Privacy Policy

1. Introduction

This Privacy Policy explains how The Freedom Project, LLC ("we," "our," "us") collects, uses, stores, and protects information when you use Freedom AIM ("AIM").

2. Information We Collect

We may collect:

3. How We Use Information

We use data to:

• Provide and improve AIM
• Generate assessments, diagrams, and reports
• Enhance accuracy of AI-driven analysis
• Maintain security and system performance
• Communicate important updates
• Fulfill legal or compliance obligations

We do not sell your data. We do not share it with vendors for marketing. We do not use your data to influence or bias recommendations.

4. Data Storage & Retention

Data is stored securely in our managed infrastructure, encrypted in transit and at rest.

Account & Organization Data Retention

For paid accounts, data is retained according to the following schedule:

• Assessments, reports, and architecture outputs — retained for the lifetime of your active subscription. Following cancellation or account closure, data is retained for 90 days to allow for resubscription and recovery. After 90 days, assessment content and personal information are permanently deleted.
• User accounts and profiles — retained for 90 days following subscription cancellation, then permanently removed.
• Billing and financial records — retained for 7 years in compliance with IRS record-keeping requirements. This includes invoice history, payment records, and subscription metadata. This data is not linked to assessment content after purge.
• Platform audit and activity logs — retained for 3 years for security and compliance purposes.
• Per-organization decision context — accumulated for the lifetime of your active subscription. This is the private record of decisions, outputs, and signals generated inside the platform (assessments, recommendations, project tracking events, change-board votes, configuration drift, procurement actions). It is scoped to your organization through row-level security and is never blended with any other organization's data. Cleared as part of the standard 90-day deletion window when an organization is closed.

Organization admins may submit an explicit deletion request at any time. Deletion requests initiate the same 90-day window, during which the request may be canceled. Once purge processing begins it cannot be reversed. For immediate deletion requests, contact [email protected].

Guest Mode Data Retention

Guest Mode operates under a tiered retention policy:

• Rate limit identifiers (IP address, browser fingerprint, device token) — retained for 24 hours on a rolling basis, used solely to enforce the 3-per-day guest usage limit.
• Guest session data (intake form responses and generated Executive Summary) — retained for 30 days from the date of generation, then automatically and permanently deleted. This window allows users who sign up within 30 days to carry their data into a full account.

Guest session data is accessible only through AIM's server-side API routes using service-role credentials. No client application or unauthenticated request can access it directly. Row-level security policies enforce this restriction at the database level.

We do not sell, share, or use guest session data for marketing or AI model training. If a guest creates an account within the 30-day window, their session may be linked to their account only upon their explicit action. Otherwise, the data is deleted automatically at expiration.

We may anonymize aggregated data for product improvement purposes.

5. Data Protection

We use industry-standard safeguards, including:

• Encryption in-transit and at-rest
• Access control
• Audit logging
• Network isolation
• Least-privilege authorization
• Regular system assessments

No security method is perfect, but we take reasonable measures to protect your information.

6. Sharing of Information

We may share data only with:

• Service providers assisting in operations
• Legal authorities, if required
• Integration systems you explicitly authorize

We do not share information with vendors to influence product recommendations.

7. AI Model Use

AIM's AI models may process your data to:

• Generate insights
• Identify dependencies
• Score risks and modernization priorities

Foundation model training

Your data is not used to train foundation AI models — not our AI providers', not anyone else's, not a model of our own. We do not pool customer data across organizations to train a shared model. Identifiable customer data is never sent to any third party for model training.

Per-organization context

AIM does maintain a private, per-organization record of decisions, outputs, and signals generated inside the platform — assessments, recommendations, project tracking events, and operational decisions. This record is scoped to your organization through row-level security and is never blended with any other organization's data. It exists to power features that get more useful for your team over time, and is never used to improve service for any other organization.

AIM may use this per-organization record to power features that take action on your behalf based on your organization's own history. Any such feature will be opt-in, will be scoped to your organization only, and will be governed by a separate agreement.

8. Your Rights

You may request:

• Access to your data
• Correction of inaccuracies
• Deletion (where applicable)
• Export of your information
• Restriction of certain processing

Requests can be submitted to: [email protected]

9. Children's Privacy

AIM is not intended for individuals under 18.

10. Updates to This Policy

We may modify this Privacy Policy at any time. Changes will be reflected with an updated effective date.