Privacy and Data Protection Policy

Last updated: February 26, 2025

This Privacy and Data Protection Policy (“Privacy Policy”) describes Our policies and procedures on the collection, use and disclosure, and protection of Your information or data when You use any of Our Services or visit Our Website. We will only use Your information or data to provide and improve the Services or the Website. By using any of Our Services or accessing the Website, You agree to Our collection and use of information in accordance with this Privacy Policy. This Privacy Policy is provided to inform You of Your privacy rights and how We will protect Your information and data.

Interpretation and Definitions

Interpretation

All capitalized terms used herein shall have the meanings ascribed to them below. The following definitions shall have the same meaning regardless of whether they appear in singular or in plural. All pronouns and any variations thereof contained herein shall be deemed to refer to the masculine, feminine, neuter, singular or plural, as the identity of the person or persons may require.

Definitions

For the purposes of this Privacy Policy:

Account means a unique account created for You to access our Website and/or to receive the Services.

Affiliate means an entity that controls, is controlled by or is under common control with a party, where "control" means ownership of 50% or more of the shares, equity interest or other securities entitled to vote for election of directors or other managing authority.

Company refers to Parthenon Labs Incorporated and its applicable affiliates (referred to herein as either "the Company", "We", "Us" or "Our").

Cookies are small files that are placed on Your computer, mobile device, or any other Device, by a website You visit that contains the details of Your browsing history related to that website.

Country refers to the United States of America.

Device means any device that can use or access the Service such as a computer, a cellphone, or a digital tablet.

Personal Data is any personally identifiable information of a person using the Services or Website. Personally identifiable information may include a person’s name, address, telephone number and email address.

Service refers to any services provided by the Company to its customers and users as set forth in an Order, and includes the Account and Website.

Service Provider means any natural or legal person who processes the data on behalf of the Company. It refers to third-party companies or individuals employed by the Company to facilitate the Services, to provide the Services on behalf of the Company, to perform services related to the Services or to assist the Company in analyzing how the Services are used.

Usage Data refers to non-personal information and data collected by Your use of the Website (for example, log tracking collects Website users’ IP addresses to analyze trends, administer the Website, track visitor movement, and gather broad demographic information to help determine the type of information visitors are interested in seeing on Our Websites. This tracking may also collect URLs, pixels, cookies and similar technologies, and identifiers such as advertising IDs and device IDs, and may include information about the duration of a page visit and the time a user spends on Our Website, the links or advertisements seen, search terms entered, items identified in a user’s online shopping cart and other similar information).

Website refers to the Company’s website, which may be updated, changed, or modified from time to time at the Company’s sole discretion, currently accessible at: https://www.parthenon.co/

You or Your means the individual, visitor, customer, or other party accessing or using any Service or the Website, as applicable.

Collecting and Using Your Personal Data

Types of Data Collected

Personal Data

You may visit Our Website without divulging any Personal Data. However, there may be areas of the Website, or in order for you to use Services, which might require You to provide Personal Data, for example, when creating or registering an Account, paying for Services, or contacting online support. In certain cases, We may ask You to provide Us with Personal Data that can be used to contact or identify You. Collected Personal Data is only used for Our business purposes and is not shared with external, non-affiliated companies except as provided in this Privacy Policy.

Usage Data

Usage Data may include information such as Your Device's Internet Protocol address (e.g., IP address), cookies, browser type, browser version, the pages of our Website that You visit, the time and date of Your visit, the time spent on those pages, unique device identifiers and other diagnostic data.

Usage Data is collected automatically when using the Website. In addition, when You access the Service by or through a mobile device, We may collect certain information automatically, including, but not limited to, the type of mobile device You use, Your mobile device unique ID, the IP address of Your mobile device, Your mobile operating system, the type of mobile Internet browser You use, unique device identifiers and other diagnostic data. We may also collect information that Your browser sends whenever You visit our Service or when You access the Service by or through a mobile device.

