Privacy Policy

Effective Date: November 15, 2025

Last Updated: November 15, 2025

1. Introduction

This Privacy Policy explains how The Freedom Project, LLC ("we," "our," "us") collects, uses, stores, and protects information when you use Freedom AIM ("AIM").

2. Information We Collect

We may collect:

A. Information You Provide

  • Name, email, organization details
  • Account credentials
  • Uploaded or entered system information
  • Assessment responses
  • Infrastructure or architecture details
  • Documentation shared for analysis

B. Automatically Collected Information

  • Usage logs
  • Device and browser metadata
  • IP address
  • Session activity
  • Error logs

C. Optional Integrated Data

(only if the user enables integrations)

  • API data from third-party systems
  • Cloud metadata
  • Vendor configuration outputs

3. How We Use Information

We use data to:

  • Provide and improve AIM
  • Generate assessments, diagrams, and reports
  • Enhance accuracy of AI-driven analysis
  • Maintain security and system performance
  • Communicate important updates
  • Fulfill legal or compliance obligations

We do not sell your data. We do not share it with vendors for marketing. We do not use your data to influence or bias recommendations.

4. Data Storage & Retention

Data is stored securely in our managed infrastructure, encrypted in transit and at rest.

Account & Organization Data Retention

For paid accounts, data is retained according to the following schedule:

  • Assessments, reports, and architecture outputs — retained for the lifetime of your active subscription. Following cancellation or account closure, data is retained for 90 days to allow for resubscription and recovery. After 90 days, assessment content and personal information are permanently deleted.
  • User accounts and profiles — retained for 90 days following subscription cancellation, then permanently removed.
  • Billing and financial records — retained for 7 years in compliance with IRS record-keeping requirements. This includes invoice history, payment records, and subscription metadata. This data is not linked to assessment content after purge.
  • Platform audit and activity logs — retained for 3 years for security and compliance purposes.

Organization admins may submit an explicit deletion request at any time. Deletion requests initiate the same 90-day window, during which the request may be canceled. Once purge processing begins it cannot be reversed. For immediate deletion requests, contact [email protected].

Guest Mode Data Retention

Guest Mode operates under a tiered retention policy:

  • Rate limit identifiers (IP address, browser fingerprint, device token) — retained for 24 hours on a rolling basis, used solely to enforce the 3-per-day guest usage limit.
  • Guest session data (intake form responses and generated Executive Summary) — retained for 30 days from the date of generation, then automatically and permanently deleted. This window allows users who sign up within 30 days to carry their data into a full account.

Guest session data is accessible only through AIM's server-side API routes using service-role credentials. No client application or unauthenticated request can access it directly. Row-level security policies enforce this restriction at the database level.

We do not sell, share, or use guest session data for marketing or AI model training. If a guest creates an account within the 30-day window, their session may be linked to their account only upon their explicit action. Otherwise, the data is deleted automatically at expiration.

We may anonymize aggregated data for product improvement purposes.

5. Data Protection

We use industry-standard safeguards, including:

  • Encryption in-transit and at-rest
  • Access control
  • Audit logging
  • Network isolation
  • Least-privilege authorization
  • Regular system assessments

No security method is perfect, but we take reasonable measures to protect your information.

6. Sharing of Information

We may share data only with:

  • Service providers assisting in operations
  • Legal authorities, if required
  • Integration systems you explicitly authorize

We do not share information with vendors to influence product recommendations.

7. AI Model Use

AIM's models may process your data to:

  • Generate insights
  • Identify dependencies
  • Score risks and modernization priorities

Models are not trained on your identifiable data unless explicitly authorized.

8. Your Rights

You may request:

  • Access to your data
  • Correction of inaccuracies
  • Deletion (where applicable)
  • Export of your information
  • Restriction of certain processing

Requests can be submitted to: [email protected]

9. Children's Privacy

AIM is not intended for individuals under 18.

10. Updates to This Policy

We may modify this Privacy Policy at any time. Changes will be reflected with an updated effective date.