logo
Get Started
header
Get Started

Privacy Policy

  • 1. Introduction

AIsecurityPlatform.com (“the site,” “we,” “us,” or “our”) is an independent editorial publication operated by Cyber Security Services, a publisher based at 752 N. State Street #172, Westerville, Ohio 43082, United States. You can reach our editor at editor@aisecurityplatform.com.

This site is purely editorial. We publish reviews, explainers, and reference material about AI security tools and practices. We do not sell products or services through this site, we do not operate user accounts, and we do not process payments. The only ways you can share personal information with us are by subscribing to our newsletter, requesting one of our email-gated PDF resources (for example, the ISO 42001 Checklist or the EU AI Act Roadmap), or contacting us directly by email.

This Privacy Policy explains what personal information we collect, why we collect it, how we use and protect it, and what rights you have. It applies to AIsecurityPlatform.com and any subpages we operate under the same domain.

For details about cookies specifically, see our Cookie Policy. For the rules governing your use of the site, see our Terms of Use.

2. What information we collect

2.1 Information you provide to us

  • Email address — when you subscribe to our newsletter or request an email-gated PDF.
  • Name — optional, only if you choose to provide it when subscribing or contacting us.
  • Message content — anything you write to us when you email us (for example, corrections, tips, or feedback).

We do not collect payment information, government identifiers, or sensitive categories of personal data (such as health or biometric data).

2.2 Information collected automatically

When you visit the site, our analytics and infrastructure providers automatically collect:

  • IP address (typically truncated or pseudonymized by our analytics provider)
  • Browser type and version
  • Device type and operating system
  • Pages visited, time spent on each page, and navigation paths
  • Referring URL (the page or search engine that sent you to us)
  • Approximate location derived from IP (typically country/region, not precise location)

2.3 Cookies and similar technologies

We use a small number of cookies for essential functions, analytics, and remembering newsletter signup state. See our Cookie Policy for the full list.

3. How we use your information

We use the information described above to:

  • Send you the newsletter you signed up for.
  • Deliver the email-gated PDF resources you requested.
  • Respond to inquiries, corrections, and feedback you send us.
  • Analyze traffic patterns in aggregate so we can improve our content and structure.
  • Maintain the security of the site, prevent abuse, and detect malicious activity.
  • Comply with our legal obligations, including recordkeeping and responding to lawful requests.

We do not use your information to build advertising profiles, and we do not run advertising or remarketing on the site.

4. Legal bases for processing (GDPR)

If you are in the European Economic Area (EEA) or the United Kingdom, we process your personal data on the following legal bases:

  • Consent (GDPR Art. 6(1)(a)) — for sending the newsletter and delivering gated content you actively requested. You can withdraw consent at any time.
  • Legitimate interest (GDPR Art. 6(1)(f)) — for aggregate analytics, site security, anti-abuse, and responding to inquiries you initiate. Our legitimate interest is operating and improving a credible editorial publication.
  • Legal obligation (GDPR Art. 6(1)(c)) — for tax records, recordkeeping, and complying with lawful requests from authorities.

We do not rely on “contract” or “vital interests” as legal bases because we do not provide contractual services to readers and we do not collect data necessary to protect anyone’s life.

5. How we share your information

We share personal information only as described below.

5.1 Service providers (processors)

We rely on a limited set of third-party providers to operate the site:

  • Newsletter platform (TBD — for example, ConvertKit, Beehiiv, or Substack) — to send newsletters and deliver gated PDFs.
  • Web analytics (Google Analytics 4) — to measure traffic and content performance.
  • Content delivery and security (Cloudflare) — to deliver pages quickly and protect against bots and attacks.
  • Hosting provider — to store and serve our site.
  • Transactional email delivery — to send confirmations and PDFs.

These providers are contractually required to handle your information only to provide their services to us.

5.2 Legal compliance

We may disclose information when we believe in good faith that disclosure is required to comply with a law, court order, or other lawful request, or to protect the rights, safety, or property of Cyber Security Services, our readers, or the public.

5.3 We do not sell personal information

We do not sell personal information for monetary or other valuable consideration, and we do not “share” personal information for cross-context behavioral advertising as those terms are defined under California law.

6. Cookies and similar technologies

We use cookies for essential site function, aggregate analytics, and remembering newsletter signup status. We do not use advertising or remarketing cookies. See our Cookie Policy for the full list, the purpose of each cookie, and how to manage your preferences.

