Athena ("Athena," "we," "us," or "our") provides an AI-powered note-taking and accessibility platform for students and disability services offices at colleges and universities. This Privacy Policy explains how we collect, use, disclose, and protect information when you use our web application, Chrome extension, mobile apps, and related services (collectively, the "Services").
This Privacy Policy, together with any in-product disclosures, is intended to give a comprehensive description of the user data Athena collects, how we handle and store it, and every category of party with whom it is shared. It applies to our website, mobile apps, browser extension, APIs, support tools, and organization administration tools.
By using our Services, you agree to the practices described in this Privacy Policy. If you do not agree, please discontinue use of the Services.
Our commitment: Athena was built for accessibility. We do not sell or rent personal information, we do not share user data with ad networks or data brokers, and we do not use your notes, files, audio, or transcripts to train AI models without your explicit, separately obtained written consent.
The table below summarizes the primary user data categories we collect, how we handle them, where they are stored, and who receives them.
| Data category | Examples | How we collect and use it | Handling and storage | Shared with |
|---|---|---|---|---|
| Account and authentication data | Name, email, hashed password, auth tokens, institution, role, invitation and SSO identifiers | Collected when you register, sign in, accept an invite, or connect through SSO. Used to create and secure your account. | Stored in Supabase authentication and database systems, plus session storage on your device or browser. | Supabase, your identity provider if you use SSO, and Athena personnel who need access for support or security. |
| Accessibility and settings data | Text size, fonts, high-contrast mode, reduced-motion settings, organization retention or review settings | Collected when you or an organization administrator set preferences. Used to personalize the product and apply organization policies. | Stored locally on device or browser and, where applicable, in Supabase user metadata or organization settings. | Supabase and organization administrators for organization-managed settings. |
| User content and uploads | Notes, transcripts, summaries, flashcards, bookmarks, feedback, uploaded documents, images, audio, video, and note attachments | Collected when you create content, record audio, upload files, import media, or regenerate notes. Used to provide Athena's core features. | Handled on your device, on Athena servers during processing, and in Supabase storage and database systems. | Supabase, AssemblyAI, OpenAI, authorized Athena personnel, and where applicable internal reviewers or organization admins described below. |
| Support and communications data | Demo requests, support messages, AI support chat prompts, support chat history, and note context you ask support tools to use | Collected when you contact us or use in-app support. Used to answer questions, troubleshoot issues, and improve support workflows. | Stored in Supabase and vendor systems used to provide support tooling. | OpenAI for AI support responses, Supabase, PostHog for event analytics, and Athena support personnel. |
| Usage analytics | Feature usage, button taps, screen views, session events, upload and note workflow events, deep-link events | Collected automatically to operate, measure, and improve the Services. | Stored in PostHog and Athena analytics systems. | PostHog and Athena personnel who analyze product usage. |
| Diagnostics and security data | Crash logs, stack traces, IP address, approximate location, device and OS metadata, request and error logs | Collected automatically to debug errors, secure the Services, prevent abuse, and maintain reliability. | Stored in Sentry, PostHog, Supabase-related logs, and infrastructure logs. | Sentry, PostHog, Supabase, and hosting providers that operate Athena-controlled infrastructure. |
| Billing data | Billing contact details, subscription status, invoices, transaction metadata | Collected during purchases or subscription administration. Used to bill for paid plans and maintain financial records. | Stored in Stripe and Athena billing records. Athena does not store full payment card numbers. | Stripe and Athena personnel who manage billing. |
| Organization administration and review data | Organization membership, member email, role, last sign-in, note counts, review status, review notes, retention settings, metrics | Collected when an institution or Athena internal reviewer administers an account or note workflow. | Stored in Supabase. | Organization owners or admins, Athena internal reviewers, and Supabase. |
| Chrome extension data | Extension settings, local session, detected resource URLs, file names, MIME types, sizes, tab-scoped resource metadata, and supported import metadata such as title or transcript when available | Collected when the extension is configured, detects supported resources, or you initiate an import. | Stored in chrome.storage.local and temporary in-memory tab state; sent to Athena only as needed for authentication and import processing. |
Supabase for extension authentication and Athena servers, plus the processors listed above if you choose to import content. |
We do not intentionally collect contacts, precise geolocation, health data, advertising identifiers, or your entire photo library. We only receive files, photos, microphone input, or similar device data when you deliberately provide or enable it.
We use the information we collect to:
We do not sell personal information, share personal information with ad networks for targeted advertising, or use your notes, files, transcripts, audio, or support content to train AI models without your explicit, separately obtained written consent.
Athena stores some data locally so the product can function properly and provide offline or accessibility features. Depending on platform, this may include auth session data, accessibility settings, cached notes, queued write operations, staged files waiting to be uploaded, and extension configuration.
