Privacy Policy

1. Introduction

Maxed Labs Ltd trading as Athenic ("Athenic", "we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered business intelligence platform and services.

By using our service, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with our policies and practices, please do not use our services.

2. Information We Collect

2.1 Information You Provide

We collect information that you voluntarily provide to us when you:

• Register for an account (name, email address, organization details)
• Use our AI services (queries, prompts, uploaded documents, and files)
• Connect third-party integrations (authentication credentials, API keys)
• Contact us for support (correspondence and attachments)
• Participate in surveys or provide feedback

2.2 Automatically Collected Information

When you access our service, we automatically collect certain information, including:

• Device information (IP address, browser type, operating system)
• Usage data (pages visited, features used, time spent, click patterns)
• Cookies and similar tracking technologies
• Log data (access times, error logs, performance metrics)

2.3 AI Training Data

We may collect and analyze aggregated, anonymized usage patterns to improve our AI models and services. We do not use your specific personal data or proprietary business information to train AI models that are shared with other users.

3. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve our AI services
• Process your requests and deliver AI-generated insights
• Manage your account and provide customer support
• Send you technical notices, updates, and security alerts
• Respond to your comments, questions, and requests
• Monitor and analyze usage patterns and trends
• Detect, prevent, and address technical issues and security threats
• Comply with legal obligations and enforce our Terms of Service
• Develop new features and improve our AI capabilities

4. Data Sharing and Disclosure

4.1 Third-Party Service Providers

We may share your information with third-party service providers who perform services on our behalf, including:

• Cloud infrastructure providers (hosting and storage)
• AI and machine learning services (OpenAI, Anthropic, and similar)
• Analytics providers (usage tracking and performance monitoring)
• Payment processors (billing and subscription management)
• Customer support tools

These service providers are contractually obligated to protect your information and use it only for the purposes we specify.

4.2 Third-Party Integrations

When you connect third-party services to Athenic, we may access and process data from those services as necessary to provide our AI functionality. This data is handled according to this Privacy Policy and the policies of the third-party service.

4.3 ChatGPT App Integration

Athenic is available as a ChatGPT App through the OpenAI ChatGPT platform. When you use Athenic through ChatGPT:

• ChatGPT acts as a client that connects to our MCP (Model Context Protocol) server
• You authenticate using OAuth 2.1 with PKCE, which creates a secure token for your session
• ChatGPT sends your requests to our API and receives responses on your behalf
• We share with ChatGPT only the information necessary to fulfill your requests (task descriptions, job status, results)
• Your OAuth token is used to ensure that only you can access your organization's data and tools
• We do not share your raw business data, credentials, or API keys with ChatGPT beyond what's needed for the specific request

When using Athenic through ChatGPT, you are also subject to OpenAI's Terms of Service and Privacy Policy. We recommend reviewing OpenAI's policies at openai.com/policies/privacy-policy to understand how they handle data.

4.4 Legal Requirements

We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., court orders, subpoenas, or government regulations).

4.5 Business Transfers

If we are involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will provide notice before your information is transferred and becomes subject to a different privacy policy.

5. Data Security

We implement appropriate technical and organizational security measures to protect your information against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encryption of data in transit and at rest
• Regular security assessments and penetration testing
• Access controls and authentication mechanisms
• Secure development practices and code reviews
• Employee training on data protection and security
• Incident response and breach notification procedures

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee its absolute security.

6. Data Retention

We retain your information for as long as necessary to provide our services and fulfill the purposes outlined in this Privacy Policy. We will retain and use your information to the extent necessary to:

• Comply with legal obligations
• Resolve disputes and enforce our agreements
• Maintain business records and analytics
• Provide you with historical data access

When your account is deleted, we will delete or anonymize your personal information within a reasonable timeframe, unless we are required to retain it by law.

7. Your Privacy Rights

Depending on your location, you may have the following rights regarding your personal information:

• Access: Request access to the personal information we hold about you
• Correction: Request correction of inaccurate or incomplete information
• Deletion: Request deletion of your personal information
• Portability: Request a copy of your data in a structured, machine-readable format
• Restriction: Request restriction of processing of your personal information
• Objection: Object to our processing of your personal information
• Withdraw Consent: Withdraw consent where we rely on it to process your data

To exercise these rights, please contact us at getathenic.com/contact. We will respond to your request within a reasonable timeframe and in accordance with applicable law.

8. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that are different from the laws of your country.

When we transfer your information internationally, we implement appropriate safeguards to ensure your data is protected in accordance with this Privacy Policy and applicable data protection laws.

9. Children's Privacy

Our service is not intended for children under the age of 16. We do not knowingly collect personal information from children under 16. If you become aware that a child has provided us with personal information, please contact us, and we will take steps to delete such information.

10. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to track activity on our service and store certain information. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some parts of our service.

Types of cookies we use:

• Essential Cookies: Required for the service to function properly
• Analytics Cookies: Help us understand how users interact with our service
• Preference Cookies: Remember your settings and preferences
• Security Cookies: Used for authentication and fraud prevention

11. AI and Machine Learning Specific Practices

Given the AI-powered nature of our service, we want to be transparent about how we handle your data in the context of machine learning:

• Your queries and interactions may be processed by third-party AI providers (such as OpenAI) to generate responses
• We use aggregated, anonymized data to improve our AI models and service quality
• Your specific prompts and business data are not used to train models that serve other customers
• We implement measures to prevent AI models from memorizing or reproducing your confidential information
• You can request deletion of your AI interaction history at any time

12. Third-Party Links

Our service may contain links to third-party websites or services that are not operated by us. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services. We encourage you to review the privacy policy of every site you visit.

13. California Privacy Rights (CCPA)

If you are a California resident, you have specific rights regarding your personal information under the California Consumer Privacy Act (CCPA):

• Right to know what personal information is collected, used, shared, or sold
• Right to delete personal information held by us
• Right to opt-out of the sale of personal information (we do not sell personal information)
• Right to non-discrimination for exercising your CCPA rights

14. European Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA) or the United Kingdom, you have certain data protection rights under the General Data Protection Regulation (GDPR). We process your personal data based on the following legal grounds:

• Contract: Processing necessary to perform our contract with you
• Consent: You have given consent for specific processing activities
• Legitimate Interests: Processing necessary for our legitimate business interests
• Legal Obligation: Processing necessary to comply with legal requirements

15. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date.

We will provide you with reasonable notice before any material changes take effect. Your continued use of the service after such modifications constitutes your acknowledgment of the modified Privacy Policy.