Privacy Policy

aithic.org - GDPR & CCPA Compliant Privacy Protection

Last Updated: July 2025

TL;DR - Our Privacy Promise:

We collect minimal technical data necessary for service operation. No personal profiles, no marketing data, no user tracking. Full GDPR & CCPA compliance with strong privacy rights protection.

1. Data Controller Information

Data Controller: aithic.org

Contact Information:

  • Email: privacy@aithic.org
  • Data Protection Officer: dpo@aithic.org
  • Website: aithic.org

2. Introduction

Welcome to aithic.org ("we," "our," or "us"). This Privacy Policy explains how we collect, use, and protect your information in compliance with the EU General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). We are committed to privacy-by-design principles and data minimization.

3. Categories of Information We Collect

Technical Information (Automatically Collected)

  • IP Address (for service delivery and security)
  • Browser type and version
  • Operating system information
  • Device type and screen resolution
  • Referring website URL
  • Timestamp of service access

Legal Basis (GDPR): Legitimate interest for service operation and security

Domain Analysis Data

  • Domain names submitted for ethical analysis
  • Analysis timestamps

Legal Basis (GDPR): Legitimate interest for providing requested service

Information We Do NOT Collect

  • Names, email addresses, or contact information
  • User accounts or profiles
  • Behavioral tracking or analytics
  • Marketing or advertising data
  • Financial or payment information
  • Social media data or connections

4. How We Use Your Information

Service Delivery: Processing domain names through AI analysis and displaying results

Security: Preventing abuse, detecting malicious activity, and maintaining service integrity

Technical Operations: Ensuring service availability and performance optimization

Legal Compliance: Meeting regulatory requirements and responding to legal requests

No Automated Decision-Making: We do not use automated decision-making or profiling that produces legal or similarly significant effects.

5. Third-Party Data Sharing

Google Gemini AI (Service Provider)

Domain names are processed through Google's Gemini AI service for ethical analysis. This transfer is covered by:

  • Standard Contractual Clauses (SCCs) for GDPR compliance
  • Google's Data Processing Agreement
  • No personal data retention by Google for this service

Google's privacy policy: https://policies.google.com/privacy

Content Delivery Networks

Tailwind CSS and Google Fonts may receive your IP address as part of standard web requests. These are necessary for website functionality.

We Do NOT Share Data With

  • Advertising networks or data brokers
  • Social media platforms for tracking
  • Marketing or analytics companies
  • Any parties for commercial purposes

6. Cookies and Tracking Technologies

We do NOT use:

  • Analytics or tracking cookies
  • Advertising or marketing cookies
  • Social media tracking pixels
  • Cross-site tracking technologies
  • Persistent behavioral tracking

7. Your Rights Under GDPR (EU Users)

Your Data Protection Rights

Right of Access (Art. 15)

Request information about data processing

Right to Rectification (Art. 16)

Correct inaccurate personal data

Right to Erasure (Art. 17)

Request deletion of personal data

Right to Restriction (Art. 18)

Limit processing of your data

Right to Portability (Art. 20)

Receive data in structured format

Right to Object (Art. 21)

Object to processing for legitimate interests

How to Exercise Your Rights:

Contact us at privacy@aithic.org. We respond within 30 days (1 month) as required by GDPR Article 12(3).

Right to Lodge a Complaint

You have the right to lodge a complaint with your local data protection authority if you believe your rights have been violated.

EU Data Protection Authorities: Find your local authority

8. California Privacy Rights (CCPA)

Your CCPA Rights (California Residents)

Right to Know

Request disclosure of personal information collection, use, and sharing practices

Right to Delete

Request deletion of personal information we have collected

Right to Opt-Out

Opt-out of the sale of personal information (We do not sell personal information)

Right to Non-Discrimination

We will not discriminate against you for exercising your CCPA rights

CCPA Disclosure Categories

Categories collected in the last 12 months:

  • Internet/Network Information (IP address, browser data)
  • Commercial Information (domain analysis requests)

Business Purposes: Service provision, security, legal compliance

Categories shared: Domain data with Google Gemini AI (service provider only)

Sale of Personal Information: We do not sell personal information

How to Exercise CCPA Rights: Submit requests to privacy@aithic.org or call [toll-free number]. We respond within 45 days as required by CCPA § 1798.130(a)(2).

9. International Data Transfers

When data is transferred outside the EU/EEA, we ensure adequate protection through:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Adequacy decisions for transfers to countries with adequate protection
  • Additional safeguards including encryption and data minimization
  • Regular review of transfer mechanisms and recipient country laws

Google Services: Data processed by Google Gemini AI is subject to Google's GDPR-compliant data processing agreements and Standard Contractual Clauses.

10. Data Security

We implement appropriate technical and organizational measures to protect your data:

Technical Measures

  • TLS 1.3 encryption for all communications
  • Regular security patches and updates
  • Secure server configurations
  • Automated threat detection

Organizational Measures

  • Privacy by design implementation
  • Regular security assessments
  • Incident response procedures
  • Staff training on data protection

11. Data Retention

Technical Log Data: Automatically deleted after 24 hours

Domain Analysis Data: Not stored - processed and immediately discarded

Security Data: Retained for 7 days for abuse prevention

Retention Principle: We apply data minimization and only retain data for the shortest period necessary for specified purposes.

12. Children's Privacy

Our service does not knowingly collect personal information from children under 16 (GDPR) or 13 (COPPA). We do not target our services to children, and our terms require users to be of appropriate age to consent to data processing in their jurisdiction.

If you believe a child has provided personal information: Contact us immediately at privacy@aithic.org for prompt deletion.

13. Changes to This Privacy Policy

We may update this Privacy Policy to reflect changes in our practices, legal requirements, or service features. Material changes will be communicated through:

  • Prominent notice on our website
  • Updated "Last Updated" date
  • For significant changes affecting rights: 30-day advance notice

Continued use of our service after changes constitutes acceptance of the updated policy.

14. Contact Us

For privacy inquiries, rights requests, or concerns:

General Privacy: privacy@aithic.org

Data Protection Officer: dpo@aithic.org

GDPR Requests: gdpr@aithic.org

CCPA Requests: ccpa@aithic.org

Website: aithic.org

Response Time: We respond to privacy requests within 30 days (GDPR) or 45 days (CCPA) as required by law.

15. Transparency Report

Our Commitment to Transparency

Personal Data Profiles:

0 user profiles created

Data Sales:

$0 revenue from data sales

Marketing Cookies:

0 tracking cookies

Data Breaches:

0 incidents reported

GDPR Requests (2025):

Processed within required timeframes

CCPA Requests (2025):

Processed within required timeframes

This privacy policy reflects our commitment to GDPR and CCPA compliance, ethical technology practices, and comprehensive user privacy rights protection.