On mobile and web, this may be stored in AsyncStorage, browser storage, IndexedDB, or local app files. In the Chrome extension, configuration and session data are stored in chrome.storage.local, and tab-scoped detections are held in memory until the relevant tab closes or reloads.
When you upload or record content, Athena may temporarily process files on Athena-controlled servers before or during storage and AI processing. Files, notes, transcripts, organization data, and support records are then stored in Athena-managed systems, primarily Supabase. Signed URLs and similar temporary access tokens may be created so storage or transcription providers can process a file without exposing it publicly.
Audio, video, images, and documents may be retained in storage if needed to complete ingestion, support playback or future note access, preserve note attachments, support organization workflows, or satisfy retention settings chosen by Athena or an organization administrator.
No method of transmission or storage is completely secure. If you believe your data has been compromised, contact security@athena.education.
We share data only as described below, and only to operate, support, secure, improve, bill for, or legally administer the Services.
We do not share your data with advertising networks, data brokers, or analytics providers for cross-context behavioral advertising.
If your account is provided or managed by a school, disability services office, employer, or other organization, organization owners and admins may receive certain user and organization data needed to administer the service. This can include your name, email, organization role, membership status, last sign-in, effective settings, note counts, and organization metrics.
If an organization or Athena enables a review workflow, designated reviewers may access note content and review metadata necessary to approve or reject the note. Outside of those workflows, Athena does not disclose note content to organization admins unless the product or your explicit actions make that sharing available.
We may disclose information if required by law, court order, or governmental authority, or to protect the rights, property, or safety of Athena, our users, or the public.
In the event of a merger, acquisition, or sale of assets, user data may be transferred. We will notify affected users before data is subject to a materially different privacy policy.
We may share your information for any other purpose with your explicit consent.
If your account is controlled by an institution or organization, that organization may configure review or retention settings that affect how long certain data is retained.
Depending on your location, you may have the following rights regarding your personal data:
To exercise any of these rights, email privacy@athena.education. We will respond within a commercially reasonable time and may need to verify your identity before fulfilling a request. If your account is managed by an institution or organization, we may direct you to that organization for requests relating to institution-controlled data.
California residents have the right to know what personal information we collect, use, disclose, and retain; to request deletion; to request correction; and to be free from discrimination for exercising privacy rights. Athena does not sell personal information and does not share personal information for cross-context behavioral advertising. To submit a verifiable consumer request, contact privacy@athena.education.
Athena operates as a "school official" providing services under the direction of educational institutions, consistent with the Family Educational Rights and Privacy Act (FERPA), 20 U.S.C. § 1232g. Where we process educational records on behalf of an institution:
If an institution enables organization review, retention, or administration features, Athena and the institution may process related education records consistent with that institution's instructions and applicable law.
Athena is intended for use by college and university students (typically 18 years of age and older) and educational staff. Our Services are not directed to children under 13, and we do not knowingly collect personal information from children under 13.
If you believe a child under 13 has provided us personal information without parental consent, please contact us at privacy@athena.education and we will promptly delete it.
The Athena mobile apps may request device permissions only when they are needed for a feature you choose to use.
Athena does not request contacts, calendars, precise location, or background camera access. The app only accesses microphone, camera, or file data when you actively trigger the related feature.
The Athena Chrome Extension detects supported media or file resources and lets you send them to Athena for ingestion. It does not silently upload content. Specific disclosures for the extension are below.
webRequest (to inspect supported network requests and response headers for uploadable resources), storage (to store settings and auth session locally), tabs (to communicate with the relevant tab and clean up tab-scoped detections), alarms (to refresh your auth session), and host access to supported sites such as educational domains where the extension is authorized to run.chrome.storage.local. Detected resources are also held temporarily in tab-scoped memory until the tab is closed or reloaded.Chrome Web Store compliance: Athena's extension disclosures are intended to describe all user data collected, handled, stored, and shared by the extension. If extension behavior materially changes, we will update this Privacy Policy and the related store listing disclosures.
We use cookies, local storage, and similar technologies for the following purposes:
We do not use advertising cookies, we do not use Google Analytics, and we do not share cookie or local-storage data with ad networks.
Athena is based in the United States. If you access our Services from outside the US, your data will be transferred to and processed in the United States, which may have different data protection laws than your country.
For users in the European Economic Area (EEA), United Kingdom, or Switzerland, we rely on Standard Contractual Clauses (SCCs) as the legal basis for international data transfers. Our legal bases for processing include performance of a contract, legitimate interests, and, where required, explicit consent.
We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email (to the address on your account) and/or by posting a prominent notice in the app at least 14 days before the changes take effect. Your continued use of the Services after the effective date constitutes acceptance of the updated policy.
The "Last Updated" date at the top of this page indicates when it was most recently revised.
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact:
We're here to help. Reach out and we'll respond within 2 business days.
privacy@athena.education