Atrial AI
Atrial AI
SECURITY
ContactContact us
PlatformWhy AtrialTailoredContact
Privacy Policy

How we handle data on this website.

This policy covers atrialai.com: what we collect when you visit or fill out our contact form, why, and what choices you have. It does not describe how the Atrial AI Security platform handles customer traffic — that's covered in the Data Processing Agreement and the platform's technical documentation.

Effective
May 17, 2026
Version
1.0
Questions
privacy@atrialai.com

Who we are

Atrial AI LLC ("Atrial AI", "we", "us") operates atrialai.com to describe our security platform for LLM-powered applications. The data controller for this website is Atrial AI LLC, reachable at privacy@atrialai.com.

Scope of this policy

This policy applies only to the public marketing website at atrialai.com. It does not cover the Atrial AI Security platform itself — customer traffic inspected by the platform is governed by the Data Processing Agreement we sign with each customer and by the platform's technical documentation.

If you reach our website through a sub-processor's domain, embedded widget, or a customer's integration, that party's privacy policy also applies in addition to ours.

What we collect

The website collects two categories of information:

1. Information you give us directly

When you submit the contact form, we collect the name, work email, company, role (optional), and free-text description you provide. All fields other than the optional role and description are required for us to respond to you.

2. Information collected automatically

When you visit any page, we and Google Analytics record technical information about the request: IP address (truncated before storage — see Cookies & analytics), user-agent string, referring page, the pages you view, approximate geographic region inferred from IP, and the duration of your visit. We do not collect precise location, device identifiers beyond the analytics cookie described below, or any biometric data.

Cookies & analytics

We use one analytics provider — Google Analytics 4 — to measure how visitors use the site. That's it. We do not run advertising pixels, retargeting tags, social-media trackers, session-replay tools, heatmaps, or any third-party widget that persists identifiers across sites.

CookieSet byPurposeRetention
_gaGoogle AnalyticsDistinguishes unique visitors2 years
_ga_<ID>Google AnalyticsPersists session state for the GA4 property2 years
atrial.cookieNotice.dismissed.v1Atrial AI (first-party, localStorage)Remembers that you've dismissed the cookie notice barUntil cleared

How we've configured Google Analytics

  • IP anonymization is on. Google truncates the last octet of every visitor's IP address before storing it.
  • Data retention is set to 14 months — the shortest GA4 allows. Aggregated reports persist longer; individual event-level data does not.
  • Google Signals is disabled. We do not associate visits with Google's cross-device or advertising signals.
  • Demographics and interests reporting is disabled.
  • Google acts as our service provider/processor under its Google Analytics terms; it is contractually restricted from using the data for its own purposes.

Browser controls. You can block these cookies in your browser settings, install Google's official Analytics Opt-out Add-on, or use any privacy-protective browser (Brave, Firefox with Enhanced Tracking Protection, Safari with Intelligent Tracking Prevention). The site continues to work normally with analytics blocked.

How we use it

  • To respond to inquiries. If you submit the contact form, we use your information to reply to you and to scope a conversation about a potential evaluation.
  • To measure site performance. We use analytics data in aggregate to understand which pages are useful, which are not, and to fix problems.
  • To keep the site secure. Server logs and traffic patterns help us detect abuse, automated scraping, and infrastructure issues.
  • To meet legal obligations. Where law requires us to retain or produce records, we do.

We do not use website data to train any machine learning model.

Who we share it with

We do not sell or rent personal information. We share it with a short list of service providers, each acting on our instructions under a contract:

  • Google LLC — analytics (Google Analytics 4).
  • Our hosting provider — to serve the website itself; standard request logs.
  • Our email provider — to deliver the response to your contact-form submission.

We also disclose information when required by law, by valid legal process, or to protect the rights, property, or safety of Atrial AI, our customers, or others.

Retention

  • Analytics events: 14 months in GA4, then automatically deleted.
  • Contact-form submissions: retained while we are in active conversation with you, then archived in our CRM for up to 24 months from last contact, after which they are deleted unless an active customer relationship exists.
  • Server / security logs: 90 days.

Your choices

Regardless of where you live, you can email privacy@atrialai.com to:

  • Ask what we hold about you.
  • Ask us to correct or delete it.
  • Ask us to stop processing it for a particular purpose.
  • Receive a copy in a portable format.

We respond to verified requests within 30 days. If your local law grants additional rights (for example, the right to lodge a complaint with a supervisory authority under GDPR, or specific CCPA/CPRA rights as a California resident), those rights also apply.

How we protect it

The website is served over TLS. Contact-form submissions are transmitted encrypted in transit and stored in access-controlled systems. As a security company, we hold ourselves to the same standards we ask our customers to. We will notify affected users promptly if we ever experience a breach involving personal information.

Children's data

This is a B2B website for security professionals. It is not directed to children under 16, and we do not knowingly collect personal information from them. If you believe a child has submitted information to us, email privacy@atrialai.com and we will delete it.

Updates to this policy

We will revise this policy if the scope of what we collect changes. Specifically, we will update it and re-issue this version number when any of the following becomes true:

  • We add a second tracker (advertising pixel, retargeting tag, chat widget, heatmap, etc.).
  • We begin actively marketing the website into the EEA, UK, or Switzerland — at which point we will also add a GDPR-style opt-in consent flow.
  • We launch a customer-facing console or in-product analytics on this domain.
  • We change our service-provider list in a way that meaningfully affects what is shared.

Material changes will be reflected on this page with an updated effective date and version. We will not retroactively reduce your rights without notice.

Contact

Email privacy@atrialai.com with any privacy question, request, or complaint. For general sales and product questions, see the Contact section on the main site.

Back to atrialai.com