Privacy Policy

aisecurity.llc ("we," "our," or "us") is an AI security engineering research and advisory firm. We operate the aisecurity.llc website, research materials, AIPSA assessment-domain materials, security labs, and related tools and services (collectively, the "Services").

For questions about this Privacy Policy, contact us at privacy@aisecurity.llc.

2.1 Information You Provide Directly

• Contact form submissions (name, email, message)
• Newsletter or waitlist signups (email address)
• Consulting inquiry details (company, role, scope)
• AIPSA enrollment or assessment submissions
• Survey responses and research participation
• Account registration details if you create a services account

2.2 Information Collected Automatically

• Page views, referrer URLs, and session duration (via privacy-respecting analytics)
• IP address and approximate geolocation (country/region level)
• Browser type, device type, and operating system
• Cookies and similar technologies (see Section 6 and our Cookie Policy)

2.3 Information from Third Parties

• OAuth identity providers if you sign in with a third-party account
• Professional context you authorize us to receive via integrations

2.4 Sensitive Information

We do not intentionally collect sensitive personal information (health data, financial account numbers, government IDs, or biometric data). Do not submit such information through our general contact forms.

We use personal information for the following purposes:

• Providing, operating, and improving our site and services
• Responding to inquiries, support requests, and consulting engagements
• Sending transactional communications (e.g., research releases, event confirmations)
• Sending marketing communications where you have opted in or where permitted by law
• Analyzing usage patterns to improve research quality and site experience
• Fulfilling AIPSA assessment, evidence, and credentialing activities
• Detecting, preventing, and investigating fraud, abuse, or security incidents
• Complying with legal obligations and enforcing our terms

We do not use personal information to make fully automated decisions that significantly affect your legal rights without human review.

We use AI tools (including Anthropic Claude and other large language model providers) to assist with research analysis, content drafting, and service operations. The following commitments apply:

• No training on your data: We do not authorize AI providers to use content submitted to us to train their models. Our agreements with AI providers include data processing protections appropriate for business use.
• Human review: AI-assisted outputs used in client deliverables, assessments, or published research are reviewed by qualified human analysts before use.
• No autonomous high-stakes decisions: AI does not make autonomous legal conclusions, security certification decisions, or employment determinations.
• Prompt hygiene: We implement data minimization practices to avoid submitting unnecessary personal information to AI providers.

See our AI Usage Policy and Customer Data & Model Training page for more detail.

We do not sell personal information. We share information only as follows:

5.1 Service Providers (Subprocessors)

We engage third-party providers to operate our infrastructure, analytics, and communications. All providers are contractually bound to process data only for the purposes we specify and to implement appropriate security measures. See our Subprocessors list.

5.2 Legal Requirements

We may disclose information when required by law, regulation, court order, or other valid legal process, or when necessary to protect the rights, property, or safety of aisecurity.llc, our users, or others.

5.3 Business Transfers

If aisecurity.llc undergoes a merger, acquisition, or asset sale, personal information may be transferred. We will provide notice before any transfer and your rights under this Policy will continue to apply.

5.4 With Your Consent

We may share information for any other purpose with your explicit consent.

We use cookies and similar technologies to operate our site and services, remember preferences, and analyze usage. We use privacy-respecting analytics that do not require personal identification. You can manage cookies through your browser settings or our cookie preference center. See our Cookie Policy for full details.

We retain personal information for as long as necessary to:

• Provide the services you have requested
• Maintain records required by law or contract
• Resolve disputes and enforce our agreements

Contact form and newsletter data is retained until you unsubscribe or request deletion. Consulting engagement records are retained for up to 7 years to support legal and financial obligations. Service account data is retained while your account is active and for 90 days following deletion.

We implement technical and organizational security measures appropriate to the nature of the data we process. These include encryption of data in transit (TLS), access controls, multi-factor authentication for administrative accounts, and regular security reviews. No method of transmission over the internet is completely secure; we cannot guarantee absolute security.

To report a security vulnerability, see our Vulnerability Disclosure Policy.

aisecurity.llc is based in the United States. When you interact with our site or services from outside the US, your information may be transferred to and processed in the US. We use contractual safeguards and rely on providers that maintain appropriate data transfer mechanisms (including Standard Contractual Clauses where applicable) for international data transfers.

For users in the European Economic Area, UK, or Switzerland, we rely on the following legal bases for cross-border transfers: standard contractual clauses, adequacy decisions, or your explicit consent.

Depending on your location, you may have the following rights regarding your personal information:

• Access: Request a copy of the personal information we hold about you.
• Correction: Request correction of inaccurate or incomplete data.
• Deletion: Request deletion of your personal information, subject to legal obligations.
• Restriction: Request that we limit processing of your data in certain circumstances.
• Portability: Receive your data in a structured, machine-readable format.
• Objection: Object to processing based on legitimate interests or for direct marketing.
• Withdraw consent: Withdraw consent at any time where processing is consent-based.

To exercise your rights, email privacy@aisecurity.llc with your request and sufficient information to verify your identity. We will respond within 30 days (or as required by applicable law).

California residents may have additional rights under CCPA/CPRA. EEA and UK residents may lodge complaints with their local data protection authority.

Our services are not directed at children under 16. We do not knowingly collect personal information from children. If you believe we have inadvertently collected such information, contact us at privacy@aisecurity.llc and we will promptly delete it.

We may update this Privacy Policy from time to time. When we make material changes, we will update the effective date at the top and provide notice through our site or by email. Continued use of our site or services after the updated Policy takes effect constitutes acceptance of the new terms.

For questions about this Privacy Policy or our data practices:

• Email: privacy@aisecurity.llc
• General: hello@aisecurity.llc
• Website: aisecurity.llc
• Location: Los Angeles, CA · San Francisco, CA · London, UK · Athens, GR