If You choose not to give information We request, or if you disable Cookies, You can still visit Our Website, but you may be unable to access certain options, offers, and services. We are dedicated to building a long-term relationship with all of our Website users. We will not sell, share or rent any Usage Data to others or use the Usage Data in ways other than as set forth in this Privacy Policy.

Tracking Technologies and Cookies

We use Cookies and similar tracking technologies to track the activity on Our Website and store certain information. Tracking technologies used are beacons, tags, and scripts to collect and track information and to improve and analyze Our Website and Services. The technologies We use may include:

  • Cookies or Browser Cookies. A "Cookie" is a piece of information that is sent from Our web server to Your browser and stored on Your hard drive. We may use Cookies when You order a product or a specific Service or when You register an Account. The Cookie stores information that allows the Website to remember You the next time You visit the Website. Cookies also allow Us to tailor our Website to better match Your interests and preferences. You can instruct Your browser to refuse all Cookies or to indicate when a Cookie is being sent. However, if You do not accept Cookies, You may not be able to use some parts of our Website. Unless you have adjusted Your browser setting so that it will refuse Cookies, our Website may use Cookies.
  • Web Beacons. Certain sections of our Website and our emails may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit the Company, for example, to count users who have visited those pages or opened an email and for other related website statistics (for example, recording the popularity of a certain section and verifying system and server integrity).

Cookies can be "Persistent" or "Session" Cookies. Persistent Cookies remain on Your personal computer or mobile device when You go offline, while Session Cookies are deleted as soon as You close Your web browser. We use both Session and Persistent Cookies for the purposes set out below:

Use of Your Personal Data

To the extent permitted by applicable law and pursuant to this Privacy Policy, We reserve the right to use Personal Data for Our internal business purposes, including to provide, support, improve, protect, and analyze the Website and the Services. We may also communicate with You about Our Services, including to detect and avoid fraud, to market Services, and for research purposes.

We do not share Personal Data with external, non-affiliated companies except as provided in this Privacy Policy or as permitted in Our Terms of Service, and then only to the extent permitted under applicable law. However, We may partner with other parties to provide specific services, such as billing solutions, which are designed to enhance the functionality of our Services or to improve the Website. When use of these services is required, We will only share Personal Data or other contact information that is necessary for the third party to provide these services. We may also provide your Personal Data to third party agents we have hired to help us provide products or services you have requested. For example, we would need to provide your address to a shipping company to deliver a package you have ordered. In addition, we outsource certain functions of our business, and those agents may have access to your Personal Data; however, in such cases our agents are prohibited from disclosing your Personal Data to others.

The Company may use Personal Data for the following purposes:

To provide and maintain our Website and the Services, including to monitor the usage of our Website and the Services.

To manage Your Account: to manage Your registration as a user of the Service. The Personal Data You provide can give You access to different functionalities of the Service that are available to You as a registered user.

For the performance of a contract: the development, compliance and undertaking of the purchase contract for the products, items or services You have purchased or of any other contract with Us through the Website or in connection with the Services.

To contact You: To contact You by email, telephone calls, SMS, or other equivalent forms of electronic communication, such as a mobile application's push notifications regarding updates or informative communications related to the functionalities, products or contracted services, including the security updates, when necessary or reasonable for their implementation.

To provide You with news, special offers and general information about other goods, services and events which we offer that are similar to those that you have already purchased or enquired about unless You have opted not to receive such information.

To manage Your requests: To respond to, and manage, Your requests to Us.

For other purposes: We may use Your information for other purposes, such as data analysis, identifying usage trends, determining the effectiveness of our promotional campaigns and to evaluate and improve our Website, products, Services, marketing and Your experience.

