Privacy Policy

AI Confidence ("we", "us", or "our") is operated by Neonframe Inc. This Privacy Policy explains how we collect, use, store, and protect information when you use the AI Confidence privacy checker at aiconfidence.io (the "Service"). By using the Service, you agree to the practices described here.

This Service is informational in nature — it does not require account creation or login. We take a minimal-data approach and collect only what is necessary to deliver the Service and improve it over time.

• To deliver and personalise the AI privacy risk report
• To send occasional email updates about AI vendor policy changes and new features (email subscribers only)
• To improve risk-scoring accuracy based on aggregated, anonymised assessment response data
• To monitor for abuse, ensure security, and maintain service reliability

We will never sell, rent, or trade your personal information to third parties for marketing purposes.

Data is stored on Supabase (a Postgres-based cloud database hosted on AWS). Supabase is SOC 2 Type II certified and encrypts data at rest and in transit using TLS 1.2+. Access to raw data is restricted to authorised Neonframe Inc. personnel only.

While we implement industry-standard safeguards, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security.

Email subscriber records are retained until you request deletion. Assessment submission data is retained in anonymised, aggregated form for up to 24 months to support service improvements. Server log data is retained for a maximum of 30 days.

Depending on your jurisdiction, you may have the right to:

• Access: Request a copy of the personal data we hold about you
• Correction: Ask us to correct inaccurate personal data
• Deletion: Request that we delete your personal data
• Portability: Receive your data in a structured, machine-readable format
• Objection / opt-out: Unsubscribe from emails at any time using the unsubscribe link in any email we send

To exercise any of these rights, email us at [email protected]. We will respond within 30 days.

If you are located in the European Union or United Kingdom, your data is processed on the legal basis of consent (Article 6(1)(a) GDPR) for email subscriptions, and legitimate interests (Article 6(1)(f) GDPR) for anonymised service improvement analytics. You may withdraw consent at any time.

California residents have the right to know what personal information is collected, to opt out of the sale of personal information (we do not sell personal information), and to request deletion. To exercise these rights, contact us at [email protected].

We use Supabase for database hosting. Supabase's privacy policy is available at supabase.com/privacy. We do not use third-party advertising networks, analytics platforms with persistent user tracking, or social media tracking pixels.

The Service is not directed at children under the age of 16. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will delete it promptly.

We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date at the top of this page. Material changes will be communicated to email subscribers. Continued use of the Service after any changes constitutes acceptance of the updated policy.

If you have questions or concerns about this Privacy Policy, please contact: