Privacy Policy

Introduction

AIs & Shine ("we," "our," or "us") is committed to protecting your privacy and ensuring transparency about how we handle your personal information. This Privacy Policy explains our practices regarding the collection, use, and disclosure of information when you use our cohort-based coaching program and AI-powered self-discovery tools.

By using our services, you agree to the collection and use of information in accordance with this policy. This policy applies to all users of our website, mobile application, and related services.

1. Information We Collect

1.1 Information You Provide

• Waitlist & Account Information: Name, email address, selected entry point (relationship, career, neurodivergent, emotional), challenges/goals, scholarship interest
• Coaching Sessions: Information shared during Layer 1-4 coaching sessions, assessments, and Life Model development
• AI Interactions: Conversations, questions, responses, and insights you share with your custom AI tools
• Survey Responses: Onboarding questionnaires, feedback forms, and assessment data
• Communication: Messages sent through contact forms, support requests, or email
• Payment Information: Billing details for Layer 1-4 services (processed securely through Stripe)
• Cohort Participation: Q1 2026 cohort enrollment, session scheduling, and progress tracking

1.2 Information Automatically Collected

• Usage Data: Pages visited, features used, time spent, click patterns
• Device Information: Browser type, operating system, device identifiers
• Technical Data: IP address, cookies, session data, performance metrics
• Analytics Data: User interactions, conversion events, engagement metrics

1.3 Third-Party Sources

• Social Media: Information from social media platforms when you interact with our content
• Referral Sources: Information about how you found us (search engines, social media, etc.)
• Integration Partners: Data from third-party services you connect with our platform

2. How We Use Your Information

2.1 Primary Purposes

• AI Self-Discovery Service: Providing personalized insights, pattern recognition, and self-discovery tools
• Account Management: Creating and maintaining your account, processing payments
• Communication: Sending program updates, support responses, and important notices
• Service Improvement: Analyzing usage patterns to enhance our AI algorithms and user experience
• Safety & Security: Protecting against fraud, abuse, and security threats
• Legal Compliance: Meeting our legal obligations and protecting our rights

2.2 Marketing Communications (With Consent)

• Newsletter updates about platform developments
• Educational content related to neurodiversity and self-discovery
• Program announcements and webinar invitations
• Personalized recommendations based on your interests

2.3 Legal Basis for Processing (GDPR)

• Consent: Marketing communications, analytics cookies, non-essential features
• Contract Performance: Providing AI services, account management, payment processing
• Legitimate Interest: Service improvement, fraud prevention, business analytics
• Legal Obligation: Tax records, legal compliance, safety requirements

3. Information Sharing

3.1 Service Providers

We share information with trusted third-party service providers who help us operate our platform:

• Supabase: Database hosting and user authentication (EU/US)
• Stripe: Payment processing (US, with global compliance)
• Resend: Email delivery services (EU/US)
• Google Analytics: Website analytics (US, with data processing agreements)
• Mixpanel: User behavior analytics (US, with privacy controls)
• OpenAI/Anthropic: AI language model services (US, with data protection agreements)

3.2 Legal Requirements

We may disclose information when required by law or to protect our rights:

• In response to legal process (subpoenas, court orders)
• To comply with government agency requests
• To protect the safety of users or the public
• To investigate potential violations of our terms
• In connection with business transfers or mergers

3.3 Consent-Based Sharing

We may share information for other purposes with your explicit consent, such as participating in research studies or connecting with integration partners.

4. Data Storage & Security

4.1 Security Measures

• Encryption: Data encrypted in transit (TLS 1.3) and at rest (AES-256)
• Access Controls: Role-based access with multi-factor authentication
• Regular Audits: Security assessments and penetration testing
• Monitoring: 24/7 security monitoring and incident response
• Privacy by Design: Data minimization and purpose limitation built into our systems

4.2 Data Retention

• Account Data: Retained while your account is active, plus 90 days after deletion request
• AI Conversations: Retained for service improvement unless you opt out (up to 2 years)
• Analytics Data: Aggregated and anonymized after 26 months
• Financial Records: Retained for 7 years as required by law
• Support Communications: Retained for 3 years for quality and training purposes

4.3 Data Breach Response

In the event of a data breach affecting your personal information, we will notify you within 72 hours via email and provide details about the incident, potential risks, and steps we're taking to resolve it.

5. Your Rights & Choices

5.1 GDPR Rights (EU Residents)

• Right to Access: Request a copy of personal information we hold about you
• Right to Rectification: Correct inaccurate or incomplete information
• Right to Erasure: Request deletion of your personal information
• Right to Restrict Processing: Limit how we use your information
• Right to Data Portability: Receive your data in a machine-readable format
• Right to Object: Object to processing based on legitimate interests
• Right to Withdraw Consent: Revoke previously given consent at any time

5.2 CCPA Rights (California Residents)

• Right to Know: Information about personal information collected, used, and shared
• Right to Delete: Request deletion of personal information
• Right to Opt-Out: Opt out of sale of personal information (we don't sell data)
• Right to Non-Discrimination: Equal service regardless of privacy choices

5.3 How to Exercise Your Rights

5.4 Cookie & Tracking Preferences

You can manage your cookie preferences through our Cookie Preference Center. You can also:

• Disable cookies in your browser settings
• Opt out of Google Analytics tracking
• Use "Do Not Track" signals (we honor all DNT requests)
• Manage email marketing preferences in your account settings

6. Children's Privacy (COPPA Compliance)

6.1 Parental Consent (Ages 13-16)

For users between 13-16 years old, we require verifiable parental consent before collecting personal information. Parents have the right to:

• Review personal information collected from their child
• Request deletion of their child's information
• Refuse further collection or use of their child's information
• Consent to collection without consenting to disclosure to third parties

6.2 Enhanced Protections for Minors

• Limited data collection to essential service functionality only
• No behavioral advertising or profiling
• Enhanced security measures and monitoring
• Simplified privacy notices appropriate for younger users
• Regular parental notification of data practices

If you believe we have inadvertently collected information from a child under 13, please contact us immediately at privacy@aisandshine.com.

7. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place for all international transfers:

7.1 Transfer Mechanisms

• Standard Contractual Clauses (SCCs): EU-approved contract terms for data transfers
• Adequacy Decisions: Countries recognized by the EU as providing adequate protection
• Data Processing Agreements: Contractual protections with all service providers
• Certification Programs: Providers certified under recognized privacy frameworks

7.2 Data Localization Options

For users in certain regions, we offer data localization options to keep your information within specific geographic boundaries. Contact us to learn about available options for your location.

8. Cookies & Tracking Technologies

8.1 Types of Cookies We Use

8.2 Managing Cookie Preferences

You can control cookie usage through our Cookie Preference Center or your browser settings. Note that disabling certain cookies may limit site functionality.

9. Policy Updates

We may update this Privacy Policy to reflect changes in our practices, technology, legal requirements, or other factors. We will:

• Notify you by email for material changes affecting your rights
• Update the "Last Modified" date at the top of this policy
• Provide prominent notice on our website for significant changes
• Obtain new consent where required by applicable law
• Maintain an archive of previous policy versions for transparency

Your continued use of our services after policy changes indicates your acceptance of the updated terms.

10. Contact Information