1. Introduction

CO-AIMS ("AI Risk Management System"), operated by Jason Pellerin ("we," "us," or "our"), is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

2. Information We Collect

2.1 Account Information

Name and email address (from Google/GitHub OAuth)
Profile picture (from OAuth provider)
Organization name and contact details you provide

2.2 AI System Information

AI system names, types, and descriptions
Purpose and risk classification
Data categories processed by your AI systems
Human-in-the-loop procedures
Kill switch procedures

2.3 Compliance Documentation

Bias audit results and reports
Impact assessments
Incident reports and remediation records
Audit logs and activity history

2.4 Usage Information

IP address and browser type
Pages visited and features used
Date and time of access

3. How We Use Your Information

We use collected information to:

Provide and maintain the Service
Generate compliance reports and assessments
Send notifications about audits, incidents, and deadlines
Process payments and manage subscriptions
Respond to support requests
Improve the Service
Comply with legal obligations

4. Data Retention

In accordance with Colorado SB 24-205 requirements for compliance documentation, we retain your AI system records, bias audit reports, impact assessments, and related compliance documentation for a minimum of three (3) years. Account information is retained as long as your account is active, plus any legally required retention period.

5. Data Sharing

We do not sell your personal information. We may share information with:

Service Providers: Third parties that help us operate the Service (hosting, payment processing, email delivery)
Legal Requirements: When required by law, subpoena, or government request
Business Transfers: In connection with a merger, acquisition, or sale of assets
With Your Consent: For any other purpose with your explicit consent

6. Third-Party Services

We use the following third-party services:

Google OAuth: For authentication
GitHub OAuth: For authentication
Stripe: For payment processing
Google Drive: For report storage (optional)

Each third-party service has its own privacy policy governing their use of your data.

7. Data Security

We implement appropriate technical and organizational measures to protect your data, including:

Encryption in transit (HTTPS/TLS)
Encrypted database storage
Access controls and authentication
Regular security assessments
Audit logging of all access

8. Your Rights

You have the right to:

Access: Request a copy of your data
Correction: Request correction of inaccurate data
Deletion: Request deletion of your data (subject to legal retention requirements)
Export: Request your data in a portable format
Opt-out: Opt out of marketing communications

To exercise these rights, contact us at [email protected].

9. Colorado Privacy Rights

If you are a Colorado resident, you have additional rights under the Colorado Privacy Act (CPA), including the right to opt out of targeted advertising and profiling. We do not engage in the sale of personal data or targeted advertising based on personal data.

10. Children's Privacy

The Service is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children.

11. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes via email or through the Service. Your continued use after notification constitutes acceptance of the updated policy.

12. Contact Us

For questions about this Privacy Policy or to exercise your rights, contact:

Email: [email protected]
CO-AIMS by Jason Pellerin
Denver, Colorado