Legal

Privacy Policy

Last updated: June 7, 2026

This Privacy Policy explains how BMI Studios LLC (“BMI Studios,” “we,” “us”), operator of Archon Agents (“Archon”), collects, uses, discloses, and protects personal information when you visit archonagents.ai, contact us, request a consultation, or use the Archon platform (the “Services”). It also describes the rights you may have under laws including the EU/UK GDPR and the California Consumer Privacy Act as amended by the CPRA (“CCPA”). By using our website or Services, you agree to this Policy.

Information we collect

We collect the following categories of personal information:

  • Identifiers and contact data — name, work email, phone number, company, and details you submit through our contact and consultation forms.
  • Professional information — role, company size, and information about the work or systems you ask us to support.
  • Account and billing data — credentials, plan, and payment information processed by our payment provider (we do not store full card numbers).
  • Client operational data — the data, content, and credentials you connect to your workflows so agents can operate on your behalf.
  • Technical and usage data — IP address, device and browser information, pages viewed, and similar analytics collected automatically through cookies and similar technologies.

Sensitive personal information

We do not request sensitive personal information (such as government IDs, financial account credentials, or health data) to provide our marketing site or to scope an engagement. Where sensitive data is processed as part of a client workflow, it is handled under your service agreement and our Data Processing Addendum, used only as needed to provide the Services, and never sold or used to infer characteristics about you.

How we use information

We use personal information to respond to inquiries; provide, operate, and secure the Services; configure and run the agent workflows you authorize; process billing; provide support; improve our products; prevent fraud and abuse; comply with legal obligations; and send service or marketing communications you have opted into. You can unsubscribe from marketing at any time.

Cookies and tracking technologies

We use strictly necessary cookies to operate the site and, with your consent where required, analytics and preference cookies to understand usage and improve the experience. You can control cookies through your browser settings and any cookie banner we present. Where applicable, we honor Global Privacy Control (GPC) signals as a request to opt out of “sale”/“sharing.”

Analytics

We use privacy-conscious analytics (for example, Google Analytics 4) to measure traffic and improve our content. These providers process limited technical data as our service providers under contract. We do not use this data to build advertising profiles of you.

Client data and AI models

Client operational data processed through Archon is treated as confidential. We do not sell client data, and we do not use client content to train third-party foundation models. Model routing, retention, and human-in-the-loop approval for consequential actions are governed by your service agreement and our DPA. Where automated processing is used, a human can review, adjust, or reject consequential outbound actions before they execute.

How we share information

We share information with service providers and subprocessors that help us operate (for example, cloud hosting, model providers configured for your account, analytics, payment processing, and communications), under contracts requiring appropriate safeguards. We may disclose information to comply with law, enforce our agreements, or protect the rights, safety, and property of BMI Studios, our clients, or others. In a merger, acquisition, or asset sale, information may transfer as part of that transaction. We do not sell your personal information and do not “share” it for cross-context behavioral advertising. A current list of subprocessors is available on request.

Legal bases for processing (EEA/UK)

Where the GDPR applies, we process personal data on the bases of: performance of a contract (to provide the Services); legitimate interests (to operate, secure, and improve our business); consent (for certain marketing and cookies); and compliance with legal obligations.

Data retention

We retain personal information for as long as needed to provide the Services, comply with legal obligations, resolve disputes, and enforce agreements. Retention for client operational data is defined in your service agreement; after termination we delete or return it as described in our DPA.

Security

We maintain administrative, technical, and physical safeguards designed to protect personal information, including access controls, encryption in transit, least-privilege practices, logging, and human approval for consequential actions. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

Your privacy rights

Depending on your location, you may have the right to access, correct, delete, or port your personal information; to object to or restrict certain processing; and to withdraw consent. To exercise these rights, contact us at the address below. We will verify and respond consistent with applicable law, and you may appeal a decision by replying to our response.

Your California privacy rights (CCPA/CPRA)

California residents have the right to know the categories and specific pieces of personal information we collect, the right to delete, the right to correct, and the right to opt out of the “sale” or “sharing” of personal information and to limit the use of sensitive personal information. We do not sell or share personal information as those terms are defined under the CCPA. We will not discriminate against you for exercising your rights. You may use an authorized agent to submit requests. Under California’s “Shine the Light” law, you may request information about disclosures to third parties for their direct marketing — we do not make such disclosures.

International data transfers

We are based in the United States. If you access the Services from outside the U.S., your information may be transferred to and processed in the United States and other jurisdictions. Where required, we rely on appropriate safeguards such as the EU/UK Standard Contractual Clauses for cross-border transfers.

Children

Our Services are intended for business use and are not directed to children under 16. We do not knowingly collect personal information from children.

Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be reflected by the “Last updated” date above, and where appropriate we will provide additional notice.

Contact

Questions or privacy requests can be sent to archon@bmistudios.com, or by mail to BMI Studios, 6543 Las Vegas Blvd, STE 200, Las Vegas, NV 89119. See also our Terms of Service, Data Processing Addendum, Subprocessors, and Trust & Security.