Skip to content
AIPMO
Sign in Subscribe
Privacy Policy | AIPMO

Privacy Policy

Last updated: June 3, 2026

AIPMO ("we," "us," or "our") operates the websites aipmo.co and app.aipmo.co. This Privacy Policy describes how we collect, use, store, and protect your personal information when you use our websites and services.

We take privacy seriously — particularly as a platform focused on responsible AI governance. We aim to collect only the data we need, be transparent about how we use it, and give you meaningful control over your information, including the ability to delete your account and all associated data at any time. We use only privacy-respecting, cookieless analytics: we set no advertising or tracking cookies, perform no cross-site or cross-device tracking, build no individual profiles, and never sell your data.

Information We Collect

Information You Provide

When you create a membership account or subscribe to our services, we collect:

  • Name — To personalize your experience and pre-fill documents you generate.
  • Email address — For account authentication, membership management, and newsletter delivery ("The AI Governance Brief").

When you use the AIPMO Advisor application, we may also collect:

  • Organization details — Information you provide about your organization (or, for Consultant members, your client organizations) for AI governance document generation, such as organization name, industry, size, AI maturity level, regulatory environment, and PM methodology.
  • Project details — Information about specific AI projects within your organizations, including project type, objectives, deployment stage, risk level, and stakeholders.
  • Conversation messages — Messages you send and responses generated through the AI Governance Advisor chat, stored per project to maintain continuity within your sessions.
  • Generated documents — Documents created through our AI-powered Document Customizer.
  • Uploaded documents — Documents you upload to a project (Professional and Consultant members only) to provide additional context for AI-generated guidance. Accepted formats are PDF, DOCX, TXT, and MD. Uploaded documents are processed to extract text, classify document type, and generate search embeddings; see "How We Process Your Data with AI" below for details.
  • Feedback — Optional thumbs-up or thumbs-down ratings, and any written comments you submit on generated documents or Advisor chat responses.

Information Collected Automatically

When you visit our websites, we automatically collect:

  • Session data — Authentication tokens to keep you signed in.
  • Server logs — Standard web server logs maintained by our hosting providers (Vercel and Ghost), which may include IP addresses, browser type, and pages visited.
  • Usage events — Server-side logs of platform activity including document types generated, Advisor messages sent, framework families queried, upgrade trigger points, and low-confidence retrieval events. These events record your user ID, membership tier, organization and project identifiers, and event-specific metadata. We do not log the content of your chat messages for analytics purposes.
  • Aggregate web analytics — We use privacy-respecting, cookieless analytics to understand how our sites are used at an aggregate level. On our content site (aipmo.co), Ghost's built-in analytics records page views, the referring source (for example, direct, a search engine, or a linking site), and country-level location. On our application (app.aipmo.co), we record aggregate page-view counts grouped by date, country, and top-level site section. These analytics set no cookies, perform no cross-site or cross-device tracking, and build no individual profiles. We do not store or display your IP address; your IP address and browser user-agent are processed transiently only to derive an approximate country and a non-identifying visitor count. The application-side records contain only aggregate counts — no IP address, no device or browser identifier, and no account identifier.

Information We Do Not Collect

We do not collect or process:

  • Payment card numbers (handled entirely by Stripe).
  • Tracking or advertising cookies, cross-site or cross-device tracking, or behavioral advertising profiles.
  • Precise or device-level location data (our analytics records only approximate, country-level location).
  • The content of your Advisor chat messages for analytics or improvement purposes (usage event logging records metadata only, never message content).
  • Data from third-party sources about you.

How We Use Your Information

We use the information we collect to:

  • Provide our services — Authenticate your account, deliver content based on your membership tier (Essential, Professional, or Consultant), and generate customized AI governance documents.
  • Communicate with you — Send membership-related emails, newsletter editions of "The AI Governance Brief," and important service updates.
  • Process payments — Facilitate paid membership subscriptions through Stripe.
  • Improve our services — Understand how our platform is used through aggregated, anonymized usage events and cookieless web analytics, so we can prioritize features and expand our knowledge base.
  • Improve document generation quality — When you submit feedback on a generated document, including any written comment, that feedback signal and associated document context may be used to improve generation quality for that document type. You may submit a rating without a comment if you prefer not to share additional context. We do not use documents or conversations where no feedback was submitted for any improvement purpose.

We do not sell, rent, or share your personal information with third parties for their marketing purposes.

How We Process Your Data with AI

AIPMO uses AI at several points in the service. Here is a transparent account of each:

Advisor chat and document generation uses Anthropic's Claude API. When you send a message or generate a document, the content of your message and your organization and project context are sent to Anthropic's API to generate a response. Anthropic processes this data in accordance with their usage policy and does not use API inputs to train their models.

Document classification uses Anthropic's Claude API (Haiku model). When you upload a document to a project, the first portion of the document text is sent to Anthropic's API to classify the document type, identify governance frameworks referenced, and generate a summary. This classification is stored with your document record to improve retrieval relevance.

Search embeddings use OpenAI's embedding API (text-embedding-3-small model). When you send a message in the Advisor, the text of your message is sent to OpenAI's API to generate a search vector used to retrieve relevant guidance from our knowledge base. When you upload a document, the full text of the document is chunked and sent to OpenAI's API to generate embeddings stored for retrieval. OpenAI processes this data in accordance with their usage policy.

What we do not send to AI APIs: Your name, email address, payment information, and membership credentials are never sent to any AI API.

Document ownership: You retain full ownership of all documents generated through the platform. AIPMO does not use your generated documents for any purpose other than delivering the service to you, except where you have affirmatively submitted feedback on a generated document as described above.

