Privacy Policy

Marc J. Weinstein PLLC (the "Firm," "we," "us," or "our") operates the website located at mjwlaw.ai (the "Site") and the AI Risk Assessment tool made available through the Site (the "Assessment Tool"). This Privacy Policy describes how we collect, use, retain, and protect information in connection with the Site and the Assessment Tool.

By accessing the Site or using the Assessment Tool, you agree to the collection and use of information as described in this Privacy Policy. If you do not agree to this Privacy Policy, do not access the Site or use the Assessment Tool.

1. Information We Collect

We collect the following categories of information:

Contact Information. When you request a Report from the Assessment Tool, we collect your name, professional title, organization name, and organizational email address (collectively, your "Contact Information"). We do not accept personal email addresses for Report delivery.

Assessment Responses. When you complete the Assessment Tool, we collect your responses to the 25 assessment questions. These responses, together with the AI Risk Score, risk tier classifications, and personalized Report generated from them, are collectively referred to as your "Assessment Data." Your Assessment Data is used to produce and deliver your Report.

Marketing Preference. If you choose to opt in to receive communications from the Firm, we record that preference.

Automatically Collected Information. When you visit the Site, we may automatically collect limited technical information, including pages viewed, time spent on the Site, and general geographic region. This information is collected through privacy-respecting analytics that do not use cookies and do not track individual users across websites. We do not collect device identifiers, IP addresses for tracking purposes, or browser fingerprints.

2. How We Use Your Information

We use the information we collect for the following purposes:

To generate and deliver your Report. Your Assessment Data is used to calculate your AI Risk Score, assemble your personalized Report, and deliver the Report to you via immediate download and email. Your Contact Information is used to address and deliver the Report.

For the Firm's internal records. We retain a copy of your Assessment Data and your Contact Information for the Firm's business development and internal reference purposes.

To send you your Report. We send a single transactional email to the email address included in your Contact Information, containing your Report as an attachment. This email is a fulfillment of the service you requested and is not a marketing communication.

To send marketing communications, if you opt in. If you affirmatively opt in to receive communications from the Firm, we will use the email address included in your Contact Information to send you information about AI governance developments, resources, and advisory services. You may opt out of marketing communications at any time by following the unsubscribe instructions included in each communication or by contacting us directly.

For aggregated analysis. We may use Assessment Data in aggregated, de-identified form that cannot reasonably be used to identify any individual or organization. This aggregated data may be used for research, thought leadership, conference presentations, or informational publications.

3. How We Process and Store Your Information

Your Assessment Data is processed in real time by a serverless function that generates your Report, triggers the delivery emails, and transmits a copy of your Assessment Data and Contact Information to the Firm. Your Assessment Data and Contact Information are not stored in any database on the Site's servers. After your Report has been generated and delivered, no copy of your Assessment Data or Contact Information persists on the web server.

The Firm retains a copy of your Assessment Data and your Contact Information in the Firm's internal systems for business development and record-keeping purposes, subject to the retention period described in Section 12.

4. How We Share Your Information

We do not sell, rent, or trade your Contact Information or Assessment Data to third parties.

We may share your information in the following limited circumstances:

Service Providers. We use third-party service providers to host the Site and to send transactional and marketing emails on our behalf. These service providers process your Contact Information and Assessment Data solely on our instructions and for the purposes described in this Privacy Policy. Our current service providers include Vercel (hosting) and Resend (email delivery).

Legal Requirements. We may disclose your Contact Information or Assessment Data if required to do so by law, legal process, or court order, or if we believe in good faith that such disclosure is necessary to comply with applicable law, respond to a subpoena or court order, or protect the rights, property, or safety of the Firm or others.

Aggregated, De-Identified Data. We may share aggregated, de-identified Assessment Data that cannot reasonably be used to identify any individual or organization, as described in Section 2 above.

5. Confidentiality

We treat your Assessment Data -- meaning the particular combination of responses, scores, and content assembled based on your responses that, taken together, reveals information about your organization's AI governance practices -- as confidential, and will not disclose it to third parties without your consent, except as described in Section 4 above. This confidentiality commitment applies to Assessment Data that can be associated with your organization. It does not apply to the underlying content framework of the Assessment Tool, including the questions, response block text, scoring methodology, tier narratives, domain summaries, and recommendations, which are the intellectual property of the Firm and may appear in Reports generated for other users. This confidentiality commitment is a contractual obligation and does not create or imply any evidentiary privilege. For additional information, please refer to the Terms of Use.

6. Data Security

We implement reasonable administrative, technical, and physical safeguards to protect the Contact Information and Assessment Data we collect and maintain. The Site is served over encrypted HTTPS connections. Assessment Data is processed in serverless functions that do not persist data after processing. However, no method of transmission over the Internet or method of electronic storage is completely secure, and we cannot guarantee the absolute security of your information.

7. Your Rights and Choices

Access and Deletion. You may request access to or deletion of the Contact Information and Assessment Data we hold about you by contacting us at the address below. Upon receiving a verified request, we will provide or delete the requested information within a reasonable timeframe, subject to any legal obligations requiring retention.

Marketing Opt-Out. If you have opted in to receive marketing communications, you may opt out at any time by following the unsubscribe instructions in any marketing email or by contacting us directly. Opting out of marketing communications does not affect the delivery of your Report or the transactional email associated with it.

European Economic Area, United Kingdom, and Switzerland. If you are located in the European Economic Area, the United Kingdom, or Switzerland, you may have additional rights under the General Data Protection Regulation (GDPR) or equivalent legislation, including the right to access, rectification, erasure, restriction of processing, data portability, and the right to object to processing. Our legal basis for processing your Contact Information and Assessment Data is your consent (provided through the click-through disclaimer and contact form) and our legitimate interest in operating the Assessment Tool and conducting business development activities. To exercise any of these rights, please contact us at the address below.

California Residents. If you are a California resident, you may have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA), including the right to know what personal information we collect, the right to delete your personal information, and the right to opt out of the sale of personal information. We do not sell personal information. To exercise any of these rights, please contact us at the address below.

8. Cookies and Tracking Technologies

The Site uses privacy-respecting analytics that do not rely on cookies, do not track users across websites, and do not collect personally identifiable information. We do not use advertising cookies, social media tracking pixels, or any third-party tracking technologies. If our analytics practices change, we will update this Privacy Policy accordingly.

9. Children's Privacy

The Site and the Assessment Tool are not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child under 18, we will take steps to delete such information promptly.

10. International Data Transfers

The Site is hosted in the United States. If you are accessing the Site from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States. By using the Site and providing your information, you consent to such transfer, storage, and processing. If you are located in the European Economic Area, the United Kingdom, or Switzerland, we will take appropriate steps to ensure that your personal data receives an adequate level of protection in accordance with applicable law.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Any changes will be effective upon posting of the revised Privacy Policy on the Site with an updated effective date. Your continued use of the Site or the Assessment Tool following the posting of changes constitutes your acceptance of such changes. We encourage you to review this Privacy Policy periodically.

12. Data Retention

Assessment Data that is processed on the web server to generate your Report is not retained on the server after processing. The Firm retains a copy of your Assessment Data and your Contact Information in the Firm's internal systems for a period of three (3) years from the date the assessment was completed, after which the information will be deleted unless you request earlier deletion. Aggregated, de-identified Assessment Data may be retained indefinitely.

13. Contact Information

If you have questions about this Privacy Policy, wish to exercise any of your rights described above, or wish to request access to or deletion of your Contact Information or Assessment Data, please contact:

Marc J. Weinstein PLLC
info@mjweinsteinlaw.com