In addition, We may share Your Personal Data in the following situations:

  • With Service Providers: We may share Personal Data with Service Providers to monitor and analyze the use of our Website and the Services, and/or to contact You. We assess the risks associated with any new and existing service providers that have access to Personal Data. We communicate security and confidentiality requirements, as well as operational responsibilities, through contractual agreements that are substantially as protective of Personal Data as the obligations herein, with such service providers.
  • With Affiliates: We may share Personal Data with Our affiliates, in which case we will require those affiliates to honor this Privacy Policy. Affiliates may include a parent company and any subsidiaries, joint venture partners, or other companies that We control or that are under common control with Us.
  • With business partners: We may share Personal Data with Our business partners to offer You certain products, services or promotions.
  • With other users: when You share Personal Data or otherwise interact in public forums or online interactions with other users, such information may be viewed by all users and may be publicly distributed outside of the Website.
  • With Your consent: We may disclose Personal Data for any other purpose with Your consent.

Retention of Your Personal Data

The Company will retain Your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy. However, We will retain Your Personal Data to the extent necessary to comply with Our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies.

The Company will retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of Our Service, or We are legally obligated to retain this data for longer time periods. We may share Usage Data that is statistical or aggregated non-personal information with advertisers, business partners, sponsors and other third parties. No personal information is supplied in these cases. This data is used to improve our Services, customize our Website content and advertising, and for other appropriate purposes to deliver a better experience to You.

Processing of Your Personal Data

Your information, including Personal Data, is processed at the Company's operating offices in the United States.

We may process Personal Data in any other places where the parties involved in the processing are located. It means that this information may be transferred to — and maintained on — computers located outside of Your state, province, country or other governmental jurisdiction where the data protection laws may differ than those from Your jurisdiction.

Your consent to this Privacy Policy followed by Your submission of such information represents Your agreement to that transfer and the processing of Your Personal Data.

The Company will take all steps reasonably necessary to ensure that Your data is treated securely and in accordance with this Privacy Policy. No transfer of Your Personal Data will be made to an organization or a country unless there are adequate controls in place including the security of Your data and other personal information. If We contract with subprocessors that have access to Personal Data, we require that such subprocessors provide and use technical and organizational measures substantially as protective as those outlined herein.

To the extent that, in connection with the performance of the Services, We process data on Your behalf that is subject to the California Consumer Privacy Act of 2018 (CCPA), We shall (i) process Personal Data that is subject to the CCPA only on Your instructions and as set forth in this Privacy Policy in accordance with the applicable terms of the CCPA, (ii) act as a service provider with respect to such Personal Data that qualifies as personal information under the CCPA, in accordance with the applicable terms of the CCPA, (ii) neither We nor any subprocessor of Ours will disclose to nor transfer personal data to a subprocessor or any third party that qualifies as “selling” personal data under the CCPA; and (iv) We will maintain reasonable security procedures and practices appropriate to the nature of the Personal Data disclosed by You to Us, to protect such Personal Data from unauthorized access, destruction or use, in accordance with applicable requirements of the CCPA.

Security of Your Personal Data

We maintain a written security program that includes administrative, technical and physical safeguards reasonably designed to protect the confidentiality, integrity and availability of Personal Data. We pseudonymize Personal Data (as that term is defined in the General Data Protection Regulation (GDPR) and as applicable in analogous US federal and state privacy laws and regulations) where appropriate, and encrypt Personal Data in transit and at rest using encryption in accordance with Our security program.

We have access controls in place designed to maintain the confidentiality and security of Personal Data. Controls include, as appropriate, authorization and authentication processes for physical and logical access to facilities, systems, networks and devices that handle Personal Data. Access is granted based on the principal of least privilege. As appropriate, We log, monitor, and review access on a regular basis at a frequency commensurate with risk. We will enforce Our then-current password policy with respect to password management.

We have appropriate network perimeter defense solutions in place, such as Intrusion Detection System (IDS)/Intrusion Prevention System (IPS) and firewalls to monitor, detect, and prevent malicious network activity and restrict access to authorized users and services. We will have appropriate monitoring in place to detect and take appropriate action. We review firewall configurations and rules at least annually, and any significant changes to firewall rules will follow a documented change management process.

