GDPR Privacy Policy

1. Introduction

Athena Security (“we,” “our,” or “us”) is committed to protecting your privacy and ensuring the security of your personal data. This Privacy Policy explains how we collect, use, process, and protect your personal information in accordance with the General Data Protection Regulation (GDPR) and other applicable data protection laws. By using our weapons detection platform, requesting a demo, or interacting with our website, you agree to the collection and use of information in accordance with this policy.

2. Data Controller Information

3. Personal Data We Collect

We collect and process the following categories of personal data:

3.1 Information You Provide Directly

• Contact Information: Name, email address, phone number, company name, job title
• Demo Requests: Information submitted when requesting a product demonstration
• Communication Data: Content of messages, inquiries, feedback, or support requests
• Account Information: Login credentials, preferences, and settings (if applicable)
• Business Information: Company size, industry, security requirements, facility details

3.2 Information Collected Automatically

• Technical Data: IP address, browser type, device information, operating system
• Usage Data: Pages visited, time spent on pages, navigation paths, referral sources
• Cookies and Tracking: Information collected through cookies and similar technologies (see Cookie Policy section)
• Analytics Data: Aggregated statistics about website performance and user behavior

3.3 Information from Third Parties

• Business Partners: Information from security consultants, resellers, or integration partners
• Publicly Available Sources: Business contact information from professional networks (LinkedIn)
• Marketing Platforms: Data from LinkedIn, Google Ads, or other marketing channels

4. Legal Basis for Processing

We process your personal data based on the following legal grounds under GDPR:

4.1 Consent (Article 6(1)(a) GDPR)

• Marketing communications
• Non-essential cookies and tracking
• Newsletter subscriptions

4.2 Contractual Necessity (Article 6(1)(b) GDPR)

• Processing demo requests
• Providing customer support
• Delivering our weapons detection services
• Managing client relationships

4.3 Legitimate Interests (Article 6(1)(f) GDPR)

• Website security and fraud prevention
• Improving our products and services
• Analytics and business intelligence
• Direct marketing to business contacts (B2B)

4.4 Legal Obligation (Article 6(1)(c) GDPR)

• Compliance with security regulations
• Meeting Department of Homeland Security (DHS) requirements
• Responding to legal requests

5. How We Use Your Personal Data

We use your personal data for the following purposes:

5.1 Service Delivery

• Processing and responding to demo requests
• Providing technical support and assistance
• Delivering our weapons detection solutions
• Managing customer accounts and subscriptions

5.2 Communication

• Sending service-related notifications
• Responding to inquiries and support requests
• Providing product updates and security alerts
• Sharing case studies and industry insights

5.3 Marketing (with your consent)

• Sending newsletters and promotional materials
• Conducting targeted advertising campaigns
• Analyzing marketing campaign effectiveness
• Retargeting website visitors

5.4 Business Operations

• Analyzing website usage and performance
• Improving our products and services
• Conducting research and development
• Ensuring platform security and integrity
• Preventing fraud and unauthorized access

5.5 Legal Compliance

• Meeting regulatory requirements
• Responding to legal requests and court orders
• Protecting our legal rights
• Enforcing our terms of service

6. Data Sharing and Disclosure

We do not sell your personal data. We may share your information with:

6.1 Service Providers

• Cloud Hosting: AWS, Google Cloud, or similar infrastructure providers
• Email Services: Marketing automation and email delivery platforms
• Analytics Providers: Google Analytics, LinkedIn Insights
• CRM Systems: Customer relationship management platforms
• Payment Processors: For transaction processing (if applicable)

All service providers are contractually bound to protect your data and use it only for specified purposes.

6.2 Business Partners

• Authorized resellers and distributors
• Security integration partners
• Professional service providers

6.3 Legal Requirements

We may disclose your personal data when required by law, regulation, legal process, or governmental request, or to:

• Enforce our terms and conditions
• Protect our rights, property, or safety
• Prevent fraud or security threats
• Comply with DHS or security regulations

6.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your personal data may be transferred to the acquiring entity.

7. International Data Transfers

Athena Security is based in the United States. If you are accessing our services from outside the US, your personal data may be transferred to, stored, and processed in the United States or other countries. We ensure appropriate safeguards are in place for international data transfers:

• Standard Contractual Clauses (SCCs): EU-approved data transfer mechanisms
• Adequacy Decisions: Transfers to countries with adequate data protection
• Privacy Shield (if applicable): For US-EU data transfers
• Data Processing Agreements: With all international service providers

8. Data Retention

We retain your personal data only as long as necessary for the purposes outlined in this policy:

• Demo Requests: 2 years from last contact
• Customer Data: Duration of relationship + 7 years (for legal/financial records)
• Marketing Data: Until consent is withdrawn or 3 years of inactivity
• Website Analytics: Aggregated data retained indefinitely; individual data 26 months
• Support Tickets: 3 years after resolution
• Legal Records: As required by applicable laws (typically 7-10 years)

After retention periods expire, we securely delete or anonymize your personal data.

