News
News RoomLatest announcementsPressMedia & coverage
Leadership
Leadership TeamWho runs Athena AgenticAdvisorsStrategic advisors
Athena
Platform OverviewThe whole Athena platformAegisAutonomous detection & responseVigil24/7 agentic SOCCitadelSecurity technology management
Partners
Partner ProgramTiers, benefits, co-sellPartner PortalDeal reg & enablement
Careers
Open RolesBuild the lights-out SOCLife at Athena AgenticHow we work
Request a briefing
Legal · Privacy

Privacy Policy

Last updated: 14 June 2026  ·  Effective: 14 June 2026

This document is a comprehensive legal framework draft. It must be reviewed and approved by licensed attorneys before publication and enforcement. It does not constitute legal advice.

1. Introduction and Scope

Athena Agentic, Inc. ("Athena Agentic", "we", "us") provides the Athena Agentic Platform and the Aegis, Vigil, and Citadel services (collectively, the "Platform"). This Privacy Policy describes how we collect, use, disclose, retain, and protect personal data when you visit our website at athenaagentic.com, request a briefing or information, apply for employment or a partnership, use the Platform, or otherwise interact with us.

Customer Data and Customer Content processed by us on behalf of enterprise customers is governed by the applicable Customer Agreement and Data Processing Agreement, not by this Privacy Policy. Enterprise customers retain ownership of their Customer Data and Customer Content.

2. Data Controller

Athena Agentic, Inc.
Email: Privacy@athenaagentic.com
For privacy inquiries or data subject requests, please use subject line "Privacy Request."

3. Definitions

Customer Data means data submitted to, processed by, or stored within the Platform by or on behalf of a Customer, including security telemetry, alert data, incident data, asset data, and vulnerability data.

Customer Content means files, documents, reports, configurations, and other content created, uploaded, or stored by a Customer within the Platform.

Usage Data means data about how users interact with the Platform and Website, including feature usage, navigation patterns, and session data.

Aggregated Data means data combined from multiple sources in statistical form such that no individual or customer can be identified. Anonymised Data means data irreversibly de-identified such that re-identification is not reasonably practicable.

Derived Data means analytical insights generated from Platform Data, Telemetry Data, and Usage Data after Customer Data has been removed or anonymised.

4. Data We Collect

Information you provide: name, work email, company, job title, and message when you submit a form; account registration data; job application data; support correspondence.

Automatically collected data: pages visited, referring URL, browser and device type, IP addresses, timestamps, and log data collected for security and operational purposes.

Customer and Platform Data: for enterprise customers, we process Customer Data solely as a data processor under the applicable Customer Agreement and Data Processing Agreement. Platform Data, Telemetry Data, and Usage Data are collected from Platform operations for platform operations and improvement.

5. How We Use Personal Data

We use personal data to respond to inquiries and briefing requests; provide, operate, and support the Platform; manage accounts and authentication; monitor security and respond to incidents; improve the Platform using Aggregated or Anonymised Data; process job applications; and comply with legal obligations. We do not sell personal data. We do not use personal data to train AI or machine learning models without explicit written consent.

6. Data Ownership

Customers retain full ownership of Customer Data and Customer Content. We act solely as a data processor with respect to Customer Data. Athena Agentic owns Platform Intellectual Property, Platform Data, Telemetry Data, Derived Insights, Aggregated Data, and Anonymised Data.

7. Cookies and Tracking

We use essential cookies required for Website and Platform function (session management, security tokens, authentication). Non-essential analytics are opt-in only. We request consent before setting any non-essential cookies. You may control cookies through your browser settings.

8. Sharing and Disclosure

We do not sell, rent, or trade personal data. We may share personal data with: (a) vetted service providers and sub-processors bound by data processing agreements; (b) as required by applicable law, court order, or governmental authority (with notice to you where legally permissible); (c) to protect rights, property, or safety including fraud prevention; (d) in connection with a business transfer such as merger or acquisition; or (e) with your prior written consent. A current sub-processor list is available upon request.

9. International Data Transfers

For transfers of personal data from the EEA or UK to countries not subject to an adequacy decision, we rely on Standard Contractual Clauses (EU Commission Decision 2021/914/EU) for EEA transfers, and UK International Data Transfer Agreements (IDTAs) or UK Addendum to EU SCCs for UK transfers, supplemented by Transfer Impact Assessments and appropriate technical measures.

For Canada, we comply with PIPEDA and applicable provincial privacy laws including Quebec Law 25. For Australia, we comply with the Privacy Act 1988 (Cth) and Australian Privacy Principles (APPs). Copies of applicable transfer safeguards are available upon request.

10. California Privacy Rights (CCPA / CPRA)

California residents have the right to: know what personal data we collect and how we use it; delete their personal data (subject to exceptions); correct inaccurate personal data; opt out of sale or sharing (we do not sell personal data); limit use of sensitive personal information; and be free from discrimination for exercising these rights. To submit a California privacy request, contact Privacy@athenaagentic.com with subject "California Privacy Request." We respond within 45 days (extendable by 45 days with notice).

11. European and UK Data Subject Rights (GDPR / UK GDPR)

If you are located in the EEA or UK, you have rights under the GDPR or UK GDPR including: access (Art. 15); rectification (Art. 16); erasure (Art. 17); restriction of processing (Art. 18); data portability (Art. 20); objection (Art. 21); and rights regarding automated decision-making (Art. 22). Contact us at Privacy@athenaagentic.com with subject "Data Subject Request: GDPR." We respond within 30 days (GDPR) / one month (UK GDPR), extendable by two months. You may also lodge a complaint with your local supervisory authority or the Information Commissioner's Office (UK).

12. Canadian Privacy Rights

If you are located in Canada, you have rights under PIPEDA and applicable provincial privacy legislation (including Quebec Law 25 / Bill 64), including rights of access, correction, and complaint. Contact us at Privacy@athenaagentic.com.

13. Australian Privacy Rights

If you are located in Australia, you have rights under the Privacy Act 1988 (Cth) and Australian Privacy Principles, including rights of access and correction, and the right to complain to the Office of the Australian Information Commissioner (OAIC). Contact us at Privacy@athenaagentic.com.

14. Data Retention

We retain personal data only as long as necessary for the purposes described: inquiry and briefing data up to 36 months; customer account data for the duration of the relationship plus applicable legal period; job application data up to 12 months if unsuccessful; security and audit logs as required by applicable law. Anonymised and Aggregated Data may be retained indefinitely.

15. Security

We implement appropriate technical and organisational security measures including encryption in transit (TLS 1.2+) and at rest, schema-per-tenant data isolation, role-based access control (RBAC), enterprise SSO with multi-factor authentication, full audit logging, vulnerability management, and incident response procedures. No transmission or storage system is completely secure; we encourage strong passwords and prompt notification of suspected security incidents.

16. Children's Privacy

The Website and Platform are not directed to individuals under 16. We do not knowingly collect personal data from children under 16. If we become aware of such collection, we will delete it promptly.

17. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be notified by updating the "Last updated" date and, where required by applicable law, through additional notice. Continued use of the Website or Platform after the effective date constitutes acceptance of the revised Policy.

18. Contact

For privacy inquiries, data subject requests, or to request a copy of applicable transfer safeguards or sub-processor agreements:
Athena Agentic, Inc.
Email: Privacy@athenaagentic.com  ·  Subject: Privacy Request

Source of truth: /docs/legal/PrivacyPolicy.md  ·  See Terms of Service