Legal
Antare Privacy Policy
This Privacy Policy describes how Antare collects, uses, and protects personal data.
Version 1.0 · Effective date: 18 June 2026 · Last updated: 18 June 2026
Antare’s contracting entities
| Entity | Address | Role |
|---|---|---|
| Antare Technology Limited | 7 Bell Yard, London, England, WC2A 2JR | Contracts with customers outside the Americas |
| Antare Technology Inc. | 1177 Avenue of the Americas, New York, NY 10036, USA | Contracts with customers in the Americas |
Antare acts in two distinct roles depending on the data being processed.
Antare is a data processor for footage and related data generated by Antare Devices in customer deployments ("Customer Footage"). This footage may include Article 9 special category and Article 10 data. The customer is the controller and determines purposes, retention, and use. This processing is fully described in the Data Processing Agreements between Antare and our customers. If we receive questions, objections, or requests to exercise rights concerning this processing, we will forward the matter on to the controller, and provide any help as appropriate. Antare may also assist controllers preparing necessary DPAs.
Antare is a data controller for personal data we collect in our own operations — including data about customer administrators, website visitors, marketing leads, and individuals who contact us directly. Part 1 describes this processing.
Part 2 sets out provisions that apply regardless of role, including international transfers, security, data subject rights, and complaints.
Related documents
- Cookie Policy — information about cookies and similar technologies used on Antare’s website and admin console
- Master Services Agreement (MSA) — the contract governing customer use of the Service
- Data Processing Agreement (DPA) — terms governing Antare’s processing of personal data on behalf of customers, referenced from the MSA
Data Protection Officer: dpo@antare.com
Part 1 — Where Antare Acts as a Controller
1.1 Categories of Data Collected as Controller
Antare acts as a data controller for personal data we collect in our own operations — including data about customer administrators, website visitors, marketing leads, applicants, and individuals who contact us directly.
| Category | Examples | Source |
|---|---|---|
| Account and administrator data | Name, business email, telephone, job title, organisation, role permissions | Customer onboarding, account self-service |
| Billing and contractual data | Billing contact, signatory details, payment-related information processed by payment provider | Customer, order forms |
| Website and product usage data | IP address, browser type, device identifiers, pages viewed, session activity | Automatic collection on website and admin console |
| Marketing data | Name, business email, organisation, marketing preferences, consent records | Forms, events, demo requests |
| Support and communication data | Communications with Antare support, sales, or other staff | Emails, tickets, calls |
| Event and conference data | Name, organisation, contact details, session attendance | Event registrations |
| Job application and recruitment data | Name, contact details, CV | Inbound CVs on website and recruitment portals |
| Inbound contact data | Name, business email, telephone, communications with Antare staff | Forms, emails |
1.2 Lawful Bases for Processing
| Purpose | Lawful basis (UK / EU GDPR) |
|---|---|
| Providing the Service, account management, customer support | Contract performance — Art 6(1)(b) |
| Service security, fraud prevention, system administration | Legitimate interests — Art 6(1)(f) |
| Product improvement and analytics (controller-scope only — not Customer Footage) | Legitimate interests — Art 6(1)(f) |
| Marketing communications | Consent — Art 6(1)(a), or legitimate interests for existing customers’ related services |
| Compliance with tax, regulatory, and law-enforcement obligations | Legal obligation — Art 6(1)(c) |
| Establishing, exercising, or defending legal claims | Legitimate interests — Art 6(1)(f) |
| Job application and recruitment data | Legitimate interests — Art 6(1)(f) |
1.3 Special Category Data
Antare does not collect or process special category personal data (Article 9 GDPR) of customers, website visitors, or other controller-scope data subjects in the ordinary course of its business.
1.4 How We Use Controller-Scope Data
We use this data to deliver, support, and bill for the Service; authenticate and manage user accounts; communicate with customers about service operation, security, and contractual matters; maintain and improve our website, marketing surfaces, and operational systems; send marketing communications to individuals who have opted in, with an unsubscribe option in every communication; conduct product analytics at controller-scope (excluding any Customer Footage); comply with legal, tax, and regulatory obligations; conduct employee recruitment; and establish, exercise, or defend legal claims.
Antare does not sell controller-scope personal data and does not share it with third parties for their own marketing purposes.
1.5 Automated Decision-Making
Antare does not make automated decisions producing legal effects, or similarly significant effects, on customers in its capacity as controller.
AI-generated outputs delivered to customers — such as transcriptions, classifications, and summaries — are informational. The customer is responsible for any consequential decision made on the basis of those outputs.
1.6 Retention of Controller-Scope Data
| Data type | Retention period |
|---|---|
| Active customer account data | Duration of contractual relationship + 6 months |
| Billing and tax records | 7 years from invoice date (UK / EU statutory requirement) |
| Contractual records (Order Forms, signed MSAs) | 7 years from termination |
| Marketing data | 36 months from last engagement, or earlier on consent withdrawal |
| Marketing consent withdrawal records | 6 years (evidence of compliance) |
| Support and communications | 24 months from closure |
| Website analytics | 14 months |
| System and access logs | 12–24 months depending on log type |
| Job application and recruitment data | 24 months |
Aggregated and anonymised data may be retained indefinitely.
