Privacy Policy

AIFortess ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AIFortess Assessor platform and consulting services.

1. Information We Collect

1.1 Information You Provide Directly

When you register for our services, we collect:

• Account Information: Name, email address, company name, job title, phone number
• Billing Information: Payment card details, billing address (processed securely through third-party payment processors)
• Profile Information: Optional profile photo, preferences, settings
• Communication Data: Messages, support tickets, feedback, survey responses

1.2 Platform Usage Data

When you use the AIFortess Assessor platform:

• AI Systems Data: Information about AI tools, models, and systems you track
• Assessment Data: ISO 42001 control responses, risk assessments, compliance status
• Documents: Policies, evidence files, reports you upload or generate
• Usage Analytics: Features used, time spent, actions performed within the platform

1.3 Automatically Collected Information

• Device Information: IP address, browser type, operating system, device identifiers
• Log Data: Access times, pages viewed, links clicked, errors encountered
• Cookies: Session cookies, preference cookies, analytics cookies (see Section 8)
• Location Data: General location based on IP address (not precise geolocation)

1.4 Consulting Services Data

• Engagement Information: Project scope, deliverables, communications
• Technical Data: Systems architecture, security configurations (with your permission)
• Assessment Results: Audit findings, gap analyses, recommendations

2. How We Use Your Information

2.1 To Provide Services

• Create and manage your account
• Deliver the AIFortess Assessor platform features
• Perform consulting services as outlined in SOWs
• Process payments and manage subscriptions
• Generate compliance reports and assessments
• Provide customer support and respond to inquiries

2.2 To Improve Our Services

• Analyze usage patterns to enhance platform functionality
• Develop new features based on user needs
• Conduct research and analytics to improve service quality
• Test and troubleshoot technical issues
• Monitor and prevent fraud or unauthorized access

2.3 To Communicate With You

• Send service announcements and updates
• Provide security alerts and technical notices
• Respond to your requests and support tickets
• Send marketing communications (with your consent - you can opt out)
• Request feedback and conduct surveys

2.4 For Legal and Security Purposes

• Comply with legal obligations and regulatory requirements
• Enforce our Terms and Conditions
• Protect against fraud, abuse, and security threats
• Respond to law enforcement requests
• Defend our legal rights and interests

3. How We Share Your Information

3.1 We Do NOT Sell Your Data

We do not sell, rent, or trade your personal information to third parties for their marketing purposes.

3.2 Service Providers

We share data with trusted third-party service providers who help us operate our business:

• Cloud Hosting: AWS, Google Cloud (data storage and infrastructure)
• Payment Processing: Stripe, PayPal (billing and payments)
• Analytics: Google Analytics, Mixpanel (usage analytics)
• Customer Support: Zendesk, Intercom (support ticketing)
• Email Services: SendGrid, Mailchimp (transactional and marketing emails)

All service providers are contractually obligated to protect your data and use it only for specified purposes.

3.3 Business Transfers

If we are involved in a merger, acquisition, or sale of assets, your information may be transferred. We will notify you before your data is transferred and becomes subject to a different privacy policy.

3.4 Legal Requirements

We may disclose your information when required by law or to:

• Comply with legal processes (subpoenas, court orders)
• Respond to government or regulatory requests
• Protect our rights, property, or safety
• Prevent fraud or illegal activities
• Enforce our Terms and Conditions

3.5 With Your Consent

We may share your information with third parties when you explicitly consent or direct us to do so.

4. Data Security

4.1 Security Measures

We implement enterprise-grade security controls to protect your data:

• Encryption: TLS/SSL encryption for data in transit, AES-256 encryption for data at rest
• Access Controls: Role-based access, multi-factor authentication, principle of least privilege
• Network Security: Firewalls, intrusion detection, DDoS protection
• Infrastructure: SOC2 Type II certified data centers with 24/7 monitoring
• Application Security: Regular security audits, penetration testing, vulnerability scanning
• Data Backup: Automated backups with encryption and geographic redundancy

4.2 Security Certifications

We maintain industry-standard security certifications and compliance:

• ISO/IEC 27001 (Information Security Management)
• SOC2 Type II (Security, Availability, Confidentiality)
• GDPR compliance (for EU customers)

4.3 Incident Response

In the event of a data breach affecting your personal information:

• We will notify you within 72 hours of discovery
• We will provide details about the breach and our response
• We will take immediate steps to mitigate harm
• We will notify relevant authorities as required by law

