Privacy Policy

Last updated: November 30, 2025

Trust Center
Terms of Use
Cookie Policy

1. Scope of this Notice

This Privacy Notice (“Notice”) explains how Aetos Data Consulting LLC (“Aetos”, “we”, “us”) collects, uses, shares, and otherwise processes personal information in connection with:

  • our websites, including aetos-data.com and any pages that link to this Notice;
  • our marketing, events, and other outreach; and
  • our consulting and related professional services (the “Services”).

It applies to individuals who interact with us as client representatives, prospective clients, suppliers, partners, website visitors, and other business contacts.

This Notice does not cover how our clients use personal information in their own systems and environments. When we handle personal information purely on behalf of a client, their privacy notice and contracts apply in addition to this one.

2. Who we are

Aetos Data Consulting LLC is a consulting company organized under the laws of the State of Delaware, United States.

Registered office:
Aetos Data Consulting LLC
8 The Green, Suite B
Dover, DE 19901
United States

We provide cybersecurity, data privacy, AI governance, compliance operations, and related advisory services to business customers.

3. How to contact us about privacy

If you have questions about this Notice or our handling of personal information, or if you wish to exercise a privacy right, you can contact us at:

4. Our role: controller vs. processor / service provider

Our role depends on the context:

  • Controller (or “business” / equivalent term under applicable law)
    For information about our own operations (such as client and prospect contact data, billing information, vendor and partner records, website usage data, and marketing lists) we act as an independent controller. We decide how and why this information is used, in line with this Notice and our contracts.
  • Processor / service provider
    When our clients give us access to personal information in their systems or environments so we can provide the Services (for example, by sharing logs, datasets, HR or customer records, or risk documentation), we generally act as their processor or service provider. In that role we only handle the information according to our clients’ written instructions and our contracts with them.

If you believe we process your personal information on behalf of one of our clients, please also see Section 10.3 (“Requests relating to Client Data”).

5. Personal information we process and why

5.1 Client and business contact information

Who this covers
Current and prospective client representatives, partner and vendor contacts, and other individuals we interact with in a business‑to‑business context.

What we collect
Depending on how you interact with us, we may collect:

  • Identification and contact details (name, company, job title, business email, phone number, mailing address);
  • Professional details (team, role, area of responsibility, industry, and interests related to our Services);
  • Account and transactional information (proposals, statements of work, engagement letters, invoices, payment status, and related communications);
  • Communications and preferences (email messages, meeting notes, feedback, and your preferences about how and what we communicate); and
  • Any other information you choose to provide us in connection with the Services.

Why we use it

We use this information to:

  • provide and manage the Services;
  • respond to inquiries and schedule and run meetings;
  • manage billing, collections, and accounting;
  • operate CRM, sales, and marketing programs (including sending updates, event invites, and insights consistent with your preferences and applicable law);
  • improve our Services and customer experience; and
  • comply with legal obligations and to establish, exercise, or defend legal claims.

5.2 Client‑Provided Data we handle on our clients’ behalf (“Client Data”)

Who this covers
Individuals whose personal information our clients choose to share with us so we can deliver the Services (e.g., their employees, contractors, applicants, or customers).

What we may process
The exact content of Client Data is determined by our clients and the scope of the engagement. It may include, for example:

  • contact and professional details;
  • HR, security, access‑management, or audit data;
  • logs and usage records from systems and applications;
  • documentation related to privacy, security, and compliance; and
  • in limited cases, information that some laws treat as sensitive or “special category” (such as health information, demographic data, biometrics, or information about beliefs or memberships).

We expect clients to share only what is reasonably necessary for the engagement and to de‑identify or aggregate data where that is feasible for the work.

Our role and how we use Client Data
For Client Data, we generally act as a processor or service provider:

  • We use Client Data only to deliver the Services, comply with law, protect our rights, and for other purposes permitted by our contracts with the relevant client.
  • Our clients are responsible for ensuring they have a lawful basis to share Client Data with us and for providing appropriate privacy notices and choices to individuals whose information they control.
  • When we receive privacy requests that relate to Client Data, we normally work with the relevant client so they can respond as the controller/business (see Section 10.3).
  • More detail about how we secure, store, and retain Client Data, and the systems we use to handle it, is available by request to privacy@aetos-data.com.

5.3 Website visitors and online interactions

Who this covers
Visitors to our websites and people who interact with our online forms, tools, and content.

What we collect
When you visit our website or use our online features, we and our service providers may automatically collect:

  • device and browser information (such as IP address, device type, operating system, and browser type);
  • usage data (pages visited, time on page, clicks, referring and exit URLs, and similar information);
  • cookie identifiers and similar tracking data;
  • high‑level location information (for example, country or city derived from your IP address); and
  • information you submit through forms, chat, or tools (such as your name, email address, organization, and details about your request).
We may use cookies, pixels, and similar technologies for these purposes. For details of the specific cookies we use and your choices, please refer to our Cookie Declarations and the cookie preference tools (accessible via the icon in the lower left corner of your browser window) on our website.

