Privacy Policy

1. Introduction

AI Governance Solutions LLC ("Company," "we," "us," or "our") operates the AI GRC Platform (the "Platform") and the website located at ai-governance-solutions.com (the "Site"). This Privacy Policy explains how we collect, use, disclose, and protect information about you when you use our Site, Platform, and related services (collectively, the "Services").

By accessing or using our Services, you agree to this Privacy Policy. If you do not agree, please do not use our Services. This policy applies to all users, including visitors to the Site, registered account holders, trial users, and paying subscribers.

2. Information We Collect

2.1 Information You Provide Directly

• Account registration: Name, work email address, company name, job title, and password when you create an account.
• Billing information: Payment card details and billing address, collected and processed by our payment processor (currently Stripe, Inc.). We do not store raw card numbers.
• Platform content: AI system inventory descriptions, risk assessment data, policy documents, control mappings, uploaded files, and any other content you create or upload while using the Platform.
• Communications: Messages you send us via email, contact forms, support requests, or Calendly booking.
• Survey and feedback responses: Responses to optional surveys or product feedback requests.

2.2 Information Collected Automatically

• Usage data: Pages visited, features used, session duration, clicks, and navigation patterns within the Platform.
• Device and technical data: IP address, browser type and version, operating system, device identifiers, and referring URLs.
• Log data: Server logs maintained by our hosting provider (Vercel, Inc.) capturing requests, errors, and performance data.
• Cookies and similar technologies: Session cookies for authentication, preference cookies, and analytics cookies. You may disable cookies in your browser settings, but some features may not function correctly.

2.3 Information From Third Parties

• Single sign-on (SSO): If you authenticate via a third-party identity provider (e.g., Google Workspace), we receive your name and email address from that provider.
• Payment processors: Confirmation of successful payments and subscription status from Stripe.

3. How We Use Your Information

We use the information we collect to:

• Create and manage your account, and provide access to the Services
• Process payments and manage subscriptions
• Generate AI-assisted governance recommendations, risk assessments, policy documents, and other Platform outputs
• Send transactional emails (account confirmations, billing receipts, password resets)
• Send product updates, feature announcements, and educational content (you may opt out at any time)
• Respond to support requests, inquiries, and feedback
• Analyze usage patterns to improve, maintain, and secure the Services
• Enforce our Terms of Service and prevent fraud or abuse
• Comply with legal obligations and respond to lawful requests from public authorities

4. AI Processing & Anthropic API Disclosure

5. How We Share Your Information

We do not sell your personal information. We share information only in the following circumstances:

5.1 Service Providers (Data Processors)

We share data with trusted third-party service providers who process data on our behalf:

• Vercel, Inc. — Hosting, deployment, and CDN infrastructure. Data may be processed on servers in the United States and other regions.
• Anthropic, Inc. — AI model API for generating platform outputs. See Section 4 for details.
• Stripe, Inc. — Payment processing and subscription management.
• Email service provider — Transactional and product email delivery.

Each provider is contractually bound to process data only as directed and to maintain appropriate security measures.

5.2 Legal Requirements

We may disclose your information if required by law, court order, or governmental authority, or if we believe in good faith that disclosure is necessary to protect our rights, prevent fraud, or respond to an emergency.

5.3 Business Transfers

If the Company undergoes a merger, acquisition, or sale of all or substantially all of its assets, your information may be transferred as part of that transaction. We will notify you via email or a prominent notice on the Site before your information is transferred and becomes subject to a different privacy policy.

5.4 With Your Consent

We may share your information with third parties when you have given us explicit consent to do so.

6. Data Retention

We retain your account information and platform content for the duration of your subscription and for a reasonable period afterward to allow account reactivation and to comply with legal obligations. Specifically:

• Account data: Retained for the life of your account plus 90 days after account closure, unless a longer retention period is required by law.
• Platform content (assessments, documents): Retained for the life of your subscription. Upon account deletion, content is deleted within 30 days from production systems and within 90 days from backups.
• Billing records: Retained for 7 years to comply with financial recordkeeping requirements.
• Server logs: Typically retained for 30–90 days by our hosting provider.

You may request deletion of your account and associated data at any time by contacting us at chase@ai-governance-solutions.com. Deletion requests are processed within 30 days.

7. Your Privacy Rights

7.1 All Users

• Access: Request a copy of the personal information we hold about you.
• Correction: Request correction of inaccurate or incomplete information.
• Deletion: Request deletion of your personal information, subject to legal retention requirements.
• Data portability: Request an export of your platform content in a machine-readable format.
• Opt-out of marketing: Unsubscribe from marketing communications at any time via the unsubscribe link in any email or by contacting us directly.

7.2 California Residents (CCPA / CPRA)

California residents have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), including the right to know, the right to delete, the right to correct, and the right to opt out of the "sale" or "sharing" of personal information. We do not sell or share personal information for cross-context behavioral advertising. To exercise your rights, contact us at chase@ai-governance-solutions.com. We will not discriminate against you for exercising any privacy right.

7.3 EEA, UK, and Switzerland Residents (GDPR)

If you are located in the European Economic Area, United Kingdom, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR) or equivalent legislation. Our legal basis for processing is typically: (a) contract performance (to provide the Services you requested), (b) legitimate interests (to operate and improve the Services), or (c) your consent. You have the right to lodge a complaint with your local data protection authority. To exercise your GDPR rights, contact us at chase@ai-governance-solutions.com.

To exercise any of the above rights, email us at chase@ai-governance-solutions.com with the subject line "Privacy Request." We will respond within 30 days.

8. Security

We implement commercially reasonable administrative, technical, and physical safeguards to protect your information from unauthorized access, disclosure, alteration, or destruction. These include encrypted data transmission (TLS/HTTPS), access controls, and secure hosting infrastructure provided by Vercel.

However, no method of transmission over the internet or method of electronic storage is 100% secure. We cannot guarantee absolute security. If you believe your account has been compromised, contact us immediately at chase@ai-governance-solutions.com.

9. Children's Privacy

The Services are intended for business and professional use by individuals 18 years of age or older. We do not knowingly collect personal information from children under 13. If we discover that we have inadvertently collected information from a child under 13, we will promptly delete it. If you believe we have collected information from a child, please contact us at chase@ai-governance-solutions.com.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Effective Date" at the top. For significant changes, we will also send a notification to the email address associated with your account at least 30 days before the changes take effect. Your continued use of the Services after the effective date constitutes acceptance of the revised policy.

11. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us:

To exercise a privacy right, email us at chase@ai-governance-solutions.com with the subject line "Privacy Request".