We have threat and vulnerability management processes that include on-going monitoring for vulnerabilities that are acknowledged by Us, reported by You, or discovered internally through vulnerability scans, or identified by Our personnel. We have processes in place to document vulnerabilities and take appropriate steps to remediate vulnerabilities based on risk. We perform regular internal and external vulnerability scans. We conduct internal and external penetration tests to remediate vulnerabilities identified in accordance with our security program.

“Security Breach” means a security event that results in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Personal Data stored or otherwise processed by Us. If there is a Security Breach, We will (A) notify You via email without undue delay upon confirmation of a Security Breach, (B) reasonably cooperate with You with respect to any such Security Breach, and (C) take appropriate action as We deem necessary to mitigate risks or damages associated with the Security Breach to protect Personal Data from further compromise. We will take such other actions that may be required by applicable law as a result of the Security Breach.

The security of Your Personal Data is important to Us. But remember that no method of transmission over the Internet, or method of electronic storage is 100% secure. While We strive to use commercially acceptable means to protect Your Personal Data, We cannot guarantee absolute security and use of our Website and Services is at Your own risk.

Delete Your Personal Data

You have the right to delete, or to request that We assist in deleting, the Personal Data that We have collected about You. Our Website may give You the ability to delete certain information about You from within the Website.

You may update, amend, or delete Your information at any time by signing in to Your Account, if you have one, and visiting the account settings section that allows you to manage Your personal information. You may also contact Us to request access to, correct, or delete any personal information that You have provided to Us. Please note, however, that We may need to retain certain information when we have a legal obligation or lawful basis to do so.

Disclosure of Your Personal Data

Business Transactions

In the event any Company entity or its assets are sold, merged or otherwise involved in a corporate transaction, including without limitation, a financing, merger or acquisition, a divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of Our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which Personal Data held by Us about our Service users is among the assets transferred, Your information will likely be transferred as part of that transaction. We reserve the right to transfer your information without Your consent in such a situation; provided that We will make commercially reasonable efforts to see that Your privacy preferences are honored by the transferee.

Law enforcement

Under certain circumstances, the Company may be required to disclose Your Personal Data if required to do so by law or in response to valid requests by public authorities (e.g., in response to a subpoena or a government agency request). In such cases, We may release Personal Data in response to requests from governmental agencies, including law enforcement and national security agencies, in accordance with federal statutory requirements or pursuant to court order. Before releasing any customer information, We will ensure that the underlying governmental request satisfies procedural and substantive legal requirements and is otherwise proper. For example, We will ensure that any court orders are valid, properly issued, and legally enforceable. Except as required by law or with the approval of the customer, We will not release any Personal Data in response to subpoenas or similar requests issued by private parties. Further, We will be diligent in authenticating the validity of any “governmental” request to ensure that the request actually originates from an authorized government agency.

Other legal requirements

The Company may disclose Your Personal Data in the good faith belief that such action is necessary to:

  • Comply with a legal obligation (including a court order)
  • Protect and defend the rights or property of the Company
  • Prevent or investigate possible wrongdoing in connection with the use of the Website or the Services
  • Protect the personal safety of Users of the Website or the Services, or the public
  • Protect against legal liability

AI Policy

We may use Artificial Intelligence (“AI”) to provide the Services or in connection with Your use of the Website. This AI policy aims to establish guidelines and best practices for the responsible and ethical use of AI in connection with Our Services and Website. 

The policy is intended to establish guidelines and best practices for the responsible and ethical use of AI in connection with Our Services and Website, and to ensure that any use of AI systems and platforms, including but not limited to Generative AI, all LLMs, plugins and data enabled AI tools, are in a manner that aligns with Our values, adheres to legal and regulatory standards, and promotes the safety and well-being of our customer and visitors.

As used herein, “Generative AI” refers to artificial intelligence systems capable of generating content, such as text, images, or other forms of data, that is indistinguishable from human-created content. Generative AI operates based on machine learning algorithms and can create new, original content by analyzing and learning from vast amounts of existing data.