Why we use it
We use this information to:

  • operate, secure, and troubleshoot our websites;
  • understand how visitors use our content and tools;
  • personalize and measure our marketing and advertising;
  • provide features such as embedded forms, calculators, and chat; and
  • comply with legal and regulatory obligations and protect the security of our systems and users.

Some of this activity involves our analytics and service partners, who may use their own cookies or identifiers to help us reach people who may be interested in our Services and to measure campaign performance. You can control these technologies as described in Section 11.

5.4 Other individuals

We may also process personal information about:

  • individuals who attend or speak at our events, webinars, or meetings;
  • job applicants and candidates;
  • people whose personal information appears in communications, contracts, or documents we receive in the course of business; and
  • anyone who contacts us for reasons other than those described above.
The information we process and the reasons we use it will depend on the context, but will generally be aligned with this Notice (for example, to manage an application, respond to your request, or maintain our business relationships).

5.5 Automated tools and AI services

We sometimes use third‑party tools, including automation and machine‑learning–based services, to help us deliver the Services and run our internal operations (for example, to transcribe calls, summarize notes, draft documents, or analyze trends).

When these tools involve personal information, we:

  • select providers and configurations that are consistent with our contractual and legal obligations and our internal security controls;
  • do not rely solely on automated tools for decisions that produce anything that may have a significant impact on individuals; and
  • make best efforts to ensure that none of the tools we utilize will use our inputs for training models.

6. Sources of personal information

We obtain personal information from:

  • You directly, when you provide it to us (for example, in meetings, emails, calls, forms, or when you use our tools);
  • Your organization, if we interact with you as a representative of a client, partner, or vendor;
  • Our clients, when they choose to share Client Data with us;
  • Our service providers and partners, including analytics, advertising, communications, and collaboration providers that help us operate our business; and
  • Public or third‑party sources, such as professional networking sites, event organizers, or referrals, where permitted.

7. How we share personal information

We may share personal information we process with:

  • Service providers and subprocessors who support our operations and the delivery of the Services (for example, providers of hosting, storage, collaboration tools, CRM, analytics, email, and other professional services). These providers may only use personal information as instructed by us and must protect it appropriately.
  • Clients and partners, when necessary to deliver the Services, collaborate on a project, or make or receive a referral, consistent with your instructions and our agreements.
  • Advisers and acquirers, if we are involved in a corporate transaction, such as a merger, acquisition, restructuring, or sale of assets, in which case personal information may be transferred as part of that transaction subject to appropriate safeguards.
  • Law enforcement, regulators, and other parties, where we reasonably believe it is necessary to:
    • comply with applicable laws, regulations, legal process, or enforceable government requests;
    • protect the rights, property, or safety of Aetos, our clients, or the public; or
    • detect, prevent, or otherwise address fraud, security, or technical issues.
  • Other recipients, where you have asked us to share your information or have otherwise given your consent.

We do not sell personal information for money. Some privacy laws treat certain sharing of information with advertising and analytics partners (for example, via cookies) as a “sale” or “sharing” for targeted advertising; see Section 11.2 for how we handle that.

8. International data transfers

We are based in the United States, and the primary location where we process personal information is the U.S. We may also engage service providers or partners in other countries.

If you are located outside the United States, this means your personal information may be transferred to and processed in a country that may not offer the same level of data protection as your home jurisdiction. Where required by law, we use appropriate safeguards to protect cross‑border transfers of personal information including, but not limited to, technical and organizational measures.

If you prefer not to have your personal information processed outside your home jurisdiction, please do not submit personal information to us or use our websites and online tools.

9. Data retention

We keep personal information for as long as we reasonably need it for the purposes described in this Notice, including to:

  • provide the Services or operate our websites;
  • maintain business and financial records;
  • comply with legal, tax, accounting, or reporting obligations; and
  • resolve disputes and enforce our agreements.

When we no longer need personal information for these purposes, we will either delete it, anonymize it, or, if that is not possible (for example, because the data is stored in backup archives), securely store it and isolate it from further use until deletion is feasible.

Our Trust Center provides more detail on how long we typically retain different categories of data and the systems we use to handle them.

10. Your rights and choices

Your privacy rights depend on the laws that apply to you, but they typically include some or all of the following.

10.1 Rights you may have

Subject to certain exceptions, you may have the right to:

  • Access: obtain confirmation as to whether we process your personal information and receive a copy.
  • Rectification: request that we correct inaccurate or incomplete personal information.
  • Deletion: request that we delete personal information, for example where it is no longer needed for the purposes for which it was collected.
  • Restriction: ask us to limit the processing of your personal information in certain circumstances.
  • Portability: receive certain personal information in a structured, commonly used, machine‑readable format and ask us to transmit it to another controller where technically feasible.
  • Object: object to certain processing activities, including where we rely on legitimate interests or where we use your personal information for direct marketing.
  • Withdraw consent: withdraw consent at any time where we rely on it. Withdrawing consent will not affect the lawfulness of processing carried out before withdrawal.
  • Opt out of marketing: stop receiving marketing communications from us at any time by clicking the “unsubscribe” link in an email or by contacting us.

