Privacy Policy

AIRiskAware ("we", "us", "our") is a specialist AI risk governance and compliance firm. Our website is located at airiskaware.com. This Privacy Policy explains how we collect, use, disclose, and protect information about you when you visit our website or contact us.

We collect information you voluntarily provide when you: • Submit our contact form (name, email address, organisation, and the content of your message) • Email us directly at contact@airiskaware.com • Use our AI governance self-assessment tool (your answers to the 7 questions, these are not stored or transmitted; all processing occurs locally in your browser) • Interact with our AI assistant widget (the text of your questions is sent to our API for processing, see Section 6 on AI Assistant Data below) We also collect certain information automatically when you visit our website, including: • Pages visited and time spent on pages (via Google Tag Manager / Google Analytics) • Browser type, device type, and operating system • IP address and approximate geographic location (country/region level) • Referring website We do not collect sensitive personal information such as health data, financial account numbers, or government identification numbers.

We use the information we collect to: • Respond to your enquiries and provide the advisory services or information you request • Improve our website and content based on how visitors interact with it • Understand which topics and articles are most useful to our audience • Comply with legal obligations We do not use your information for automated decision-making or profiling.

If you are located in the European Economic Area (EEA) or the United Kingdom, our legal basis for processing your personal information is: • Legitimate interests, responding to your enquiry and improving our website • Consent, where you have explicitly provided information for a specific purpose You have the right to object to processing based on legitimate interests.

We do not sell, rent, or trade your personal information. We may share information with: • Formspree (formspree.io), our contact form provider, which processes form submissions on our behalf. Formspree's privacy policy is available at formspree.io/legal/privacy-policy • Google Analytics / Google Tag Manager, for website analytics. Analytics data is anonymised and aggregated. You can opt out via Google's opt-out tools • Legal authorities, where required by law or to protect our legal rights All third-party service providers are required to maintain appropriate security standards for any information they process on our behalf.

Our website includes an AI assistant widget that allows you to ask questions about AI governance, the EU AI Act, and related topics. When you use the AI assistant: • The text of your question is sent to our secure API endpoint hosted on Vercel • Your question is then transmitted to Groq (groq.com), an AI infrastructure provider, for processing using the Llama large language model • The AI assistant's response is returned to your browser and displayed • We do not store the content of AI assistant conversations on our systems • Groq processes your questions in accordance with their privacy policy, available at groq.com/privacy The AI assistant is for general informational purposes only. Do not enter personal identifying information, confidential business data, client information, or sensitive personal data into the AI assistant. The assistant's responses do not constitute legal, regulatory, or professional advice. Groq is a US-based provider. If you are located in the EEA or UK, your questions are transferred to the United States for processing. This transfer occurs on the basis of Groq's compliance with applicable data transfer mechanisms.

We retain contact form submissions and email correspondence for up to 3 years, or longer if required by applicable law or ongoing business relationships. Analytics data is retained in accordance with Google Analytics' default retention settings. AI assistant conversation data is not retained by AIRiskAware (see Section 6).

Depending on your location, you may have rights including: • Access, request a copy of the personal information we hold about you • Correction, request correction of inaccurate information • Deletion, request deletion of your personal information where we have no legitimate reason to retain it • Objection, object to processing of your information based on legitimate interests • Portability, request your information in a structured, machine-readable format • Withdrawal of consent, where processing is based on consent To exercise any of these rights, please contact us at contact@airiskaware.com. We will respond within 30 days.

We use cookies and similar technologies to: • Maintain website functionality (essential cookies) • Collect analytics data about how visitors use our website (Google Analytics via GTM) You can control cookies through your browser settings. Disabling analytics cookies will not affect your ability to use our website.

We implement appropriate technical and organisational measures to protect your information against unauthorised access, alteration, disclosure, or destruction. Our website is served over HTTPS. Our AI assistant endpoint is hosted on Vercel's secure infrastructure. However, no method of transmission over the internet is 100% secure.

Our website and services operate from Australia. If you are located outside Australia, your information may be transferred to and processed in Australia or other countries where our service providers operate (including the United States, where Vercel and Groq are based). We take appropriate steps to ensure adequate protection for such transfers.

Our website and services are not directed at individuals under the age of 18. We do not knowingly collect personal information from children.

We may update this Privacy Policy from time to time. We will post the updated policy on this page with a revised "Last updated" date. Material changes will be communicated prominently. We encourage you to review this policy periodically.

If you have questions about this Privacy Policy or how we handle your personal information, please contact us: Email: contact@airiskaware.com Website: airiskaware.com/contact