Privacy Policy

Effective Date: April 18, 2026 | Last Updated: April 18, 2026

Brian Timothy and Associates, LLC ("Company," "we," "us," or "our") operates the ISO 42001 AI Compliance Assessment tool available at q.ai-policy.fractionx.ai (the "Service"). This Privacy Policy explains how we collect, use, store, and protect your information when you use the Service.

1. Information We Collect

We collect the following categories of information:

Category	Data Collected	When Collected
Contact Information	Full name, work email address, company name, phone number (optional)	When you request your compliance report
Assessment Responses	Your answers to the 35 compliance questions and your ranked AI business priorities	When you complete the questionnaire
Generated Content	Your compliance score, category breakdown, AI-generated report, and chat transcripts	Automatically generated from your responses
Technical Data	IP address, browser type, and access timestamps	Automatically when you access the Service

2. How We Use Your Information

To deliver the Service — generating your compliance score, AI-enhanced report, and enabling the chat advisor
To notify our team — when you submit your contact information and generate a report, your name, email, company, compliance score, and report are sent to our advisory team so we can follow up with relevant guidance
To contact you — following up about your assessment results and our AI compliance advisory services via email or phone
To review chat interactions — conversations with the AI chat advisor are stored and may be reviewed by our team to understand your questions, improve the Service, and prepare for follow-up conversations
To improve the Service — analyzing aggregate, de-identified assessment data to improve question quality and report accuracy

We will not sell your personal information to third parties.

3. AI Processing Disclosure

Your assessment responses are processed by Amazon Bedrock, a managed AI service provided by Amazon Web Services (AWS), to generate your personalized compliance report and power the chat advisor. Specifically:

Your responses and score data are sent to Amazon's Nova Pro large language model to generate the report narrative
Your questions in the chat interface are processed by the same model, combined with your score data and our thought leadership content
Amazon Bedrock does not use your data to train or improve its models

4. Data Storage and Security

Your data is stored in AWS infrastructure located in the United States (us-east-2 region). We employ the following security measures:

All data is encrypted at rest using AWS-managed encryption keys
All data in transit is encrypted via TLS 1.2 or higher
Access to stored data is restricted to authorized personnel via AWS Identity and Access Management (IAM)
With your consent, your assessment progress, score, and report are saved to your browser's local storage to allow you to resume where you left off if you reload the page. Your name, email, phone number, and company name are never written to local storage. You may decline local storage at any time using the banner on the assessment page, or clear it through your browser settings.

5. Data Retention

Data Type	Retention Period
Assessment responses, scores, and generated reports	360 days from submission
Contact information (name, email, company, phone)	5 years from submission

After the applicable retention period, data is permanently deleted. You may request earlier deletion at any time (see Section 7).

6. Third-Party Sharing

We do not currently share your personal information with third parties for their own marketing or business purposes. We reserve the right to engage third-party service providers in the future (such as CRM or analytics platforms) to help operate the Service, in which case this policy will be updated and those providers will be contractually bound to protect your data.

We may disclose your information if required by law, regulation, legal process, or governmental request.

7. Your Rights

All Users:

Access — request a copy of the personal data we hold about you
Deletion — request that we delete your personal data
Correction — request that we correct inaccurate personal data
Opt-out — opt out of future marketing communications at any time

European Economic Area (EEA) Residents — GDPR:

Our legal basis for processing your data is your consent, which you provide by checking the consent box before generating your report
You have the right to withdraw consent at any time without affecting the lawfulness of processing performed before withdrawal
You have the right to data portability — to receive your data in a structured, machine-readable format
You have the right to lodge a complaint with your local data protection authority

California Residents — CCPA/CPRA:

You have the right to know what personal information we collect, use, and disclose
You have the right to delete your personal information
You have the right to opt out of the sale of personal information — we do not sell your personal information
You have the right to non-discrimination for exercising your privacy rights

To exercise any of these rights, contact us at privacy@fractionx.com. We will respond within 30 days.

8. Cookies, Local Storage, and Tracking

The Service does not use cookies, tracking pixels, or third-party analytics tools. No data is collected about your browsing behavior beyond what is described in this policy.

With your consent, the Service uses your browser's local storage (a browser feature similar to cookies) to save your assessment progress, score, report, and chat history so you can resume if you reload the page. This data is stored only on your device and is not transmitted to any third party. You can decline this storage using the banner displayed when you first visit, or clear it at any time via your browser's settings (typically under "Site Data" or "Storage"). Declining does not affect your ability to use the Service.

9. Children's Privacy

The Service is not directed to individuals under the age of 16. We do not knowingly collect personal information from children. If you believe we have inadvertently collected such information, please contact us and we will promptly delete it.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last Updated" date. If we make material changes, we will make reasonable efforts to notify you (e.g., via email or a notice on the Service).

11. Contact Us

If you have questions about this Privacy Policy or wish to exercise your rights, contact us at:

Brian Timothy and Associates, LLC
PO Box 610
Apex, NC 27502
privacy@fractionx.com