Depending on your jurisdiction (for example, certain U.S. states), you may also have rights to:

  • opt out of profiling or targeted advertising;
  • opt out of certain “sales” or “sharing” of personal information; and
  • appeal our response to your request.

We will not discriminate against you for exercising your privacy rights.

10.2 How to exercise your rights

To exercise your rights or raise a question about our handling of personal information, please contact us at privacy@aetos-data.com or using the postal address in Section 3.

We may need to verify your identity and your relationship with us before acting on your request. Where permitted by law, you may also authorize an agent to submit a request on your behalf.

We will respond to requests in accordance with applicable law. If you are not satisfied with our response, you may have the right to appeal our decision or lodge a complaint with a data protection authority or other regulator.

10.3 Requests relating to Client Data

When we receive a request that relates to Client Data we process on behalf of a client, we may:

  • forward the request to the relevant client; and/or
  • let you know how to contact the client directly,
because the client is usually the controller or “business” responsible for responding. Where our contract allows, we will assist the client in handling the request.

11. Cookies, analytics, and targeted advertising

11.1 Cookies and similar technologies

We use cookies, pixels, and similar technologies to:

  • make our website function properly;
  • understand how visitors use our site and content;
  • improve performance and user experience; and
  • support marketing and advertising activities.
Some cookies are strictly necessary and cannot be switched off in our systems. Others (such as analytics and advertising cookies) are optional.

You can manage your cookie preferences through:

  • the cookie banner or settings link that appears on our website; and
  • your browser or device settings.

For more information, including a current list of cookies and their purposes, please refer to our Cookie Policy and the cookie report linked from it.

11.2 Targeted advertising and “sale” / “sharing” opt‑outs

Some privacy laws treat certain uses of cookies and the disclosure of identifiers to advertising and analytics partners as a “sale” or “sharing” of personal information.

  • We do not sell your personal information for money.
  • We may allow advertising and analytics partners to collect or receive information from our sites (for example, via cookies or similar technologies) so that we can measure, optimize, and improve our marketing and show content to professionals who may be interested in our Services.

Where required by law, you can opt out of this type of activity by:

  • setting your cookie preferences to disable advertising and analytics cookies; and/or
  • contacting us at privacy@aetos-data.com with your request, including relevant details so we can identify your browser or device where possible.

We will honor applicable browser‑based signals (such as Global Privacy Control) where we are required to do so and technically able to recognize and act on them.

12. Region‑specific information

12.1 European Economic Area (EEA), United Kingdom, and similar jurisdictions

Where the laws of the EEA, UK, or similar jurisdictions apply, Aetos will typically act as:

  • controller for the categories of personal information described in Sections 5.1, 5.3, and 5.4; and
  • processor for Client Data described in Section 5.2.

Our usual legal bases for processing include:

  • Contract: to provide the Services, manage our relationship with your organization, and take steps at your request.
  • Legitimate interests: to operate, improve, and secure our Services; run our business efficiently; engage in B2B marketing; and protect our legal rights, provided these interests are not overridden by your rights and interests.
  • Legal obligations: to comply with applicable laws, such as tax, accounting, and regulatory requirements.
  • Consent: where we rely on consent, for example, for certain marketing or the use of non‑essential cookies.

If you are in the EEA or UK, you also have the right to lodge a complaint with your local data protection authority; however, we encourage you to contact us first so we can try to resolve your concern.

12.2 U.S. state privacy laws

Some U.S. state laws give residents specific rights regarding their personal information, including rights to access, delete, correct, and opt out of targeted advertising and certain “sales” or “sharing” of personal information.

Where those laws apply to Aetos:

  • the rights described in Section 10 are available to you;
  • we do not sell personal information for money;
  • we treat certain sharing of information with advertising and analytics partners as a “sale” or “sharing” where required and honor your opt‑out preferences; and
  • you can contact us as described in Section 10.2 to exercise your rights, including any available right to appeal our decision.

13. Children and our Services

Our websites and Services are designed for use by businesses, not by children or individual consumers.

We do not knowingly collect personal information from anyone under the age of 18. If you believe we have collected personal information from a child, please contact us at hello@aetos-data.com so that we can investigate and take swift and appropriate action, including deletion where required.

14. Updates to this Notice

We may update this Notice from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we do, we will update the “Last updated” date below and may provide additional notice as appropriate (for example, by posting a notice on our website).

We encourage you to review this Notice periodically to stay informed about how we handle personal information.