Privacy Policy

Effective Date: November 24, 2025
Last Updated: November 24, 2025

1. Introduction

AI Advisor Lab™ ("we," "our," or "us") is committed to protecting your privacy and personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website or use our services.

2. Information We Collect

2.1 Personal Information

Contact Information: Name, email address, company name, phone number
Professional Information: Job title, industry, company size, business requirements
Communication Data: Messages, queries, and correspondence with our team

2.2 Technical Information

Device Data: IP address, browser type, device information, operating system
Usage Data: Pages visited, time spent, click patterns, session recordings
Cookies: Session cookies, preference cookies (see Cookie Policy below)

3. How We Use Your Information

Service Delivery: Provide AI advisory services and custom team generation
Communication: Respond to inquiries, provide updates, and customer support
Improvement: Enhance our services, website functionality, and user experience
Legal Compliance: Meet legal obligations and protect our rights
Marketing: Send relevant updates and promotional materials (with consent)

4. Data Sharing and Third Parties

4.1 Service Providers

Service	Provider	Purpose	Data Shared
AI Processing	Anthropic (Claude API)	AI content generation	Query content, anonymized
Website Hosting	AWS	Website infrastructure	Technical data, IP addresses
Analytics	Internal systems	Usage analysis	Aggregated usage data
Email Services	Professional email providers	Communications	Contact information

5. Data Retention

Data Type	Retention Period	Purpose
Contact Form Data	24 months	Customer service, follow-up
Session Cookies	Browser session only	Website functionality
Analytics Cookies	2 years	Usage analysis
AI Query Logs	30 days (anonymized)	Service improvement
Communication Records	3 years	Legal compliance, support

6. Your Rights (GDPR & CCPA)

6.1 European Union Residents (GDPR)

If you are located in the European Union, you have the following rights:

Access: Request a copy of your personal data
Rectification: Correct inaccurate or incomplete data
Erasure: Request deletion of your personal data
Data Portability: Receive your data in a machine-readable format
Object: Object to processing of your personal data
Restrict Processing: Limit how we use your data
Withdraw Consent: Withdraw consent for processing (where applicable)

6.2 California Residents (CCPA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA):

Right to Know: Request disclosure of personal information we collect, use, disclose, and sell
Right to Delete: Request deletion of personal information we have collected
Right to Opt-Out: Opt-out of the sale of personal information (Note: We do not sell personal information)
Right to Non-Discrimination: Equal service and pricing regardless of exercising privacy rights
Right to Correct: Request correction of inaccurate personal information
Right to Limit Use: Limit use and disclosure of sensitive personal information

Categories of Personal Information Collected: Contact information, professional information, internet activity, and inferences drawn from this information.

Do Not Sell My Personal Information: AI Advisor Lab does not sell, rent, or share personal information with third parties for their direct marketing purposes.

To exercise your CCPA rights, contact us at privacy@aiadvisorlab.ai or email info@aiadvisorlab.ai.

7. Cookie Policy

7.1 Essential Cookies

These cookies are necessary for the website to function and cannot be disabled:

Session Management: Keep you logged in and maintain preferences
Security: Protect against cross-site request forgery (CSRF)
Load Balancing: Ensure optimal performance

7.2 Analytics Cookies (Optional)

These cookies help us understand how visitors use our website:

Usage Tracking: Pages visited, time spent, user flows
Performance Monitoring: Page load times, error rates
Feature Usage: Which features are most popular

8. International Data Transfers

Your personal information may be transferred to and processed in countries other than your own, including the United States. We ensure compliance with GDPR Articles 44-49 through the following appropriate safeguards:

Standard Contractual Clauses (SCCs): We use the European Commission's approved SCCs (Decision 2021/914/EU) with all third-country processors
Adequacy Decisions: Where available, we rely on European Commission adequacy decisions under GDPR Article 45
Supplementary Measures: Additional technical and organizational measures as recommended by EDPB guidelines, including:
- End-to-end encryption in transit and at rest
- Pseudonymization and data minimization techniques
- Regular assessment of third-country legal frameworks
- Data localization where legally required
Transfer Impact Assessments: Regular evaluation of transfer risks and safeguard effectiveness under GDPR Article 35
Data Subject Rights: Full exercise of GDPR Chapter III rights regardless of processing location

Primary Transfer Destinations: United States (AWS us-east-1), with data processing agreements ensuring GDPR compliance standards.

9. Data Security

We implement comprehensive security measures to protect your information:

Encryption: All data transmitted using TLS 1.3 encryption
Access Controls: Role-based access with multi-factor authentication
Monitoring: 24/7 security monitoring and incident response
Regular Audits: Quarterly security assessments and penetration testing
Data Minimization: We only collect and retain necessary information

10. Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. We will notify you of any material changes by:

Posting a notice on our website
Sending an email to registered users
Updating the "Last Updated" date at the top of this policy

11. Contact Information

Data Protection Officer (DPO)

Name: Chad Corneil, Chief Privacy Officer

Privacy Email: privacy@aiadvisorlab.ai

General Email: info@aiadvisorlab.ai

Mailing Address:
AI Advisor Lab™
Data Protection Officer
1234 Innovation Drive, Suite 100
Seattle, WA 98101
United States

Business Hours: Monday-Friday, 9:00 AM - 5:00 PM PST

EU Representative (GDPR Article 27)

Company: European Privacy Services Ltd.

Contact Person: Maria Schmidt, GDPR Representative

Email: eu-representative@aiadvisorlab.ai

Address:
European Privacy Services Ltd.
Unter den Linden 10
10117 Berlin, Germany

General Data Protection Inquiries

General Email: info@aiadvisorlab.ai

Subject Line Required: "GDPR Data Subject Request - [Your Request Type]"

Response Time Commitment

We will respond to privacy requests within 72 hours for acknowledgment and provide complete response within 30 days as required by GDPR Article 12. Complex requests may require additional 60 days with justification provided.

Emergency Data Breach Contact

Security Email: security@aiadvisorlab.ai

General Contact: info@aiadvisorlab.ai

12. Supervisory Authority

If you are not satisfied with our response to your privacy concerns, you have the right to lodge a complaint with your local supervisory authority. For EU residents, you can find your local authority at: https://edpb.europa.eu/about-edpb/members_en

Document Version: 1.0
Legal Basis: GDPR Art. 6(1)(a) Consent, Art. 6(1)(b) Contract Performance, Art. 6(1)(f) Legitimate Interests
Last Review: November 24, 2025