Skip to main content

Privacy Policy

Last updated:

Who we are

Athena Information Technology Services LLC ("Athena IT", "we", "us", or "our") is a managed IT services provider headquartered in San Francisco, California. We operate www.athenait.ai ("the Site"). This Privacy Policy explains what information we collect, how we use it, who we share it with, and what rights you have over it.

Athena Information Technology Services LLC

2261 Market St, STE 85291, San Francisco, CA 94114

[email protected] · (510) 224-4906

Information we collect

Information you provide directly

When you submit our contact form, we collect the following fields:

  • Full name
  • Work email address
  • Company name
  • Company size (range)
  • Phone number (optional)
  • Your message or inquiry

You are not required to submit the form to browse the Site. We collect only what you voluntarily provide.

Information collected automatically

When you visit the Site, our infrastructure provider Cloudflare automatically processes your IP address, browser type, referral URL, and request metadata in order to deliver pages and protect against abuse. This processing is inherent to serving any website over the internet. We also use analytics tools described below that collect aggregated, pseudonymous usage data.

How we use your information

  • Respond to inquiries. When you contact us, we use your name, email, company information, and message to reply to your request, answer questions, and schedule consultations.
  • Deliver services. If you become a client, information you provided at contact forms the basis of your service onboarding. That ongoing relationship is governed by a separate Master Services Agreement (MSA).
  • Improve the Site. Aggregated analytics data helps us understand which pages are useful, where visitors have questions, and how to improve clarity and navigation.
  • Security and infrastructure. Cloudflare processes request data to block malicious traffic, prevent DDoS attacks, and ensure reliable delivery of the Site.
  • Legal compliance. We retain records as required by applicable federal, state, and local law.

We do not sell, rent, or trade your personal information to any third party.

Service providers we work with

We share your information only with the vendors required to operate the Site. Each is contractually bound to use your data solely to provide their service to us.

  • Cloudflare, Inc. — Hosts the Site on Cloudflare Pages, provides CDN, DDoS protection, WAF, bot management, and web analytics. Cloudflare processes request-level data (IP address, request headers) in accordance with its Privacy Policy. Cloudflare is certified under the EU–US Data Privacy Framework.

  • Google LLC (Google Analytics 4). — When our analytics token is configured, GA4 collects pseudonymous usage data (pages visited, session duration, device type, general location). GA4 does not receive your name, email, or contact form content. You can opt out at any time using Google's browser opt-out add-on. See also our Cookie Policy.

  • Resend, Inc. — When configured, Resend delivers your contact form submission to our team as an email. Resend receives your name, work email, company, and message for this sole purpose. See Resend's Privacy Policy.

We may disclose your information to law enforcement or regulatory authorities where required by law, or to protect the rights, safety, or property of Athena IT, our clients, or the public.

Cookies and tracking technologies

We use cookies for analytics and necessary site infrastructure. For a complete list of cookies set on this Site, their purpose, retention period, and how to manage or opt out of them, please see our Cookie Policy.

How long we keep your data

  • Contact form submissions are retained in our team email system for up to 3 years from last contact, or for the duration of the associated client relationship plus 2 years, whichever is longer.
  • Google Analytics data is retained for 14 months per default GA4 settings, after which it is aggregated and anonymized.
  • Cloudflare infrastructure logs are retained per Cloudflare's own schedule (typically ≤ 25 hours for free-tier request logs).

We delete data sooner when you request erasure and we are not legally required to retain it.

How we protect your data

The Site is served exclusively over HTTPS with TLS. Cloudflare enforces HSTS, operates a WAF, and applies bot management to all requests. Contact form data is transmitted over encrypted connections directly to our team email. We apply the same layered security controls to our own infrastructure that we recommend to our managed IT clients.

No transmission or storage method is 100% secure. If you have reason to believe your data has been compromised, notify us immediately at [email protected].

Your privacy rights

California residents (CCPA / CPRA)

As a California-based company, we respect the rights of California residents under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

  • Right to know what personal information we have collected and how it is used or shared
  • Right to delete personal information we hold (subject to legal retention requirements)
  • Right to correct inaccurate personal information
  • Right to opt out of the sale or sharing of personal information — we do not sell or share your data
  • Right to limit use of sensitive personal information — we do not collect sensitive data
  • Right to non-discrimination for exercising your privacy rights

EEA and UK visitors (GDPR / UK GDPR)

Our primary market is the United States. If you are located in the EEA or UK and reach out to us, we process your contact information on the basis of our legitimate interest in responding to genuine business inquiries (Article 6(1)(f) GDPR). You have the right to: access a copy of your data; correct inaccurate data; request erasure; restrict or object to processing; and data portability. You also have the right to lodge a complaint with your supervisory authority.

To exercise any right, email [email protected] with "Privacy Request" in the subject. We respond within 30 days (45 days for complex requests, with notice).

Children's privacy

The Site is directed at business professionals. We do not knowingly collect personal information from anyone under 18. If we learn we have received data from a minor, we will delete it promptly. Contact us at [email protected] if you have concerns.

Third-party links

The Site links to external resources such as documentation from Microsoft, Google, AWS, HIPAA.gov, and AICPA. We have no control over the content or privacy practices of those sites and encourage you to review their policies independently.

Changes to this policy

We may revise this policy at any time. We update the "Last updated" date at the top of the page when we do. For material changes — such as new categories of data collection or new sharing arrangements — we will notify active clients by email at least 14 days before the change takes effect. Continued use of the Site after the effective date constitutes acceptance of the updated policy.

Contact us

For questions about this policy, data access requests, or privacy concerns:

Athena Information Technology Services LLC

2261 Market St, STE 85291, San Francisco, CA 94114

[email protected]

(510) 224-4906

For security vulnerability disclosures: [email protected]