5. Data Retention

5.1 Active Accounts

• Account data is retained while your subscription is active
• Usage data and analytics retained for up to 24 months
• Billing records retained for 7 years (tax and legal compliance)

5.2 After Account Termination

• 30 Days: Active data available for export and recovery
• 60 Days: Archived data (accessible upon request)
• 90 Days: Permanent deletion of personal and platform data
• Exceptions: Data retained longer when required by law or for legal defense

5.3 Consulting Services Data

• Project data retained for duration of engagement plus 1 year
• Deliverables and reports retained for 3 years
• You may request deletion after project completion

6. Your Privacy Rights

6.1 Access and Portability

• Access: Request a copy of your personal data
• Portability: Export your data in standard formats (CSV, JSON, PDF)
• How: Settings → Privacy → Download My Data

6.2 Correction and Updates

• Update your account information at any time
• Navigate to Settings → Profile to edit your details
• Contact support for help updating information

6.3 Deletion (Right to be Forgotten)

• Request deletion of your account and personal data
• Email rohit@aifortess.com with subject "Data Deletion Request"
• We'll process within 30 days
• Some data may be retained for legal compliance

6.4 Opt-Out Rights

• Marketing Emails: Unsubscribe link in every email
• Analytics Cookies: Adjust browser settings or use opt-out tools
• Data Sharing: Contact us to opt out of specific data sharing practices

6.5 Additional Rights (GDPR - EU Residents)

If you are in the European Economic Area, you have additional rights:

• Restriction: Request limitation of data processing
• Objection: Object to processing based on legitimate interests
• Automated Decisions: Opt out of automated decision-making
• Complaint: Lodge a complaint with your local data protection authority

6.6 CCPA Rights (California Residents)

• Know what personal information is collected
• Know whether personal information is sold or disclosed
• Opt out of the sale of personal information (we do not sell data)
• Request deletion of personal information
• Non-discrimination for exercising privacy rights

7. International Data Transfers

7.1 Data Location

• Primary data centers located in [Specify Region - e.g., US, EU]
• Backup data stored in geographically distributed locations
• Data may be transferred internationally for service delivery

7.2 Transfer Safeguards

When data is transferred outside your region:

• We use Standard Contractual Clauses (SCCs) approved by the EU Commission
• We ensure adequate data protection measures are in place
• We comply with applicable cross-border data transfer laws

8. Cookies and Tracking Technologies

8.1 Types of Cookies We Use

• Essential Cookies: Required for platform functionality (cannot be disabled)
• Performance Cookies: Collect anonymous usage data to improve our services
• Functional Cookies: Remember your preferences and settings
• Analytics Cookies: Help us understand how you use the platform (Google Analytics)

8.2 Cookie Management

• Adjust cookie preferences in Settings → Privacy → Cookies
• Most browsers allow you to block or delete cookies
• Disabling cookies may limit platform functionality

8.3 Do Not Track

We honor Do Not Track (DNT) browser signals where technically feasible.

9. Third-Party Links and Services

• Our platform may contain links to third-party websites
• We are not responsible for third-party privacy practices
• Review privacy policies of external sites before providing information
• Third-party integrations are governed by their own terms and privacy policies

10. Children's Privacy

• Our Services are not intended for individuals under 18 years of age
• We do not knowingly collect data from minors
• If you believe we have collected data from a minor, contact us immediately
• We will promptly delete such information upon verification

11. Changes to This Privacy Policy

• We may update this Privacy Policy from time to time
• Material changes will be communicated via email
• Continued use after changes constitutes acceptance
• Previous versions available upon request
• Last updated date displayed at the top of this policy

12. Contact Us

For privacy-related questions, concerns, or to exercise your rights:

• Email: rohit@aifortess.com
• Subject: "Privacy Request - [Your Name]"
• Phone: +91-9816670056
• Address: Chandigarh, India
• Response Time: We respond to privacy requests within 30 days

13. Data Protection Officer

For GDPR-related inquiries, you may contact our Data Protection Officer:

• Email: rohit@aifortess.com
• Subject: "GDPR / Data Protection Inquiry"

14. Commitment to Privacy

At AIFortess, we recognize that privacy is a fundamental right. We are committed to:

• Transparency in our data practices
• Giving you control over your personal information
• Implementing strong security measures
• Complying with applicable privacy laws and regulations
• Continuously improving our privacy practices