1.7 Data recipients
Antare engages third-party processors for the operation of day-to-day business activities across the following categories:
- Cloud hosting and infrastructure
- AI infrastructure
- Customer relationship management
- Analytics
- Payment processing
- Communications, productivity, identity and authentication platforms
- Recruitment agencies
Part 2 — Provisions Applying Regardless of Role
2.1 International Transfers
Antare operates from two entities — Antare Technology Limited (UK) and Antare Technology Inc. (United States). Personal data processed under this policy may be transferred between these entities and to sub-processors located in the United Kingdom, European Economic Area, United States, or other jurisdictions where our hosting and infrastructure providers operate.
Where customers elect a specific hosting region (UK, EU, or US) for Customer Footage and associated data, Antare applies that election and data remains within the elected region for the duration of the customer’s instructions.
Where personal data of UK or EEA data subjects is transferred to a jurisdiction without an adequacy decision, Antare relies on appropriate safeguards under Chapter V of the UK and EU GDPR, including the European Commission’s Standard Contractual Clauses (SCCs), the UK International Data Transfer Agreement (IDTA) or the UK Addendum to the EU SCCs, and the EU-US, UK Extension, and Swiss-US Data Privacy Frameworks where Antare or its sub-processors are certified.
Transfer Impact Assessments are conducted in line with Schrems II and equivalent UK ICO guidance, and are available to controllers under NDA.
2.2 Children’s Data
Antare does not knowingly collect personal data from children under the age of 18 in its capacity as data controller.
Where Antare Devices incidentally capture minors as footage subjects, the controller is responsible for the lawful basis for that processing and for any additional protections required under applicable law, including parental consent where applicable.
2.3 Data Subject Rights
You have the following rights in relation to your personal data:
- Access your personal data and obtain a copy
- Rectification of inaccurate or incomplete personal data
- Erasure in certain circumstances ("right to be forgotten")
- Restriction of processing in certain circumstances
- Objection to processing where Antare relies on legitimate interests
- Data portability for data you provided under contract or consent
- Withdrawal of consent at any time where consent is the lawful basis, as easily as it was given
- The right not to be subject to a decision based solely on automated processing where it produces legal or similarly significant effects on you
To exercise any of these rights as a data subject, contact Antare’s Data Protection Officer at dpo@antare.com. For footage subject requests, contact the relevant controller — Antare will forward such requests to them where appropriate.
Antare will verify the identity of the requestor before fulfilling a request. We will respond within one month of receipt, extended by a further two months for complex or numerous requests with prior notice.
You also have the right to lodge a complaint with a supervisory authority — see Section 2.6.
2.4 California and Other US State Privacy Rights
If you are a resident of California or another US state that grants comparable privacy rights — including Virginia, Colorado, Connecticut, Utah, and other states with similar laws — you have the following rights with respect to controller-scope personal information:
- The right to know what personal information we collect, use, and disclose
- Access to a copy of your personal information
- Deletion of your personal information
- Correction of inaccurate personal information
- Opt-out of the sale or sharing of personal information for cross-context behavioural advertising
- Limit the use of sensitive personal information
Antare does not sell or share personal information for cross-context behavioural advertising. We do not discriminate against individuals for exercising these rights.
To exercise these rights, contact dpo@antare.com. You may use an authorised agent — please provide written authorisation when submitting through an agent. For information specific to Customer Footage, contact the controller.
2.5 Security
Antare maintains technical and organisational security measures appropriate to the risk of the processing, including:
- Encryption in transit (TLS 1.2 or higher) and at rest (AES-256)
- Role-based access controls and multi-factor authentication
- Audit logging and integrity verification
- Regional data isolation in accordance with customer election
- Secure deletion and automated lifecycle management
- Sub-processor risk management and contractual security obligations
- Personnel security training and access reviews
Antare is in the final stages of independent security certification. ISO 27001 Stage 1 audit is complete; SOC 2 Type I report is imminent. ISO 27001 Stage 2 audit and SOC 2 Type II report are targeted for Q3 2026, ahead of general availability.
Where a personal data breach occurs in Antare’s systems, Antare will notify affected controllers without undue delay, and in any event within 72 hours of becoming aware of the breach, in accordance with the Data Processing Agreement. Where Antare is the controller and notification is required by law, Antare will notify supervisory authorities within 72 hours and data subjects directly without undue delay where required.
2.6 Complaints
If you have a concern about how Antare processes your personal data, contact the Data Protection Officer at dpo@antare.com in the first instance.
You also have the right to lodge a complaint with a supervisory authority:
- United Kingdom — Information Commissioner’s Office (ICO), Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF. Helpline: 0303 123 1113. ico.org.uk
- European Economic Area — the data protection authority of the EEA member state where you live, work, or where the alleged infringement occurred. A list is maintained at edpb.europa.eu
- Switzerland — Federal Data Protection and Information Commissioner (FDPIC) — edoeb.admin.ch
- United States — your State Attorney General, or where applicable the California Privacy Protection Agency
2.7 Cookies
Antare uses cookies and similar technologies on our website and admin console. For full information, including the categories of cookies we use and how to manage your preferences, see our Cookie Policy at antare.com — Cookie Settings.
2.8 Changes to This Policy
Antare may update this Privacy Policy from time to time. The current version and effective date are shown at the top of the policy.
Material changes will be notified to customers in advance through their account or by direct communication. Previous versions are available on request.
2.9 Contact
- Data Protection Officer — dpo@antare.com
- Antare Technology Limited (UK) — 7 Bell Yard, London, England, WC2A 2JR
- Antare Technology Inc. (US) — 1177 Avenue of the Americas, New York, NY 10036, USA