This Privacy Policy describes how CPCS Technologies Limited, trading as ICON Platforms (“we”, “us”, or “our”), collects, uses, and protects personal data in connection with our TALOS MaiND platform and TALOS Agents technology products.

We are committed to protecting your privacy and complying with applicable data protection laws, including the EU General Data Protection Regulation (GDPR) and applicable national laws.

1. Data Controller

The data controller for personal data processed through our platform is:

CPCS Technologies Limited

Trading as: ICON Platforms

58 Leoforos Kapodistriou, Nea Ionia, 15237, Athens, Greece

Email: privacy@iconplatforms.com

2. What Data We Collect

We collect the following categories of personal data:

2.1 Data You Provide Directly

Name and contact details (email address, phone number)
Company name, job title, and business description
Account credentials (email, hashed password)
Payment information (processed by Stripe — we do not store card data)
Communications you send us (support requests, contact forms)

2.2 Data Collected Automatically

IP address and browser/device information
Usage data (pages visited, features used, time on site)
AI agent conversation logs (stored per your organization's retention settings)
Analytics data via Google Analytics (anonymised)
Cookies and similar tracking technologies (see Section 8)

2.3 Data Processed Through TALOS Agents

When you deploy TALOS Agents on your platform, conversations between your end-users and AI agents may contain personal data. As the deploying organisation, you are the data controller for that end-user data; we act as a data processor on your behalf. We process such data only as instructed by you and in accordance with a Data Processing Agreement (DPA).

3. How We Use Your Data

We use personal data for the following purposes and legal bases:

Purpose	Legal Basis
Providing and operating the TALOS MaiND platform	Contract performance
Account management and authentication	Contract performance
Processing payments via Stripe	Contract performance
Customer support and communications	Contract performance / Legitimate interest
Improving our products and services	Legitimate interest
Security monitoring and fraud prevention	Legitimate interest
Compliance with legal obligations	Legal obligation
Marketing communications (opt-in only)	Consent
Analytics and usage tracking	Legitimate interest / Consent

4. AI Providers and Data Processing

TALOS MaiND and TALOS Agents use multiple AI providers to process messages. These providers act as sub-processors under our instructions. We use only providers that offer zero-training guarantees — your data is never used to train AI models.

Current AI sub-processors include:

Anthropic (Claude) — processed in the United States
OpenAI (GPT-4) — processed in the United States
Google (Gemini) — processed in the European Union or United States
Microsoft Azure OpenAI — processed in your selected Azure region
Amazon Web Services Bedrock — processed in your selected AWS region

International transfers are protected by EU Standard Contractual Clauses (SCCs) and, where applicable, adequacy decisions.

5. Data Retention

Account data: Retained for the duration of your account plus 30 days after closure.
Conversation logs: Configurable per organisation (default 90 days). You may request deletion at any time.
Billing records: Retained for 7 years as required by applicable financial regulations.
Analytics data: Anonymised after 26 months.
Support communications: Retained for 3 years.

6. Your Rights Under GDPR

If you are located in the European Economic Area (EEA), you have the following rights:

Right of access: Request a copy of the personal data we hold about you.
Right to rectification: Request correction of inaccurate or incomplete data.
Right to erasure: Request deletion of your personal data (“right to be forgotten”).
Right to restriction: Request that we restrict processing of your data.
Right to data portability: Receive your data in a structured, machine-readable format.
Right to object: Object to processing based on legitimate interests or for direct marketing.
Right to withdraw consent: Where processing is based on consent, withdraw it at any time.

To exercise any right, email us at privacy@iconplatforms.com. We will respond within 30 days. You also have the right to lodge a complaint with your local data protection authority.

7. Data Security

We implement appropriate technical and organisational measures to protect your data, including:

AES-256 encryption at rest for all stored data
TLS 1.3 encryption in transit
Role-based access controls with least-privilege principles
Multi-factor authentication for administrative access
Regular security audits and penetration testing
Incident response procedures with 72-hour breach notification to supervisory authorities

8. Cookies

We use the following types of cookies:

Strictly necessary: Session management, authentication, security. Cannot be disabled.
Functional: Remembering your preferences (theme, language). Can be disabled.
Analytics: Google Analytics (anonymised). Can be disabled.
Personalisation: TALOS engagement cookie (stores gamification points and personalisation state). Can be cleared by deleting browser cookies.

You can manage cookie preferences through your browser settings or by contacting us.

