LoginGet Access
AI Laws of Power

Legal

Privacy Policy

Effective date: April 25, 2026

1. Who We Are

AI Laws of Power (“we,” “our,” or “us”) operates the website at ailawsofpower.com and the AI Power Laws membership platform. We are the data controller for personal information collected through this service.

Questions about this policy or your data: privacy@ailawsofpower.com

2. What We Collect

We collect only what is necessary to provide the service:

  • Account information — email address, hashed password (never stored in plain text), account creation date.
  • Profile data — role, industry, company stage, and geography you provide during orientation. Used to personalise your course experience.
  • Course activity — which lessons you have completed and when. Used to track your progress.
  • AI orientation output — a structured analysis of your answers used to rank the 13 laws by relevance to your situation. Stored in your account dossier.
  • Payment information — billing is processed entirely by Stripe. We receive a customer ID and subscription status only; we never see or store card numbers.
  • Newsletter preference — whether you have opted into the AI Power Briefing.
  • Communications — if you contact us by email, we retain that correspondence.

We do not collect sensitive personal data (health, biometric, financial, or government ID information).

3. How We Use Your Data

  • Provide and maintain your account and course access.
  • Personalise your learning experience based on your orientation answers.
  • Process payments and manage your subscription through Stripe.
  • Send transactional emails — account setup links, password resets.
  • Send the AI Power Briefing newsletter, if you have opted in.
  • Respond to support requests.
  • Detect and prevent fraud or abuse.

We do not sell your personal data. We do not use your data for advertising or share it with data brokers.

4. Legal Basis for Processing (GDPR)

If you are in the European Economic Area or the United Kingdom, our legal bases are:

  • Contract performance — processing necessary to provide your account and subscription.
  • Consent — newsletter communications. You may withdraw consent at any time by unsubscribing or toggling the setting in your account.
  • Legitimate interests — security, fraud prevention, and improving the service, where these do not override your rights.

5. Third-Party Processors

We share data with the following processors solely to operate the service:

ProcessorPurposeLocation
StripePayment processing and subscription managementUSA (EU adequacy)
Kit (ConvertKit)Newsletter delivery and email sequencesUSA (SCCs)
GoogleOptional OAuth sign-inUSA (EU adequacy)
OpenAIAI processing of orientation answers to generate your profileUSA
ResendTransactional email delivery (magic links, password resets)USA

Each processor is bound by data processing agreements and their own privacy policies. We do not authorise them to use your data for any purpose beyond providing the service to us.

6. Cookies and Tracking

We use a single session cookie issued by NextAuth to keep you logged in. We do not use client-side advertising cookies, Google Analytics, or similar browser-based tracking tools.

We use Meta Conversions API (CAPI), a server-side integration that sends conversion events (such as email signups) directly to Meta to help measure the effectiveness of advertising. This does not set cookies in your browser. The data transmitted is hashed before sending and is used solely for ad measurement purposes. You can opt out of Meta’s use of this data via your Meta Ad Preferences.

7. Data Retention

  • Active accounts: retained for as long as your account exists.
  • Deleted accounts: personal data is deleted within 30 days of account deletion, except where retention is required by law (e.g. billing records, which we retain for 7 years for tax compliance).
  • Newsletter: your email is removed from our mailing list within 14 days of unsubscribing.

8. Your Rights

Depending on your location, you may have the following rights:

  • Access — request a copy of the personal data we hold about you.
  • Correction — ask us to correct inaccurate data.
  • Deletion — request deletion of your account and personal data. You can do this directly from your Account Settings page.
  • Portability — request your data in a machine-readable format.
  • Objection / restriction — object to or restrict certain processing, including withdrawing newsletter consent.
  • Opt-out of sale (CCPA) — we do not sell personal data, so this right is satisfied by default.

To exercise any right, email privacy@ailawsofpower.com. We will respond within 30 days. You also have the right to lodge a complaint with your local data protection authority.

9. Data Security

Passwords are hashed using bcrypt and never stored in plain text. Communication between your browser and our servers is encrypted via TLS. Payment details are handled entirely by Stripe and never touch our servers. We apply reasonable technical and organisational measures to protect your data, though no internet transmission is 100% secure.

10. Children

This service is not directed at children under 16. We do not knowingly collect personal data from anyone under 16. If you believe a minor has provided us with personal data, contact us and we will delete it promptly.

11. Changes to This Policy

We may update this policy when our practices change. Material changes will be notified by email to registered users or by a prominent notice on this page. The effective date at the top of this page always reflects the most recent version.

12. Contact

AI Laws of Power
Email: privacy@ailawsofpower.com

← Back to homeTerms of Service