Data & Privacy
How AIM collects, uses, and retains your information
Last updated: March 25, 2026
The short version
- →AIM only collects data that is necessary to deliver the service to you.
- →Your assessment content and generated documents belong to you. We do not use them to train AI models or share them with third parties.
- →AI analysis runs server-side. Your data is sent to our AI provider (Anthropic) to generate responses and is not retained by them beyond the API call.
- →Security and activity logs are kept for up to 3 years for compliance and incident investigation, then permanently deleted.
- →You can request deletion of your account or organization at any time. Deletion is permanent after a 30-day window.
What data AIM collects
AIM collects the minimum data necessary to operate the platform and deliver its services. Data collection falls into three categories: information you provide directly, information generated by using the platform, and security and operational data collected automatically.
Information you provide
- Account information — your name and email address used to create and manage your account.
- Organization details — your organization name, sector, and team member information when you set up a workspace.
- Assessment inputs — system descriptions, technical architecture details, constraints, budget parameters, and other information you enter when conducting an assessment.
- Collaboration invitations — email addresses of guest collaborators you invite to specific assessments.
Information generated by the platform
- Generated documents — modernization plans, RFP drafts, IGCE estimates, and other outputs created from your assessment inputs.
- Review workflow records — document review status, approvals, flags, and reviewer comments.
- Project health data — Modernization Pulse snapshots and project health scores derived from your assessment data.
Security and operational data
- Authentication events — login activity, session information, and multi-factor authentication records.
- Activity and access logs — records of who accessed which resources, when, and what actions were taken. These are maintained for security, compliance, and incident investigation purposes consistent with NIST SP 800-53 AU-2 and AU-3.
- Device and connection information — technical information about the device and connection used to access the platform, collected for security monitoring and abuse prevention.
How AIM uses your data
AIM uses your data exclusively to operate and improve the platform for you. Specifically:
- To deliver the service — your assessment inputs are used to generate recommendations, reports, cost estimates, and other deliverables.
- To power AI analysis — your inputs are sent to Anthropic's API to generate AI-driven outputs. Anthropic does not retain your data beyond the API call under our agreement. Your data is never used to train AI models.
- To operate your workspace — account and organization data is used to manage access, billing, and team collaboration.
- For security and compliance — activity and audit logs are retained to detect and investigate security incidents, meet compliance obligations, and maintain platform integrity.
- To maintain platform reliability — diagnostic and operational data is used to monitor service health and resolve incidents.
AIM does not: sell your data, share it with advertisers, use it to train AI models, provide it to technology vendors for competitive intelligence, or receive compensation from vendors based on your assessment outcomes.
Data retention schedule
AIM retains different categories of data for different periods based on operational need, legal requirements, and compliance obligations. The table below describes what we retain and for how long.
| Data category | Examples | Purpose | Retention period |
|---|---|---|---|
| Account identity | Name, email address, authentication credentials | Login, notifications, collaboration invitations | Duration of account + 30-day deletion window |
| Organization profile | Organization name, sector, billing plan tier | Workspace management, feature access, billing | Duration of org subscription + 30-day window; billing records kept 7 years (regulatory) |
| Assessment content | System descriptions, architecture inputs, modernization requirements, constraints | Generating recommendations, reports, and cost estimates | Duration of active subscription; content anonymized on org deletion |
| Generated documents | Modernization plans, RFP drafts, IGCE reports, whitepapers | Delivering your work product and supporting review workflows | Duration of active subscription; anonymized on org deletion |
| Collaboration records | Guest invitations, collaborator access events, review comments | Per-assessment collaboration and audit trail | Tied to parent assessment; anonymized on org deletion |
| Security and activity audit log | Login events, admin actions, document access, permission changes | Security monitoring, compliance, and incident investigation (NIST AU-2/AU-3) | Active for 90 days; archived for up to 3 years; permanently deleted thereafter |
| Platform health and diagnostics | API error rates, job completion status, pricing refresh outcomes | Reliability monitoring and platform operations | Up to 90 days; aggregated summaries may be retained longer |
Audit log archival follows a two-tier schedule: records are actively queryable for 90 days, then moved to a compliance archive for the remainder of the 3-year period, after which they are permanently and irrecoverably deleted. This schedule is aligned with NIST SP 800-53 AU-11.
Organization and account deletion
You can request deletion of your account or your entire organization at any time from the platform settings. Deletion follows a defined process:
Deletion request submitted
Your request is logged and a 30-day cancellation window begins. You can cancel the deletion during this period.
Access suspended at window close
After 30 days, your workspace is locked and access is disabled while permanent deletion is processed.
Permanent data purge
Assessment content, generated documents, and personally identifiable information are permanently deleted. User accounts are removed. The organization record is anonymized — identifiers are cleared, but anonymized billing records are retained for 7 years to meet financial recordkeeping requirements.
Audit log aging
Security and activity logs associated with the deleted organization age out of the live audit table within 90 days and are permanently purged at the end of the 3-year retention window. These cannot be recovered after purge.
Guest collaborators
Guest collaborators are external stakeholders (architects, vendors, agency partners) invited to a specific assessment via a time-limited email link. Guests operate under a minimal data model:
- No permanent platform account is created. Guests authenticate via one-time email verification.
- The inviting organization's assessment owner controls what the guest can see and do. Guests cannot generate AI outputs, trigger pipelines, or export reports.
- Guest sessions expire automatically. Expired sessions are cleaned up by an automated process.
- Guest access events (who accessed, when) are logged in the assessment audit trail for the assessment owner's review.
- Guest email addresses are retained only for the duration of the invitation and are not used for any marketing or outreach.
Third-party services
AIM uses a small number of third-party services to operate the platform:
| Service | Purpose | Data shared |
|---|---|---|
| Supabase | Authentication and database hosting | Account data, assessment content, audit logs |
| Anthropic | AI analysis and document generation | Assessment inputs during active generation only; not retained |
| Stripe | Billing and subscription management | Billing contact, payment method (Stripe-managed) |
| Vercel | Platform hosting and edge delivery | Request traffic for routing and delivery |
AIM does not use advertising networks, data brokers, or analytics platforms that share data with third parties. Any analytics used are limited to aggregate platform performance metrics.
Your rights
As an AIM user or organization administrator, you have the following rights with respect to your data:
- AccessYou can view your account information, organization settings, and assessment content within the platform at any time.
- CorrectionYou can update your account information, organization details, and assessment content directly from the platform.
- DeletionOrganization owners can submit a deletion request from the organization settings. Deletion is permanent after the 30-day cancellation window.
- PortabilityGenerated documents and reports can be exported in PDF and structured formats from within the platform.
Security posture
AIM is designed with security as a foundational requirement, not an afterthought. Key controls include:
- Multi-factor authentication (MFA) enforced for all protected routes when enrolled
- End-to-end HTTPS with HTTP Strict Transport Security (HSTS) including subdomains
- Role-based access control with six distinct organization roles (Owner, Admin, Engineer, Program Analyst, Reviewer, Viewer), enforced server-side
- Tamper-evident audit logs with cryptographic hash chaining aligned to NIST SP 800-53 AU-9
- All AI analysis performed server-side — assessment data does not traverse the client
- Append-only audit records that cannot be modified or deleted outside of the authorized archival process
- Content Security Policy, CORS controls, and browser security headers on all application routes
Questions about your data?
If you have questions about how AIM handles your data, want to request information, or need assistance with a deletion request, contact us directly.
[email protected]