AIAI Readiness Pro

Legal

Privacy Policy

Effective date: 21 May 2026

1. Introduction

AI Readiness Pro (“we”, “us”, “our”) provides an online AI readiness diagnostic for small and medium-sized enterprises (SMEs). This Privacy Policy explains what personal data we collect, why we collect it, how we use and share it, and the rights you have over it.

We are committed to handling personal data lawfully, fairly, and transparently. If you have any questions, contact us at aireadiness@atheniaai.com.

2. Scope & applicable laws

This policy is designed to comply with data protection laws across the regions we serve, including:

  • EU General Data Protection Regulation (GDPR) and UK GDPR
  • Kingdom of Saudi Arabia — Personal Data Protection Law (PDPL), administered by SDAIA
  • United Arab Emirates — Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data
  • Bahrain Personal Data Protection Law (Law No. 30 of 2018)
  • Qatar Law No. 13 of 2016 concerning Personal Data Privacy Protection
  • Oman Personal Data Protection Law (Royal Decree 6/2022)
  • USA — California CCPA / CPRA, Colorado AI Act and other state privacy laws; NIST AI Risk Management Framework
  • Canada — PIPEDA and Quebec Law 25
  • Brazil — Lei Geral de Proteção de Dados (LGPD); Mexico LFPDPPP and other Latin American privacy laws
  • Singapore PDPA + IMDA Model AI Governance Framework; Malaysia, Indonesia, Thailand, Vietnam, Philippines PDP laws
  • Japan APPI; Republic of Korea PIPA; Australia Privacy Act + AI Ethics Principles; New Zealand Privacy Act
  • India — Digital Personal Data Protection Act 2023 and MeitY AI advisories
  • South Africa POPIA; Nigeria NDPR; Kenya Data Protection Act and other African privacy laws

Where any local law grants you stronger rights than this policy describes, those rights apply.

3. Data we collect

Account data

Name, email address, hashed password, and company information you provide.

Assessment data

Industry, company size, pain points, and answers you submit as part of the AI readiness assessment, together with the generated scores and reports.

Technical & login telemetry

IP address, derived country, device type, browser, operating system, and timestamps of sign-in events. This is used for security, abuse prevention, and basic product analytics.

Cookies & local storage

We use only essential cookies and local storage required for authentication and session management. We do not use advertising or cross-site tracking cookies.

4. Legal bases for processing

Under GDPR and equivalent provisions in regional PDPLs, we rely on:

  • Performance of a contract — to provide the assessment and deliver your report.
  • Legitimate interests — to keep the service secure, prevent abuse, and improve the product.
  • Consent — where required, for optional communications. You can withdraw consent at any time.
  • Legal obligation — to comply with applicable laws.

5. How we use your data

  • Deliver the assessment and generate your AI readiness report.
  • Authenticate you and secure your account.
  • Detect and prevent fraud, abuse, and security incidents.
  • Improve the product through aggregated, non-identifying analysis.
  • Send essential service communications (e.g. account approval).

6. AI processing disclosure

Parts of your assessment input may be processed by third-party large language model providers (such as Google and OpenAI) solely to generate recommendations and report content. These providers act as processors on our behalf, do not use your data to train their models in this configuration, and we apply data minimisation — only the inputs required to generate your report are sent.

7. Sharing & sub-processors

We do not sell personal data. We share data only with:

  • Hosting and infrastructure providers (cloud hosting, Cloudflare).
  • AI model providers, as described above.
  • Email delivery providers for transactional messages.
  • Authorities, where we are required to do so by applicable law or valid legal process.

8. International data transfers

Your data may be processed outside your country of residence, including in the European Union, the United Kingdom, and the United States. When we transfer personal data internationally we rely on appropriate safeguards, such as the EU Standard Contractual Clauses, equivalent UK transfer mechanisms, and the cross-border transfer rules under the Saudi PDPL and UAE PDPL (including assessment of adequate protection in the destination country).

9. Data retention

  • Account data — retained for as long as your account is active, plus up to 12 months after closure.
  • Assessment data and generated reports — retained while your account is active so you can revisit them; deleted on request.
  • Login telemetry — retained for up to 12 months for security purposes.

10. Your rights

Depending on your location, you have the following rights over your personal data:

Under GDPR / UK GDPR

Access, rectification, erasure, restriction of processing, data portability, objection, withdrawal of consent, and the right to lodge a complaint with your local supervisory authority.

Under Saudi PDPL

Be informed, access, request correction, request deletion, withdraw consent, and complain to the Saudi Data & AI Authority (SDAIA).

Under UAE PDPL

Access, correction, deletion, transfer, restrict or stop processing, and complain to the UAE Data Office.

To exercise any of these rights, contact us at aireadiness@atheniaai.com. We will respond within the timeframes required by the applicable law.

11. Security

We protect your data using encryption in transit (TLS), encryption at rest, row-level database access controls, hashed passwords, and an admin-approval gate that limits platform access during the testing phase. No system is perfectly secure, but we work continuously to protect your information.

12. Children

AI Readiness Pro is intended for business users and is not directed to individuals under 18. We do not knowingly collect personal data from children.

13. Cookies

We use only strictly necessary cookies and local storage to keep you signed in and to keep the service working. No advertising or cross-site tracking cookies are used.

14. Changes to this policy

We may update this policy from time to time. When we do, we will revise the “Effective date” above and, for material changes, notify you by email or through the application.

15. Contact

For any privacy questions or to exercise your rights, contact our privacy team:

Email: aireadiness@atheniaai.com
Postal: [Company legal entity], [Registered address]

This policy is provided for transparency and does not constitute legal advice.

← Back to home