9. HIPAA Compliance

For healthcare organisations deploying TALOS Agents for processing Protected Health Information (PHI), we offer HIPAA-eligible deployment configurations. A Business Associate Agreement (BAA) is available to Enterprise customers. Contact us at compliance@iconplatforms.com to request a BAA.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email (for registered users) or by posting a notice on our website at least 30 days before the changes take effect. Continued use of our services after the effective date constitutes acceptance of the updated policy.

11. Contact Us

For any privacy-related questions or to exercise your rights:

CPCS Technologies Limited — Data Privacy

58 Leoforos Kapodistriou, Nea Ionia, 15237, Athens, Greece

Email: privacy@iconplatforms.com

We are committed to protecting your privacy and complying with applicable data protection laws, including the EU General Data Protection Regulation (GDPR) and applicable national laws.

1. Data Controller

The data controller for personal data processed through our platform is:

CPCS Technologies Limited

Trading as: ICON Platforms

58 Leoforos Kapodistriou, Nea Ionia, 15237, Athens, Greece

Email: privacy@iconplatforms.com

2. What Data We Collect

We collect the following categories of personal data:

2.1 Data You Provide Directly

Name and contact details (email address, phone number)
Company name, job title, and business description
Account credentials (email, hashed password)
Payment information (processed by Stripe — we do not store card data)
Communications you send us (support requests, contact forms)

2.2 Data Collected Automatically

IP address and browser/device information
Usage data (pages visited, features used, time on site)
AI agent conversation logs (stored per your organization's retention settings)
Analytics data via Google Analytics (anonymised)
Cookies and similar tracking technologies (see Section 8)

2.3 Data Processed Through TALOS Agents

3. How We Use Your Data

We use personal data for the following purposes and legal bases:

Purpose	Legal Basis
Providing and operating the TALOS MaiND platform	Contract performance
Account management and authentication	Contract performance
Processing payments via Stripe	Contract performance
Customer support and communications	Contract performance / Legitimate interest
Improving our products and services	Legitimate interest
Security monitoring and fraud prevention	Legitimate interest
Compliance with legal obligations	Legal obligation
Marketing communications (opt-in only)	Consent
Analytics and usage tracking	Legitimate interest / Consent

4. AI Providers and Data Processing

Current AI sub-processors include:

Anthropic (Claude) — processed in the United States
OpenAI (GPT-4) — processed in the United States
Google (Gemini) — processed in the European Union or United States
Microsoft Azure OpenAI — processed in your selected Azure region
Amazon Web Services Bedrock — processed in your selected AWS region

International transfers are protected by EU Standard Contractual Clauses (SCCs) and, where applicable, adequacy decisions.

5. Data Retention

Account data: Retained for the duration of your account plus 30 days after closure.
Conversation logs: Configurable per organisation (default 90 days). You may request deletion at any time.
Billing records: Retained for 7 years as required by applicable financial regulations.
Analytics data: Anonymised after 26 months.
Support communications: Retained for 3 years.

6. Your Rights Under GDPR

If you are located in the European Economic Area (EEA), you have the following rights:

Right of access: Request a copy of the personal data we hold about you.
Right to rectification: Request correction of inaccurate or incomplete data.
Right to erasure: Request deletion of your personal data (“right to be forgotten”).
Right to restriction: Request that we restrict processing of your data.
Right to data portability: Receive your data in a structured, machine-readable format.
Right to object: Object to processing based on legitimate interests or for direct marketing.
Right to withdraw consent: Where processing is based on consent, withdraw it at any time.

To exercise any right, email us at privacy@iconplatforms.com. We will respond within 30 days. You also have the right to lodge a complaint with your local data protection authority.

7. Data Security

We implement appropriate technical and organisational measures to protect your data, including:

AES-256 encryption at rest for all stored data
TLS 1.3 encryption in transit
Role-based access controls with least-privilege principles
Multi-factor authentication for administrative access
Regular security audits and penetration testing
Incident response procedures with 72-hour breach notification to supervisory authorities

8. Cookies

We use the following types of cookies:

Strictly necessary: Session management, authentication, security. Cannot be disabled.
Functional: Remembering your preferences (theme, language). Can be disabled.
Analytics: Google Analytics (anonymised). Can be disabled.
Personalisation: TALOS engagement cookie (stores gamification points and personalisation state). Can be cleared by deleting browser cookies.

You can manage cookie preferences through your browser settings or by contacting us.

9. HIPAA Compliance

10. Changes to This Policy

11. Contact Us

For any privacy-related questions or to exercise your rights:

CPCS Technologies Limited — Data Privacy

58 Leoforos Kapodistriou, Nea Ionia, 15237, Athens, Greece

Email: privacy@iconplatforms.com