We will use AI systems responsibly and ethically, avoiding any actions that could harm others, violate privacy, or facilitate malicious activities. You must not upload or share any data that is confidential, proprietary, or protected by regulation. We will not provide or permit access to AI tools outside of the Company. In all cases, we will not use your Personal Data for AI training. We are committed to using AI systems in compliance with all applicable laws and regulations, including data protection, privacy, and intellectual property laws. We will be transparent about Our use of AI in Our work.

When using AI systems, including Generative AI, we will adhere to this Privacy Policy and Our security policies as applicable to Personal Data. To the extent any Personal Data is authorized for use with an AI system, We will anonymize the data to the fullest extent possible unless otherwise required to provide Our Services, and all data and any output will be stored securely in accordance with this Privacy Policy. We will apply the same security best practices used for all customer data. This includes using strong passwords, keeping software up-to-date, and following data retention and disposal policies as outlined herein. When utilizing third-party AI services or platforms, We will ensure that the providers adhere to the same ethical standards and legal requirements as outlined in this policy.

Our management team will ensure that AI initiatives are developed and deployed responsibly, in compliance with relevant laws and regulations, and with ethical considerations in mind. We may appoint an AI officer to oversee the implementation of this AI policy, providing guidance and support to employees and customers, and ensuring compliance with relevant laws and regulations. The AI officer, if appointed, will conduct periodic reviews of AI system use within the Company to ensure adherence to this policy, identify any emerging risks, and recommend updates to the policy as necessary.

This policy will be reviewed annually or as needed, based on the evolution of AI technology and the regulatory landscape. Any changes to the policy will be communicated to You pursuant to the “Changes to the Privacy Policy” Section below.

You should recognize the limitations of AI and always use Your judgment when interpreting and acting on AI-generated recommendations. AI systems should be used as a tool to augment human decision-making, not replace it. We are committed to ensuring that the use of AI tools is safe and secure for all Our users and clients, as well as the Company itself. We believe that by following the guidelines outlined in this policy, we can maximize the benefits of AI tools while minimizing the potential risks associated with their use.

Children's Privacy

WE DO NOT KNOWINGLY SOLICIT, COLLECT OR USE ANY PERSONAL INFORMATION FROM VISITORS UNDER 13 YEARS OF AGE. NO INFORMATION SHOULD BE SUBMITTED TO OUR WEBSITE BY VISITORS UNDER 13 YEARS OF AGE, AND VISITORS UNDER 13 YEARS OLD ARE NOT ALLOWED TO REGISTER FOR AN ACCOUNT OR OUR SERVICES. If We become aware that We have collected Personal Data from anyone under the age of 13 without verification of parental consent, We take steps to remove that information from Our servers.

Links to Other Websites

Our Service may contain links to other websites that are not operated by Us. If You click on a third party link, You will be directed to that third party's site. We strongly advise You to review the Privacy Policy of every site You visit.

We have no control over and assume no responsibility for the content, privacy policies or practices of any third party sites or services. This Privacy Policy applies solely to information collected through Our Services and on Our Website.

Changes to this Privacy Policy

We reserve the right to change, modify or update this Privacy Policy at any time without notice unless prior notice is required by law. In the event of any modification, We will notify You of any changes by posting the new Privacy Policy on Our Website at: https://www.parthenon.co/privacy-policy so that You will always know what information We are gathering and how We might use that information.

You are advised to review this Privacy Policy periodically for any changes and to confirm that Your use and Your expectations of the Website adhere to the current Privacy Policy to which You are bound. Changes to this Privacy Policy are effective when they are posted on Our Website.
Any revised version will be effective on the “Effective Date” listed above.
Contact Us

If you have any questions about this Privacy Policy, You can contact us:

  • By email: support@parthenon.co
  • By mail: Parthenon Labs Incorporated, 1606 Headway Circle, STE 9651, Austin, TX 78754