9. Your GDPR Rights

Under GDPR, you have the following rights regarding your personal data:

9.1 Right of Access (Article 15)

Request a copy of the personal data we hold about you.

9.2 Right to Rectification (Article 16)

Request correction of inaccurate or incomplete personal data.

9.3 Right to Erasure (Article 17)

Request deletion of your personal data (“right to be forgotten”) when:

• Data is no longer necessary for its original purpose
• You withdraw consent
• You object to processing
• Data was unlawfully processed

9.4 Right to Restriction (Article 18)

Request limitation of processing in certain circumstances.

9.5 Right to Data Portability (Article 20)

Receive your personal data in a structured, machine-readable format.

9.6 Right to Object (Article 21)

Object to processing based on legitimate interests or for direct marketing.

9.7 Rights Related to Automated Decision-Making (Article 22)

Right not to be subject to decisions based solely on automated processing.

9.8 Right to Withdraw Consent

Withdraw consent at any time where processing is based on consent.

9.9 Right to Lodge a Complaint

File a complaint with your local data protection authority.

10. Data Security

We implement appropriate technical and organizational measures to protect your personal data:

10.1 Technical Measures

• Encryption: SSL/TLS encryption for data in transit; AES-256 encryption for data at rest
• Access Controls: Role-based access with multi-factor authentication
• Firewalls: Network security and intrusion detection systems
• Regular Updates: Security patches and software updates
• Monitoring: 24/7 security monitoring and threat detection

10.2 Organizational Measures

• Staff Training: Regular data protection and security training
• Background Checks: Screening of personnel with data access
• Data Minimization: Collecting only necessary personal data
• Privacy by Design: Implementing privacy controls from the outset
• Incident Response: Documented breach notification procedures

10.3 Third-Party Security

All service providers must maintain appropriate security measures and undergo regular security audits.

11. Cookie Policy

11.1 What Are Cookies?

Cookies are small text files stored on your device when you visit our website. They help us provide a better user experience and analyze website performance.

11.2 Types of Cookies We Use

Essential Cookies (Always Active)

Purpose: Enable core website functionality Examples: Session management, security tokens, load balancing Legal Basis: Legitimate interest (necessary for service delivery) Retention: Session or up to 1 year

Performance & Analytics Cookies

Purpose: Understand how visitors use our website Examples: Google Analytics, heat mapping, performance monitoring Legal Basis: Consent Retention: Up to 26 months Third Parties: Google LLC

Functional Cookies

Purpose: Remember your preferences and settings Examples: Language preferences, chat widgets, video players Legal Basis: Consent Retention: Up to 1 year Third Parties: Various service providers

Marketing & Targeting Cookies

Purpose: Deliver relevant advertising and measure campaign effectiveness Examples: LinkedIn Insight Tag, Google Ads, Facebook Pixel, remarketing Legal Basis: Consent Retention: Up to 13 months Third Parties: LinkedIn, Google, Meta/Facebook

11.3 Managing Cookies

You can manage cookie preferences through:

• Our Cookie Banner: Select your preferences when first visiting our site
• Cookie Settings Link: Update preferences at any time
• Browser Settings: Disable cookies through your browser (may affect functionality)

11.4 Third-Party Cookies

We use cookies from trusted third parties:

Service	Purpose	Privacy Policy
Google Analytics	Website analytics	Google Privacy Policy
LinkedIn Insight	B2B marketing analytics	LinkedIn Privacy Policy
Google Ads	Advertising and conversion tracking	Google Privacy Policy
Facebook Pixel	Social media advertising	Meta Privacy Policy

12. Children’s Privacy

Our weapons detection services are designed for business and institutional use. We do not knowingly collect personal data from children under 16. If we become aware that we have collected data from a child without parental consent, we will take steps to delete such information.

13. Do Not Track Signals

Some browsers support “Do Not Track” (DNT) signals. Our website does not currently respond to DNT signals, but you can manage your privacy preferences through our cookie consent banner.

14. Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or business operations. We will:

• Update the “Last Updated” date at the top of this policy
• Notify you of material changes via email (if you’ve provided contact information)
• Post prominent notices on our website for significant changes

We encourage you to review this policy regularly to stay informed about how we protect your data.

15. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• Right to know what personal information is collected
• Right to know if personal information is sold or disclosed
• Right to opt-out of the sale of personal information
• Right to deletion
• Right to non-discrimination

16. Contact Information

For questions, concerns, or to exercise your data protection rights:

17. Legal Disclaimer