The AI Policy & Trust Center (AIPTC) is a public‑interest project operated by the nonprofit Cybersecurity Reach Foundation ("CRF," "we," "our," or "us"). Our mission is to help organizations publish clear, public disclosures about their use of artificial intelligence.
This notice explains what limited personal data we collect when you:
- visit aiptc.org (or related landing pages)
- contact us via web forms, email, or social channels
- download AIPTC resources (e.g., policy templates)
We do not run user accounts, mobile apps, or payment systems. We do not embed third‑party advertising or analytics cookies.
| Category | Typical data | Purpose | Legal basis* |
|---|---|---|---|
| Contact details | Name, email, organization | Respond to your inquiry or send the resource you requested | Consent |
| Voluntary organization info | AI tools, data practices, safeguards you choose to share in a demo request | Prepare your draft transparency page or sample policy | Consent |
| Basic server logs | IP address, browser type, date/time | Detect abuse, ensure site reliability | Legitimate interest |
*Legal basis refers to GDPR Article 6 grounds for processing personal data.
We use the information we collect to:
- Respond to inquiries: Answer questions about AI policies and transparency practices
- Provide resources: Send policy templates, guides, and educational materials
- Generate custom content: Create draft policies and transparency pages based on your input
- Improve our services: Understand common needs and enhance our tools
- Maintain security: Protect against abuse and ensure reliable service
We do not sell, rent, or share your personal information with third parties for marketing purposes.
We may share your information only in these limited circumstances:
- Service providers: Trusted partners who help us operate our services (e.g., email delivery, hosting)
- Legal requirements: When required by law, court order, or to protect our rights
- Public transparency pages: Only information you explicitly choose to make public
- Aggregated data: Anonymous, statistical information that cannot identify individuals
All service providers are contractually bound to protect your data and use it only for specified purposes.
Retention periods:
- Contact inquiries: 2 years from last contact
- Policy generation data: 1 year from creation
- Server logs: 90 days
- Email communications: 3 years or until you unsubscribe
We automatically delete data when retention periods expire. You can request earlier deletion by contacting us at any time.
You have the following rights regarding your personal data:
Access & Portability
- • Request a copy of your data
- • Export data in common formats
- • Know what data we have about you
Control & Correction
- • Update incorrect information
- • Delete your data
- • Withdraw consent
To exercise these rights, contact us at privacy@aiptc.org. We'll respond within 30 days.
We protect your data using industry-standard security measures:
Encryption
Data encrypted in transit and at rest
Access Control
Limited access on need-to-know basis
Our services are hosted in the United States. If you're located outside the US, your data will be transferred to and processed in the United States, which may have different data protection laws than your country.
For users in the European Union, we ensure adequate protection through:
- Standard Contractual Clauses with our service providers
- Adherence to GDPR principles and requirements
- Regular security and compliance audits
Our services are not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13, we will take steps to delete such information promptly.
We may update this privacy policy from time to time. When we make changes, we will:
- Update the "Last updated" date at the top of this page
- Notify you via email if you've provided your email address
- Post a notice on our website for significant changes
Your continued use of our services after changes become effective constitutes acceptance of the updated policy.
If you have questions about this privacy policy or our data practices, please contact us: