Privacy Policy

 

Effective Date: October 27, 2025

 

 

1. Overview

 

Aten Security (“Aten,” “we,” “our,” or “us”) provides an AI-native communication-security platform that helps regulated organizations monitor and secure non-email communications. This Privacy Policy explains how we collect, use, store, and protect information when you or your organization use our products and services.

By accessing Aten Security’s platform, you agree to this Policy and, where applicable, to our Terms of Service.

 

 

2. Information We Collect

 

We collect and process data necessary to deliver secure, compliant, and auditable communication monitoring:

  • Employee communications data – messages, attachments, and metadata from connected platforms such as Slack, Microsoft Teams, Discord, Telegram, and WhatsApp.
  • Account information – names, email addresses, authentication tokens, role-based permissions, and organization identifiers.
  • Telemetry and usage data – log files, diagnostic events, and product-usage metrics that help us improve reliability and performance.
  • Audit and compliance records – journaling and immutable event trails required for SEC, FINRA, and other regulatory frameworks.

We do not sell or monetize customer data.

 

 

3. How We Use Information

 

We use information to:

  • Provide, maintain, and improve our services.
  • Detect, prevent, and investigate security threats or policy violations.
  • Support audits, e-discovery, and regulatory obligations.
  • Deliver customer support and service notifications.
  • Conduct anonymized analytics to enhance product quality.

 

 

4. Data Hosting and Regional Storage

 

Aten Security operates on Google Cloud Platform (Cloud Run, Pub/Sub, Cloud Storage, MongoDB Atlas) and Microsoft Azure (AI and Teams integrations).

Customers may select a regional data zone—U.S. West or U.S. East—and data remains within that region unless otherwise agreed in writing.

 

 

5. Legal Bases for Processing

 

Where applicable (e.g., under GDPR), Aten Security processes data under the following legal bases:

  • Performance of a contract (providing our services).
  • Compliance with legal obligations (e.g., SEC/FINRA record-keeping).
  • Legitimate interests (product improvement, security).
  • Consent (for optional features or marketing).

 

 

6. Data Retention and Deletion

 

Data is retained for the duration of the customer agreement or as required by applicable law. Customers may configure retention policies per tenant. Upon termination or written request, Aten Security securely deletes or anonymizes data in compliance with SOC 2 and ISO 27001 standards.

 

 

7. Security and Compliance

 

We maintain a multi-layered security program that includes:

  • Encryption in transit and at rest (AES-256, TLS 1.3).
  • Role-based access controls and least-privilege policies.
  • Continuous monitoring and auditing.
  • Annual SOC 2 Type II and ISO 27001 audits (in progress).
  • Alignment with ISO 42001 (AI Management Systems) and CISA Secure-by-Design principles.

 

 

8. Sharing and Disclosure

 

We may share data only with:

  • Authorized service providers (e.g., cloud infrastructure, AI model providers) under binding agreements.
  • Regulators or law-enforcement agencies as required by law.
  • Customer-designated integrations (such as Global Relay for journaling).

We never sell or exchange personal data for advertising or marketing.

 

 

9. Your Rights

 

Depending on your jurisdiction, you may have rights to access, correct, delete, or export your personal data, and to object to or restrict processing. Requests may be sent to security@aten.security.

 

 

10. International Transfers

 

If data is transferred across regions, we rely on standard contractual clauses and equivalent safeguards.

 

 

11. Children’s Privacy

 

Our services are not directed to individuals under 18. We do not knowingly collect information from minors.

 

 

12. Updates to This Policy

 

We may update this Policy from time to time. Revisions will be posted with a new effective date. Significant changes will be communicated to customers directly.

 

 

Contact Us

Aten Security, Inc.

103 Montgomery St, Building 103

San Francisco, CA 94129

security@aten.security

 

 

 

 

Privacy Policy

 

Effective Date: October 27, 2025

 

 

1. Overview

 

Aten Security (“Aten,” “we,” “our,” or “us”) provides an AI-native communication-security platform that helps regulated organizations monitor and secure non-email communications. This Privacy Policy explains how we collect, use, store, and protect information when you or your organization use our products and services.

By accessing Aten Security’s platform, you agree to this Policy and, where applicable, to our Terms of Service.

 

 

2. Information We Collect

 

We collect and process data necessary to deliver secure, compliant, and auditable communication monitoring:

  • Employee communications data – messages, attachments, and metadata from connected platforms such as Slack, Microsoft Teams, Discord, Telegram, and WhatsApp.
  • Account information – names, email addresses, authentication tokens, role-based permissions, and organization identifiers.
  • Telemetry and usage data – log files, diagnostic events, and product-usage metrics that help us improve reliability and performance.
  • Audit and compliance records – journaling and immutable event trails required for SEC, FINRA, and other regulatory frameworks.

We do not sell or monetize customer data.

 

 

3. How We Use Information

 

We use information to:

  • Provide, maintain, and improve our services.
  • Detect, prevent, and investigate security threats or policy violations.
  • Support audits, e-discovery, and regulatory obligations.
  • Deliver customer support and service notifications.
  • Conduct anonymized analytics to enhance product quality.

 

 

4. Data Hosting and Regional Storage

 

Aten Security operates on Google Cloud Platform (Cloud Run, Pub/Sub, Cloud Storage, MongoDB Atlas) and Microsoft Azure (AI and Teams integrations).

Customers may select a regional data zone—U.S. West or U.S. East—and data remains within that region unless otherwise agreed in writing.

 

 

5. Legal Bases for Processing

 

Where applicable (e.g., under GDPR), Aten Security processes data under the following legal bases:

  • Performance of a contract (providing our services).
  • Compliance with legal obligations (e.g., SEC/FINRA record-keeping).
  • Legitimate interests (product improvement, security).
  • Consent (for optional features or marketing).

