Privacy Policy
AI Compliance Readiness Assessment (ACRA)
We collect information in three categories: information you provide directly, information collected automatically, and payment information handled by our processor.
When you use ACRA, you voluntarily submit the following:
| Data Type | Examples | Purpose |
|---|---|---|
| Organization details | Organization name, industry, size | Report generation, benchmarking |
| Contact information | Name, email address, job title | Report delivery, communications |
| Assessment responses | Answers to 45 multiple-choice questions about AI governance practices | Report generation, scoring, benchmarking |
When you visit our website, we automatically collect standard technical information:
This data is collected through cookies and standard web analytics tools. See Section 7 (Cookies) for details and your options.
Payment processing is handled entirely by Stripe, Inc. When you purchase an assessment, your payment card details are collected, processed, and stored by Stripe in accordance with PCI DSS (Payment Card Industry Data Security Standard) requirements.
Kaizen AI Lab does not collect, process, or store your credit card number, debit card number, CVV, or bank account details. We receive only a confirmation of successful payment, the amount paid, and a transaction identifier from Stripe.
For information about how Stripe handles your payment data, see Stripe's Privacy Policy.
We use the information we collect for the following purposes:
Your questionnaire responses are analyzed by AI models to generate your personalized compliance assessment report. Your contact information (specifically, your email address) is used to deliver the completed report. Your organization details and industry are used to contextualize recommendations and select relevant benchmarking comparisons.
We use anonymized, aggregated assessment data to build and maintain industry benchmarking datasets. This allows us to provide comparative insights in reports (for example, "organizations in your industry typically score X in this category"). Benchmarking data cannot be used to identify you, your organization, or your specific responses. Individual responses are stripped of all identifying information before inclusion in any aggregate dataset.
We use your email address to:
You can unsubscribe from non-transactional communications at any time by clicking the unsubscribe link in any email or contacting us at info@kaizenailab.com.
We analyze anonymized usage patterns and assessment data to improve the ACRA methodology, refine our question bank, enhance scoring accuracy, and develop new features. This analysis uses only aggregated data and does not involve review of individual, identified responses.
We share your information only in the limited circumstances described below. We do not sell, rent, or trade your personal information to third parties for their marketing purposes. Period.
When you make a payment, your transaction is processed by Stripe. Stripe receives the payment information you provide at checkout. Kaizen AI Lab and Stripe share only the data necessary to complete and verify the transaction.
To generate your assessment report, we submit your questionnaire responses to AI model providers for analysis. Before submission, we take the following protective steps:
We may disclose your information if required to do so by law, regulation, legal process, or governmental request. We may also disclose information when we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others, or to investigate fraud.
In the event of a merger, acquisition, bankruptcy, or sale of all or a portion of our assets, your information may be transferred as part of that transaction. We will notify you via email or prominent notice on our website before your information becomes subject to a different privacy policy.
We do not sell your personal information to third parties. We have not sold personal information in the preceding 12 months. We do not intend to sell personal information. This commitment applies regardless of whether you exercise a CCPA opt-out right.
We retain different categories of data for different periods, based on the purpose for which the data was collected:
| Data Category | Retention Period | Rationale |
|---|---|---|
| Assessment responses and reports | 2 years from delivery date | Enables re-assessment comparisons, supports benchmarking accuracy, allows report re-delivery if needed |
| Contact information (name, email, title) | Until you request deletion | Enables follow-up communications and re-assessment coordination |
| Organization details (name, industry, size) | 2 years (identified); indefinitely (anonymized) | Identified data supports re-assessment; anonymized data supports benchmarking |
| Payment records | 7 years | Tax and accounting compliance requirements |
| Aggregated/anonymized benchmarking data | Indefinitely | Cannot be linked to individuals; provides long-term industry trend analysis |
| Website analytics data | 26 months | Standard analytics retention for trend analysis |
When retention periods expire, identified data is either deleted or irreversibly anonymized. You may request earlier deletion of your personal information at any time (see Section 5).
If you are a California resident, the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), provides you with specific rights regarding your personal information.
To exercise any of the rights described above, contact us using one of the following methods:
When you submit a request, we will verify your identity by matching information you provide with information we have on file. For requests to know or delete, we require verification sufficient to confirm you are the person (or authorized agent of the person) whose data is the subject of the request. We will respond to verifiable requests within 45 days. If we need additional time (up to an additional 45 days), we will notify you in writing with an explanation.
You may designate an authorized agent to submit a request on your behalf. The agent must provide written proof of authorization signed by you, and we may still require you to verify your identity directly.
We implement and maintain administrative, technical, and physical safeguards designed to protect your personal information from unauthorized access, disclosure, alteration, and destruction.
No method of electronic transmission or storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee absolute security. In the event of a data breach that affects your personal information, we will notify you and relevant authorities as required by applicable law.
We use cookies that are strictly necessary for the operation of our website. These include cookies that maintain your session state as you complete the assessment form and cookies that remember your consent preferences. Essential cookies do not require your consent because they are necessary for the service to function.
With your consent, we use analytics cookies to understand how visitors interact with our website. This includes data on page views, session duration, navigation paths, and referral sources. Analytics data helps us improve the user experience and identify technical issues.
You can withdraw consent for analytics cookies at any time through your browser settings or by contacting us. Withdrawing consent will not affect the functionality of the assessment.
We do not use:
Most web browsers allow you to manage cookie preferences through their settings. You can typically configure your browser to refuse all cookies, accept only certain cookies, or alert you when a cookie is being set. Note that disabling essential cookies may prevent the assessment form from functioning properly.
ACRA is a business-to-business service designed for use by organizational representatives. The service is not directed at individuals under the age of 13, and we do not knowingly collect personal information from children under 13.
If we become aware that we have inadvertently collected personal information from a child under 13, we will promptly delete that information. If you believe that a child under 13 has provided us with personal information, please contact us at info@kaizenailab.com so we can take appropriate action.
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.
For material changes (those that significantly affect how we collect, use, or share your personal information), we will notify you by email at the address associated with your assessment before the changes take effect. We will also update the "Last updated" date at the top of this page.
For non-material changes (clarifications, formatting, or updates that do not substantively alter your rights), we will update this page with the revised policy and the new "Last updated" date.
We encourage you to review this Privacy Policy periodically. Your continued use of the ACRA service after changes are posted constitutes acceptance of those changes.
If you have questions, concerns, or requests related to this Privacy Policy or our data practices, contact us at:
Kaizen AI Lab (CVDH LLC)
Email: info@kaizenailab.com
Website: kaizenailab.com
State of Organization: California
For CCPA-specific requests, please include "CCPA Request" in the subject line of your email to help us route your inquiry efficiently.