Privacy Policy

1. Introduction

AI Start Academy, Inc. ("AISA Academy," "we," "us," or "our"), located at 1769 15th Street, San Francisco, CA, operates the website located at https://hub.aistartacademy.com (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our Service, including our learning management system, onboarding forms, and related features.

By accessing or using the Service, you agree to the terms of this Privacy Policy. If you do not agree with the practices described herein, please do not use the Service.

2. Information We Collect

2.1 Information You Provide Directly

• Account information: Full name, email address, and password when you create an account.
• Profile information: Timezone preferences and profile image.
• Onboarding data: Responses you provide through our onboarding forms, which may include contact details such as phone number and additional information relevant to your enrollment.
• Assessment submissions: Answers and scores from course assessments.
• Communications: Any information you provide when contacting us for support.

2.2 Information Collected Automatically

• Log data: IP address, browser type, operating system, referral URLs, pages viewed, and dates/times of access.
• Cookies and similar technologies: We use essential cookies for authentication and session management. See Section 7 for more details.

2.3 Information from Third Parties

• Google OAuth: If you sign in with Google, we receive your name, email address, and profile picture from Google, subject to your Google account settings.

3. How We Use Your Information

We use the information we collect to:

• Create and manage your account;
• Provide, operate, and maintain the learning management system;
• Enroll you in cohorts, groups, and programs and track your educational progress;
• Process and evaluate assessment submissions;
• Send transactional emails, including account verification, cohort updates, and session reminders;
• Synchronize your information with third-party platforms (e.g., GoHighLevel) when configured by program administrators;
• Improve and personalize the Service, including analyzing usage trends;
• Respond to your inquiries and provide customer support;
• Comply with applicable laws and legal obligations.

4. Legal Bases for Processing (Where Applicable)

We process personal information based on:

• Contract performance: To provide the Service as agreed in our Terms of Service.
• Legitimate interests: To improve the Service, prevent fraud, and ensure security.
• Consent: Where you have provided explicit consent (e.g., onboarding form submissions).
• Legal obligations: To comply with applicable laws and regulations.

5. How We Share Your Information

We do not sell your personal information. We may share your information in the following circumstances:

• Service providers: We share data with third-party service providers who assist us in operating the Service, such as email delivery services (SMTP), authentication providers (Google OAuth), and CRM platforms (GoHighLevel).
• Program administrators and instructors: Your enrollment data, assessment results, and onboarding responses may be visible to instructors and administrators of cohorts you are enrolled in.
• Legal requirements: We may disclose information if required by law, subpoena, court order, or government request.
• Business transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity.

6. Data Retention

We retain your personal information for as long as your account is active or as needed to provide the Service. We may also retain certain information as required by law or for legitimate business purposes, such as fraud prevention and record-keeping. When personal information is no longer needed, we will securely delete or anonymize it.

7. Cookies and Tracking Technologies

We use the following types of cookies:

• Essential cookies: Required for authentication, session management, and core functionality. These cannot be disabled.
• Functional cookies: Used to remember your preferences (e.g., dark/light theme, timezone).

We do not currently use advertising or analytics tracking cookies. If this changes, we will update this policy and provide appropriate notice and consent mechanisms.

8. Your Rights and Choices

8.1 All Users

• Access and correction: You can access and update your account information through your account settings.
• Account deletion: You may request deletion of your account by contacting us at privacy@aistartacademy.com.
• Email opt-out: You may opt out of non-essential communications by following the unsubscribe link in our emails.

8.2 California Residents (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

• Right to know: You may request information about the categories and specific pieces of personal information we have collected about you.
• Right to delete: You may request that we delete your personal information, subject to certain exceptions.
• Right to correct: You may request correction of inaccurate personal information.
• Right to opt out of sale/sharing: We do not sell or share your personal information for cross-context behavioral advertising. If this practice changes, we will provide a "Do Not Sell or Share My Personal Information" link.
• Right to non-discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights.

To exercise these rights, please contact us at privacy@aistartacademy.com. We will verify your identity before processing any request.

8.3 Other US State Privacy Rights

Residents of Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA), and other states with applicable privacy legislation may have similar rights, including the right to access, correct, delete, and opt out of the processing of personal data. To exercise these rights, contact us at privacy@aistartacademy.com.

9. Data Security

We implement industry-standard security measures to protect your personal information, including:

• Encryption of passwords using bcrypt hashing;
• HTTPS encryption for all data in transit;
• Secure session management with NextAuth.js;
• Access controls limiting data access to authorized personnel.

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee absolute security.

10. Children's Privacy

The Service is not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe that your child has provided us with personal information, please contact us at privacy@aistartacademy.com, and we will take steps to delete such information. If you are between 13 and 18 years of age, you may use the Service only with the involvement of a parent or guardian.

11. Third-Party Services

Our Service integrates with the following third-party services:

• Google (OAuth): For account authentication. Google's privacy policy is available at https://policies.google.com/privacy.
• GoHighLevel: For CRM integration and contact synchronization, as configured by program administrators.

We encourage you to review the privacy policies of these third-party services.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the updated policy on this page and updating the "Last updated" date. Your continued use of the Service after any changes constitutes acceptance of the updated Privacy Policy.

13. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

• Email: privacy@aistartacademy.com
• Address: 1769 15th Street, San Francisco, CA
• Website: https://hub.aistartacademy.com