7. Data retention

We keep personal information only as long as we need it for the purposes described in this policy:

  • Newsletter subscribers — until you unsubscribe, plus 30 days afterward to maintain a suppression record and prove you opted out.
  • PDF download requests — 24 months from your request, after which we delete or anonymize the record unless you are also an active newsletter subscriber.
  • Analytics data — 14 months, the Google Analytics 4 default for user-level and event-level data.
  • Contact email archives — 36 months from the last message in a thread, after which we delete unless we have a legitimate reason to retain longer (for example, an unresolved issue).

When retention periods expire, we delete personal data or irreversibly anonymize it.

8. Your rights

Depending on where you live, you have some or all of the following rights:

8.1 Rights under GDPR and UK GDPR

  • Access (Art. 15) — request a copy of the personal data we hold about you.
  • Rectification (Art. 16) — correct inaccurate or incomplete data.
  • Erasure (Art. 17) — request deletion (“right to be forgotten”).
  • Restriction (Art. 18) — ask us to limit how we use your data.
  • Data portability (Art. 20) — receive your data in a structured, machine-readable format.
  • Objection (Art. 21) — object to processing based on legitimate interest.
  • Withdraw consent — withdraw any consent you previously gave, at any time, without affecting the lawfulness of prior processing.

8.2 Rights under California law (CCPA/CPRA)

California residents have the right to:

  • Know what personal information we collect and how we use it.
  • Request deletion of personal information.
  • Opt out of the sale or sharing of personal information — note that we do not sell or share personal information for cross-context behavioral advertising.
  • Non-discrimination for exercising any of these rights.

8.3 Rights under Canadian law (PIPEDA)

Canadian residents have rights of access and correction, and may withdraw consent for processing, subject to legal and contractual restrictions.

8.4 How to exercise your rights

Email us at editor@aisecurityplatform.com with the subject line “Privacy Request.” Tell us which right you are exercising and which email address(es) or other information your request relates to. We may ask reasonable questions to verify your identity before acting on a request.

We aim to respond within 30 days. Under GDPR, we may extend by an additional 60 days (total of 90 days) for complex requests, and we will tell you if we need more time.

If you are not satisfied with our response, you have the right to lodge a complaint with a supervisory authority — see Section 13 below.

9. Children's privacy

AIsecurityPlatform.com is not directed to children, and our content is written for security and compliance professionals. We do not knowingly collect personal information from individuals under 16. If you believe a child has provided us personal information, contact us at editor@aisecurityplatform.com and we will delete it.

10. International data transfers

Our site is hosted in the United States, and most of our service providers are based in the United States. If you visit from the EEA, the UK, Canada, or another jurisdiction outside the US, your personal data will be transferred to, stored in, and processed in the United States and potentially other countries where our providers operate.

For transfers from the EEA and UK to countries that do not have an adequacy decision, we rely on Standard Contractual Clauses (SCCs) and the UK International Data Transfer Addendum with our service providers, plus any supplementary measures required under applicable case law.

You can request a summary of the transfer mechanisms we rely on by emailing us.

11. Security

We use reasonable technical and organizational measures to protect personal information against loss, misuse, unauthorized access, disclosure, alteration, and destruction. These include encryption in transit (HTTPS), access controls on systems that hold subscriber data, vendor due diligence, and patch management.

No system or method of transmission is 100% secure, and we cannot guarantee absolute security. If we ever become aware of a breach affecting your personal information, we will notify you and the relevant authorities as required by law.

12. Changes to this policy

We may update this Privacy Policy as our practices, providers, or applicable laws change. When we do, we will update the “Last updated” date at the top of the page. For material changes, we will notify subscribers by email and post a notice on the site for a reasonable period.

13. Complaints

If you believe we have not handled your personal data properly, please contact us first at editor@aisecurityplatform.com so we can try to resolve the issue. You also have the right to complain to a supervisory authority:

  • EEA residents — your local Data Protection Authority. A list is available on the European Data Protection Board’s website.
  • UK residents — the Information Commissioner’s Office (ICO).
  • California residents — the California Privacy Protection Agency.
  • Canadian residents — the Office of the Privacy Commissioner of Canada or your provincial privacy commissioner.

14. Contact

Publisher: Cyber Security Services

Site: AIsecurityPlatform.com

Mailing address: 752 N. State Street #172, Westerville, Ohio 43082, United States

Editor: Matt Santill, CISSP

Email: editor@aisecurityplatform.com