Third-Party Service Providers

We work with the following service providers who may process your data on our behalf:

ProviderPurposeData ProcessedPrivacy Policy
Ghost Content management, membership, and cookieless web analytics Name, email, membership status; aggregate page views, referral source, and country-level location ghost.org/privacy
Stripe Payment processing Email, payment information stripe.com/privacy
Vercel Application hosting and aggregate traffic counts Server logs, IP addresses; aggregate country-level page-view counts vercel.com/legal/privacy-policy
Supabase Database and file storage Account data, organization and project profiles, conversations and messages, generated documents, uploaded document files and embeddings, usage events, feedback, aggregate traffic counts supabase.com/privacy
Anthropic AI chat, document generation, and document classification Organization and project context, chat messages, uploaded document text samples anthropic.com/policies/privacy-policy
OpenAI Search embedding generation Chat message text (query-time only), uploaded document text (chunked for embedding) openai.com/policies/privacy-policy
HostGator Email hosting Inbound and outbound email content sent to info@aipmo.co hostgator.com/privacy-policy
Resend Transactional and membership email delivery Recipient email address and email content resend.com/legal/privacy-policy

Ghost's web analytics is processed through its analytics subprocessor as part of the Ghost(Pro) service and is governed by Ghost's privacy policy and our data processing agreement with Ghost. Namecheap provides DNS services only and does not process personal data on our behalf. Each provider processes data in accordance with their own privacy policies and our data processing agreements with them.

Data Retention

We retain your personal information for as long as your account is active or as needed to provide you with our services. Specifically:

  • Account data (name, email, membership status) — Retained while your account exists.
  • Organization and project profiles — Retained while your account exists or until you delete them.
  • Conversation messages — Retained while your account is active or until you delete the associated conversation or project.
  • Generated documents — Retained while your account exists or until you delete them.
  • Uploaded documents and embeddings — Retained while your account exists or until you delete them from your project.
  • Usage event logs — Retained for 12 months from the date of the event, then permanently deleted.
  • Feedback ratings — Retained for 24 months from the date of submission.
  • Feedback comments — Retained for 12 months from the date of submission, after which the comment text is deleted and only the rating is retained.
  • Aggregate analytics — Web analytics and application traffic counts are retained as non-identifying aggregate statistics and contain no personal data.
  • Payment records — Retained as required by applicable tax and financial regulations.
  • Server logs — Retained according to our hosting providers' standard retention policies.

Account Deletion and Backup Residuals

When you delete your account — either through the self-service deletion option in Account Settings or by contacting us at info@aipmo.co — we delete your personal data from our active systems immediately. Uploaded document files stored in Supabase Storage are deleted at the same time and are not retained in any backup.

Database records (account data, conversations, documents, and related data) may persist in automated database backup snapshots for up to 7 days following deletion, after which they are permanently purged as part of our standard backup rotation. During this period, backup data is not accessed or used for any purpose.

For Consultant members, deleting an organization cascades to remove all linked projects, conversations, and documents associated with that organization.

Data Security

We implement appropriate technical and organizational measures to protect your personal information, including:

  • Encrypted connections (HTTPS/TLS) for all data transmission.
  • Encrypted session tokens for authentication.
  • Database access restricted by role-based controls.
  • Payment processing handled entirely by PCI-compliant Stripe infrastructure.
  • User-uploaded files stored in access-controlled Supabase Storage.
  • Cookieless, aggregate web analytics — no advertising trackers, cross-site tracking, or individual profiling; usage event logging is server-side and records metadata only.

No method of transmission over the internet or electronic storage is completely secure. While we strive to protect your personal information, we cannot guarantee absolute security.

Your Rights

Depending on your location, you may have the following rights regarding your personal information:

  • Access — Request a copy of the personal data we hold about you.
  • Correction — Request that we correct inaccurate or incomplete data.
  • Deletion — Delete your account and all associated data directly through Account Settings in the app, or contact us at info@aipmo.co. We will process deletion requests within 30 days.
  • Data portability — Request a copy of your data in a portable format.
  • Opt out of communications — Unsubscribe from newsletters and non-essential emails at any time using the unsubscribe link in any email.

To exercise any of these rights, you may use the self-service tools available in Account Settings at app.aipmo.co/account, or contact us at info@aipmo.co.

For California Residents (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act, including the right to know what personal information we collect, the right to request deletion, and the right to non-discrimination for exercising your rights. We do not sell personal information.

For European Economic Area Residents (GDPR)

If you are located in the EEA, our legal basis for processing your personal data is:

  • Contract performance — Processing necessary to provide the services you signed up for.
  • Legitimate interest — Processing necessary for our legitimate business interests, such as aggregated, cookieless usage and web analytics to improve the service, where those interests are not overridden by your rights.
  • Consent — Where you have given us specific consent, such as subscribing to our newsletter or submitting feedback with a written comment.

You also have the right to lodge a complaint with your local data protection authority.

Children's Privacy

Our services are intended for users 18 years of age and older. We do not knowingly collect personal information from individuals under 18. If we become aware that we have collected personal data from a minor without parental consent, we will take steps to delete that information promptly.

International Data Transfers

Our services are hosted in the United States. If you access our services from outside the United States, your information will be transferred to and processed in the United States. We take appropriate safeguards to ensure your data is protected in accordance with this Privacy Policy.

Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by posting the updated policy on this page and updating the "Last updated" date. For significant changes affecting paid members, we will also provide notice by email. A history of material changes to this policy is maintained at our policy changelog.

Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us at:

Email: info@aipmo.co
Website: aipmo.co

© 2026 AIPMO. All rights reserved.