Privacy Policy

Effective Date: November 24, 2025  |  Last Updated: November 24, 2025

1. Introduction

AI Advisor Lab™ ("we," "our," or "us") is committed to protecting your privacy and personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website or use our services.

2. Information We Collect

2.1 Personal Information

  • Contact Information: Name, email address, company name, phone number
  • Professional Information: Job title, industry, company size, business requirements
  • Communication Data: Messages, queries, and correspondence with our team

2.2 Technical Information

  • Device Data: IP address, browser type, device information, operating system
  • Usage Data: Pages visited, time spent, click patterns, session recordings
  • Cookies: Session cookies, preference cookies (see Cookie Policy below)

3. How We Use Your Information

  • Service Delivery: Provide AI advisory services and custom team generation
  • Communication: Respond to inquiries, provide updates, and customer support
  • Improvement: Enhance our services, website functionality, and user experience
  • Legal Compliance: Meet legal obligations and protect our rights
  • Marketing: Send relevant updates and promotional materials (with consent)

4. Data Sharing and Third Parties

4.1 Service Providers

Service Provider Purpose Data Shared
AI Processing Anthropic (Claude API) AI content generation Query content, anonymized
Website Hosting AWS Website infrastructure Technical data, IP addresses
Analytics Internal systems Usage analysis Aggregated usage data
Email Services Professional email providers Communications Contact information

5. Data Retention

Data Type Retention Period Purpose
Contact Form Data 24 months Customer service, follow-up
Session Cookies Browser session only Website functionality
Analytics Cookies 2 years Usage analysis
AI Query Logs 30 days (anonymized) Service improvement
Communication Records 3 years Legal compliance, support

6. Your Rights (GDPR & CCPA)

6.1 European Union Residents (GDPR)

If you are located in the European Union, you have the following rights:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate or incomplete data
  • Erasure: Request deletion of your personal data
  • Data Portability: Receive your data in a machine-readable format
  • Object: Object to processing of your personal data
  • Restrict Processing: Limit how we use your data
  • Withdraw Consent: Withdraw consent for processing (where applicable)

6.2 California Residents (CCPA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA):

  • Right to Know: Request disclosure of personal information we collect, use, disclose, and sell
  • Right to Delete: Request deletion of personal information we have collected
  • Right to Opt-Out: Opt-out of the sale of personal information (Note: We do not sell personal information)
  • Right to Non-Discrimination: Equal service and pricing regardless of exercising privacy rights
  • Right to Correct: Request correction of inaccurate personal information
  • Right to Limit Use: Limit use and disclosure of sensitive personal information

Categories of Personal Information Collected: Contact information, professional information, internet activity, and inferences drawn from this information.

Do Not Sell My Personal Information: AI Advisor Lab does not sell, rent, or share personal information with third parties for their direct marketing purposes.

To exercise your CCPA rights, contact us at privacy@aiadvisorlab.ai or email info@aiadvisorlab.ai.

7. Cookie Policy

7.1 Essential Cookies

These cookies are necessary for the website to function and cannot be disabled:

  • Session Management: Keep you logged in and maintain preferences
  • Security: Protect against cross-site request forgery (CSRF)
  • Load Balancing: Ensure optimal performance

7.2 Analytics Cookies (Optional)

These cookies help us understand how visitors use our website:

  • Usage Tracking: Pages visited, time spent, user flows
  • Performance Monitoring: Page load times, error rates
  • Feature Usage: Which features are most popular

8. International Data Transfers

Your personal information may be transferred to and processed in countries other than your own, including the United States. We ensure compliance with GDPR Articles 44-49 through the following appropriate safeguards:

  • Standard Contractual Clauses (SCCs): We use the European Commission's approved SCCs (Decision 2021/914/EU) with all third-country processors
  • Adequacy Decisions: Where available, we rely on European Commission adequacy decisions under GDPR Article 45
  • Supplementary Measures: Additional technical and organizational measures as recommended by EDPB guidelines, including:
    • End-to-end encryption in transit and at rest
    • Pseudonymization and data minimization techniques
    • Regular assessment of third-country legal frameworks
    • Data localization where legally required
  • Transfer Impact Assessments: Regular evaluation of transfer risks and safeguard effectiveness under GDPR Article 35
  • Data Subject Rights: Full exercise of GDPR Chapter III rights regardless of processing location

Primary Transfer Destinations: United States (AWS us-east-1), with data processing agreements ensuring GDPR compliance standards.

9. Data Security

We implement comprehensive security measures to protect your information:

  • Encryption: All data transmitted using TLS 1.3 encryption
  • Access Controls: Role-based access with multi-factor authentication
  • Monitoring: 24/7 security monitoring and incident response
  • Regular Audits: Quarterly security assessments and penetration testing
  • Data Minimization: We only collect and retain necessary information

10. Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. We will notify you of any material changes by:

  • Posting a notice on our website
  • Sending an email to registered users
  • Updating the "Last Updated" date at the top of this policy

11. Contact Information

Data Protection Officer (DPO)

Name: Chad Corneil, Chief Privacy Officer

Privacy Email: privacy@aiadvisorlab.ai

General Email: info@aiadvisorlab.ai

Mailing Address:
AI Advisor Lab™
Data Protection Officer
1234 Innovation Drive, Suite 100
Seattle, WA 98101
United States

Business Hours: Monday-Friday, 9:00 AM - 5:00 PM PST

EU Representative (GDPR Article 27)

Company: European Privacy Services Ltd.

Contact Person: Maria Schmidt, GDPR Representative

Email: eu-representative@aiadvisorlab.ai

Address:
European Privacy Services Ltd.
Unter den Linden 10
10117 Berlin, Germany

General Data Protection Inquiries

General Email: info@aiadvisorlab.ai

Subject Line Required: "GDPR Data Subject Request - [Your Request Type]"

Response Time Commitment

We will respond to privacy requests within 72 hours for acknowledgment and provide complete response within 30 days as required by GDPR Article 12. Complex requests may require additional 60 days with justification provided.

Emergency Data Breach Contact

Security Email: security@aiadvisorlab.ai

General Contact: info@aiadvisorlab.ai

12. Supervisory Authority

If you are not satisfied with our response to your privacy concerns, you have the right to lodge a complaint with your local supervisory authority. For EU residents, you can find your local authority at: https://edpb.europa.eu/about-edpb/members_en

Document Version: 1.0
Legal Basis: GDPR Art. 6(1)(a) Consent, Art. 6(1)(b) Contract Performance, Art. 6(1)(f) Legitimate Interests
Last Review: November 24, 2025