Privacy policy

v0.1.0 · Effective May 29, 2026 · Revision history

Who we are

aiposture.org is operated by PAICE.work PBC, a US public benefit corporation. The AI Posture framework and pre-assessment are stewarded by PAICE.work PBC under a planned transition to an independent steward (PAICE Foundation). Contact for privacy matters: [email protected].

Scope

This policy covers aiposture.org and the pre-assessment at aiposture.org/assess/. It does not cover third-party sites we link to (for example, the vector reference products: PAICE.work, Siteline, EveryAILaw, or the PAICE newsletter on Substack).

What we collect

Pre-assessment answers

While you are taking the pre-assessment, your in-progress answers are stored in sessionStorage in your browser. This is not a cookie. It is local to the browser tab, cleared when the tab closes, and never transmitted to us by the assessment itself. No server-side record of your answers is written during the flow.

Current status. Newsletter signup and on-request email delivery of the JSON estimate artifact are live. Native PDF email delivery is not yet shipped — the browser print-to-PDF path on the result screen is the current way to obtain a PDF. When PDF email delivery ships, this notice will be updated.

Privacy-respecting analytics

We use PostHog in cookie-less mode. Only the following event types may be recorded:

$pageview (records the page path and referrer, never an identity or cross-session link)
assessment_started
question_answered (records the question identifier only, never your answer)
assessment_completed (records per-vector levels and the aggregate estimate, not individual answers)
email_captured (records that a newsletter email was submitted, not the address)
delivery_requested (records that an artifact delivery was requested, not the address or the artifact)
pdf_requested
handoff_clicked (records the destination URL, not who clicked)

PostHog persistence is set to memory only. Identifiers are session-scoped. We do not stitch sessions across visits. Autocapture, session recording, heatmaps, and rage-click detection are disabled.

Completed-assessment record

If you request email delivery of your estimate, we store a per-run record under a random opaque identifier (the “run ID”). The record contains: timestamp, the JSON artifact (aggregate posture, per-vector levels and posteriors, scope label if you set one, generated-at timestamp), and the delivered-at timestamp. The record does not contain your name, organization, IP address, or any other direct identifier.

Retention is three years. You may request deletion of a specific record by emailing [email protected] with the run ID included in your delivery email.

Email delivery

If you request the JSON artifact by email from the result screen, we use your address solely to deliver the artifact. Your email address is stored on the assessment record only until the email is sent successfully, after which it is removed; the stored record then carries no direct identifier. If delivery fails, the partial record is removed entirely. We do not retain your email address for marketing or re-use after delivery.

Newsletter signup

If you subscribe to AI Posture updates from the landing page, your email address is stored in our database (Cloudflare D1) to send you those updates. We use double opt-in: you must click a confirmation link before subscription becomes active.

We use Resend as a processor to deliver subscription emails. Resend processes only the email address and message contents we send, under their privacy policy. We do not share your email with any other party.

Subscription data retained: email address, subscription timestamp, confirmation timestamp, and the source of subscription (for example, the landing page). No other personal data is collected at signup.

To unsubscribe or request deletion of your subscription record, email [email protected] from the subscribed address. We will remove the record within 30 days.

The PAICE newsletter on Substack is a separate platform with its own privacy policy; subscribing there is independent of the AI Posture newsletter described above.

What we do not collect

No cookies of any kind.
No cross-session user identifiers. No fingerprinting.
No third-party advertising or retargeting tags.
No session recording or replay.
No autocapture of clicks, form inputs, or keystrokes.
No IP-based user tracking. PostHog may log IP at ingest for fraud filtering, but we do not use it for identification.

How we use data

To run the pre-assessment in your browser (sessionStorage only).
To deliver artifacts you request by email.
To publish aggregate statistics (level distributions, constraining-vector frequencies, trajectory shapes) without attribution to any individual record.
To improve the question bank and likelihood tables. Recalibration is described in the published specification.

We do not sell data. We do not share data with third parties for their own use. Aggregate statistics may be published openly.

Legal bases

Where applicable (for example, under GDPR), our legal bases are:

Legitimate interest, for privacy-respecting analytics on the framework's reception.
Consent, for any optional email delivery you initiate.
Contract performance, for delivering artifacts you request.

Because we do not collect personal identifiers in the core pre-assessment flow, most of this policy addresses behavior that would apply if we did.

Your rights

Depending on your jurisdiction, you may have rights to access, correct, delete, port, restrict, or object to our use of your data. Where we hold identifiable data about you (only through opt-in actions you take, such as requesting email delivery), you can exercise these by emailing [email protected]. We will respond within 30 days.

Because we do not collect identifiable data during the pre-assessment itself, rights exercises against non-identifying aggregate statistics are typically not applicable.

Data location and transfers

PostHog data may be processed in the United States. PAICE.work PBC is a US entity. Where your jurisdiction requires specific cross-border transfer protections, we apply the strictest of the jurisdictions we operate in.

Children

The pre-assessment is not directed at children under 16. We do not knowingly collect data from children.

Security

The pre-assessment runs client-side in your browser. Static hosting is via GitHub Pages. No backend handles answer data during the flow. Any future backend components will document their security posture here before they go live.

Changes to this policy

Material changes trigger a new effective date at the top of this page. The repository commit history is authoritative. If changes affect already-stored records (when storage is live), we will notify affected record holders via the email on file where one exists.

Contact

Privacy questions or deletion requests: [email protected].

Framework and spec questions: github.com/snapsynapse/ai-posture.