Legal
Effective date: April 15, 2026
AISafeIQ, Inc. ("AISafeIQ", "we", "our") operates the platform at aisafeiq.com. This policy explains how we collect, use, store, and protect information when you use our services. If you have questions, email privacy@aisafeiq.com.
When you create an account, we collect your name, work email address, and company name. When your employees complete training, we record their completion status, assessment results, and certificate issuance date. Payment information is processed by Stripe and never stored on our servers. We do not collect sensitive personal data such as government IDs, financial records, or health information.
We use your data to operate the platform — delivering training, generating your AI Use Policy, issuing completion certificates, and sending account-related emails via Resend. We do not sell your data to third parties. We do not use your data for advertising. We do not use your training content or employee records to train AI models.
Your data is stored in Supabase (PostgreSQL), hosted in the United States. All data is encrypted at rest and in transit (TLS 1.2+). Access to your organisation's data is controlled by row-level security policies — no AISafeIQ employee can query your employee records without a logged administrative action. Certificates are stored in Supabase Storage with access-controlled signed URLs.
AISafeIQ uses the following sub-processors: Supabase (database and storage), Stripe (payment processing), Resend (transactional email), Vercel (application hosting), and Anthropic (AI-generated policy content). Each processor is contractually bound to data protection obligations. A full sub-processor list is available on request.
Completion certificates contain a unique verification token. A public verification endpoint (/api/certificates/verify/[token]) allows third parties — such as cyber insurers or auditors — to confirm certificate authenticity. This endpoint returns only the certificate holder's name, organisation, module completed, and completion date. Email addresses are never included in public verification responses.
You may request access to, correction of, or deletion of your personal data at any time by contacting privacy@aisafeiq.com. For organisations in the European Union, you have additional rights under GDPR including the right to data portability and the right to restrict processing. We will respond to verified requests within 30 days. For EU users, our legal basis for processing is contract performance (Art. 6(1)(b) GDPR) and, where applicable, legitimate interests.
Active account data is retained for the duration of your subscription plus 12 months after cancellation. Completion certificates are retained for 7 years to support audit requirements. You may request earlier deletion where permitted by law. Stripe payment records are retained per their standard policy (7 years) for financial compliance purposes.
AISafeIQ uses only functional cookies required for authentication (session management via Supabase Auth). We do not use advertising cookies, tracking pixels, or third-party analytics that collect personal data. A market preference cookie (US/EU toggle) stores your display preference locally.
We will notify account administrators by email before making material changes to this privacy policy. The effective date at the bottom of this page reflects the most recent update. Continued use of the platform after notification constitutes acceptance of the updated policy.
For privacy questions, data requests, or to reach our data protection contact: privacy@aisafeiq.com. For general support: support@aisafeiq.com.