by GDPR, typically within one month. If we are unable to comply with your request, we will provide an explanation.

16. Contact

Email: privacy@athenic.com

Address: 1440 Broadway, STE 800, Oakland, CA 94612

Our EU Representative:

Under Article 27 of the GDPR, we have appointed an EU Representative to act as our data protection agent. Our nominated EU Representative is:

Instant EU GDPR Representative Ltd.
Adam Brogden
contact@gdprlocal.com
Tel +35315549700

Data & Work
Athenic AI

Automating the future of work.

SOC 2 Type II Attested
Company
Customers
Resources
PricingDocsSupport
Legal
Terms of ServiceCookie PolicyPrivacy Policy
© 2026 Athenic, Inc.