 

 

6. Data Retention and Deletion

 

Data is retained for the duration of the customer agreement or as required by applicable law. Customers may configure retention policies per tenant. Upon termination or written request, Aten Security securely deletes or anonymizes data in compliance with SOC 2 and ISO 27001 standards.

 

 

7. Security and Compliance

 

We maintain a multi-layered security program that includes:

  • Encryption in transit and at rest (AES-256, TLS 1.3).
  • Role-based access controls and least-privilege policies.
  • Continuous monitoring and auditing.
  • Annual SOC 2 Type II and ISO 27001 audits (in progress).
  • Alignment with ISO 42001 (AI Management Systems) and CISA Secure-by-Design principles.

 

 

8. Sharing and Disclosure

 

We may share data only with:

  • Authorized service providers (e.g., cloud infrastructure, AI model providers) under binding agreements.
  • Regulators or law-enforcement agencies as required by law.
  • Customer-designated integrations (such as Global Relay for journaling).

We never sell or exchange personal data for advertising or marketing.

 

 

9. Your Rights

 

Depending on your jurisdiction, you may have rights to access, correct, delete, or export your personal data, and to object to or restrict processing. Requests may be sent to security@aten.security.

 

 

10. International Transfers

 

If data is transferred across regions, we rely on standard contractual clauses and equivalent safeguards.

 

 

11. Children’s Privacy

 

Our services are not directed to individuals under 18. We do not knowingly collect information from minors.

 

 

12. Updates to This Policy

 

We may update this Policy from time to time. Revisions will be posted with a new effective date. Significant changes will be communicated to customers directly.

 

 

Contact Us

Aten Security, Inc.

103 Montgomery St, Building 103

San Francisco, CA 94129

security@aten.security

 

 

 

Privacy Policy

 

Effective Date: October 27, 2025

 

 

1. Overview

 

Aten Security (“Aten,” “we,” “our,” or “us”) provides an AI-native communication-security platform that helps regulated organizations monitor and secure non-email communications. This Privacy Policy explains how we collect, use, store, and protect information when you or your organization use our products and services.

By accessing Aten Security’s platform, you agree to this Policy and, where applicable, to our Terms of Service.

 

 

2. Information We Collect

 

We collect and process data necessary to deliver secure, compliant, and auditable communication monitoring:

  • Employee communications data – messages, attachments, and metadata from connected platforms such as Slack, Microsoft Teams, Discord, Telegram, and WhatsApp.
  • Account information – names, email addresses, authentication tokens, role-based permissions, and organization identifiers.
  • Telemetry and usage data – log files, diagnostic events, and product-usage metrics that help us improve reliability and performance.
  • Audit and compliance records – journaling and immutable event trails required for SEC, FINRA, and other regulatory frameworks.

We do not sell or monetize customer data.

 

 

3. How We Use Information

 

We use information to:

  • Provide, maintain, and improve our services.
  • Detect, prevent, and investigate security threats or policy violations.
  • Support audits, e-discovery, and regulatory obligations.
  • Deliver customer support and service notifications.
  • Conduct anonymized analytics to enhance product quality.

 

 

4. Data Hosting and Regional Storage

 

Aten Security operates on Google Cloud Platform (Cloud Run, Pub/Sub, Cloud Storage, MongoDB Atlas) and Microsoft Azure (AI and Teams integrations).

Customers may select a regional data zone—U.S. West or U.S. East—and data remains within that region unless otherwise agreed in writing.

 

 

5. Legal Bases for Processing

 

Where applicable (e.g., under GDPR), Aten Security processes data under the following legal bases:

  • Performance of a contract (providing our services).
  • Compliance with legal obligations (e.g., SEC/FINRA record-keeping).
  • Legitimate interests (product improvement, security).
  • Consent (for optional features or marketing).

 

 

6. Data Retention and Deletion

 

Data is retained for the duration of the customer agreement or as required by applicable law. Customers may configure retention policies per tenant. Upon termination or written request, Aten Security securely deletes or anonymizes data in compliance with SOC 2 and ISO 27001 standards.

 

 

7. Security and Compliance

 

We maintain a multi-layered security program that includes:

  • Encryption in transit and at rest (AES-256, TLS 1.3).
  • Role-based access controls and least-privilege policies.
  • Continuous monitoring and auditing.
  • Annual SOC 2 Type II and ISO 27001 audits (in progress).
  • Alignment with ISO 42001 (AI Management Systems) and CISA Secure-by-Design principles.

 

 

8. Sharing and Disclosure

 

We may share data only with:

  • Authorized service providers (e.g., cloud infrastructure, AI model providers) under binding agreements.
  • Regulators or law-enforcement agencies as required by law.
  • Customer-designated integrations (such as Global Relay for journaling).

We never sell or exchange personal data for advertising or marketing.

 

 

9. Your Rights

 

Depending on your jurisdiction, you may have rights to access, correct, delete, or export your personal data, and to object to or restrict processing. Requests may be sent to security@aten.security.

 

 

10. International Transfers

 

If data is transferred across regions, we rely on standard contractual clauses and equivalent safeguards.

 

 

11. Children’s Privacy

 

Our services are not directed to individuals under 18. We do not knowingly collect information from minors.

 

 

12. Updates to This Policy

 

We may update this Policy from time to time. Revisions will be posted with a new effective date. Significant changes will be communicated to customers directly.

 

 

Contact Us

Aten Security, Inc.

103 Montgomery St, Building 103

San Francisco, CA 94129

security@aten.security