Privacy policy

v0.1.0 draft · Effective April 20, 2026 · Revision history

Who we are

aiposture.org is operated by PAICE.work PBC, a US public benefit corporation. The AI Posture framework and pre-assessment are stewarded by PAICE.work PBC under a planned transition to an independent steward (PAICE Foundation). Contact for privacy matters: privacy@paice.work.

Scope

This policy covers aiposture.org and the pre-assessment at aiposture.org/assess/. It does not cover third-party sites we link to (for example, the vector reference products: PAICE.work, Siteline, EveryAILaw, or the PAICE newsletter on Substack).

What we collect

Pre-assessment answers

While you are taking the pre-assessment, your in-progress answers are stored in sessionStorage in your browser. This is not a cookie. It is local to the browser tab, cleared when the tab closes, and never transmitted to us by the assessment itself. No server-side record of your answers is written during the flow.

Current status. Per-run storage of completed assessments and email delivery of PDF and JSON artifacts are described in this policy but are not yet deployed. When they are, this notice will be removed and the effective date will change.

Privacy-respecting analytics

We use PostHog in cookie-less mode. Only the following six event types may be recorded:

assessment_started
question_answered (records the question identifier only, never your answer)
assessment_completed (records per-vector levels and the aggregate estimate, not individual answers)
email_captured (records that an email was submitted, not the address)
pdf_requested
handoff_clicked (records the destination URL, not who clicked)

PostHog persistence is set to memory only. Identifiers are session-scoped. We do not stitch sessions across visits. Autocapture, session recording, heatmaps, and rage-click detection are disabled.

Completed-assessment record (when deployed)

When you complete a pre-assessment, we intend to store a per-run record under a random opaque identifier. The record will contain: timestamp, opener answers, per-vector answers, computed posteriors, and the resulting AI Posture aggregate. The record does not contain your name, organization, email address, IP address, or any other direct identifier.

Retention is three years. You may request deletion of a specific record using the identifier included in the delivery email, by emailing privacy@paice.work.

Email delivery (when deployed)

If you request a PDF or JSON artifact by email, we use your address solely to deliver the artifact. After delivery, the email address is dissociated from the assessment record. We do not retain the address for marketing or re-use. If delivery fails, no additional record is created.

Newsletter signup

If you opt in to the PAICE newsletter (paice.substack.com), your subscription is handled directly by Substack under Substack's own privacy policy. We do not operate the newsletter platform.

What we do not collect

No cookies of any kind.
No cross-session user identifiers. No fingerprinting.
No third-party advertising or retargeting tags.
No session recording or replay.
No autocapture of clicks, form inputs, or keystrokes.
No IP-based user tracking. PostHog may log IP at ingest for fraud filtering, but we do not use it for identification.

How we use data

To run the pre-assessment in your browser (sessionStorage only).
To deliver artifacts you request (email, when deployed).
To publish aggregate statistics (level distributions, constraining-vector frequencies, trajectory shapes) without attribution to any individual record.
To improve the question bank and likelihood tables. Recalibration is described in the published specification.

We do not sell data. We do not share data with third parties for their own use. Aggregate statistics may be published openly.

Legal bases

Where applicable (for example, under GDPR), our legal bases are:

Legitimate interest, for privacy-respecting analytics on the framework's reception.
Consent, for any optional email delivery you initiate.
Contract performance, for delivering artifacts you request.

Because we do not collect personal identifiers in the core pre-assessment flow, most of this policy addresses behavior that would apply if we did.

Your rights

Depending on your jurisdiction, you may have rights to access, correct, delete, port, restrict, or object to our use of your data. Where we hold identifiable data about you (only through opt-in actions you take, such as requesting email delivery), you can exercise these by emailing privacy@paice.work. We will respond within 30 days.

Because we do not collect identifiable data during the pre-assessment itself, rights exercises against non-identifying aggregate statistics are typically not applicable.

Data location and transfers

PostHog data may be processed in the United States. PAICE.work PBC is a US entity. Where your jurisdiction requires specific cross-border transfer protections, we apply the strictest of the jurisdictions we operate in.

Children

The pre-assessment is not directed at children under 16. We do not knowingly collect data from children.

Security

The pre-assessment runs client-side in your browser. Static hosting is via GitHub Pages. No backend handles answer data during the flow. Any future backend components will document their security posture here before they go live.

Changes to this policy

Material changes trigger a new effective date at the top of this page. The repository commit history is authoritative. If changes affect already-stored records (when storage is live), we will notify affected record holders via the email on file where one exists.

Contact

Privacy questions or deletion requests: privacy@paice.work.

Framework and spec questions: github.com/snapsynapse/ai-posture.