Overview
Sigma AI Consulting ("we," "us," "our") is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, store, and share personal information when you use our AI Readiness Assessment Platform and related services (collectively, the "Services").
Please read this policy carefully. By using our Services, you acknowledge that you have read and understood this policy. If you do not agree with our practices, please do not use the Services.
Data Controller
Sigma AI Consulting is the data controller responsible for your personal information collected through the Services.
Contact:
Email: consulting@sigma-ai-consulting.com
Website: sigma-ai-consulting.com
For all privacy-related requests, enquiries, or complaints, please contact us at the email address above. We aim to respond within 30 days.
What We Collect
We collect the following categories of information:
| Category | Examples | How collected |
|---|---|---|
| Account information | Name, email address, organisation name, password (hashed) | Provided by you at registration |
| Assessment data | Scores, indicator responses, organisation details entered during assessments | Provided by you during use |
| Usage data | Pages visited, features used, timestamps, session duration | Collected automatically |
| Technical data | IP address, browser type, device type, operating system | Collected automatically |
| Communications | Emails you send us, support requests, feedback | Provided by you |
| Billing information | Plan selected, billing correspondence (we do not store payment card details) | Provided by you at upgrade |
We do not intentionally collect sensitive personal data (such as health, biometric, racial, or political information). Please do not submit such data through the Platform.
How We Use Your Data
We use the information we collect for the following purposes:
- Providing the Services: Creating and managing your account, processing assessments, generating reports, and delivering all Platform features
- Account communications: Sending onboarding emails, trial notifications, plan expiry reminders, and transactional messages related to your account
- Customer support: Responding to your enquiries, troubleshooting issues, and improving the Platform based on your feedback
- Security and fraud prevention: Monitoring for suspicious activity, enforcing our Terms of Service, and protecting the integrity of the Platform
- Platform improvement: Analysing aggregated, anonymised usage patterns to improve our assessment framework, interface, and features
- Legal compliance: Complying with applicable laws, regulations, or lawful requests from authorities
We do not use your data for automated profiling that produces significant legal effects, nor for advertising purposes.
Legal Basis for Processing
We process your personal data on the following bases, depending on the applicable legal framework in your jurisdiction:
- Contract performance: Processing necessary to provide the Services you have requested, including account creation, assessment delivery, and report generation
- Legitimate interests: Processing necessary for our legitimate business interests â such as security monitoring, fraud prevention, and Platform improvement â where such interests are not overridden by your rights
- Legal obligation: Processing necessary to comply with applicable legal requirements
- Consent: Where we rely on consent (e.g., for optional communications), you may withdraw it at any time without affecting prior processing
If you are located in a jurisdiction with specific legal basis requirements (such as the EU/EEA under GDPR, the UK under UK GDPR, or California under CCPA), the above bases apply accordingly. Contact us if you wish to understand the specific basis applicable to any particular processing activity.
Sharing Your Data
We do not sell or rent your personal data. We may share your data only in the following limited circumstances:
- Service providers: We engage trusted third-party providers who assist us in operating the Platform (e.g., web hosting, email delivery). These providers are contractually bound to process data only on our instructions and to maintain appropriate security standards.
- Business transfers: If Sigma AI Consulting is involved in a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction. We will notify you before your data becomes subject to a different privacy policy.
- Legal requirements: We may disclose your data if required to do so by applicable law, court order, or governmental authority, or to protect the rights, property, or safety of Sigma AI Consulting, our users, or the public.
- With your consent: We may share your data for any other purpose with your explicit consent.
We do not share your assessment data or organisation-specific information with any other users or third parties without your explicit instruction.
Data Retention
We retain your personal data for as long as your account is active or as necessary to provide the Services. Specifically:
- Account data: Retained for the duration of your account and for a reasonable period (up to 12 months) after account closure to allow for dispute resolution and legal compliance
- Assessment data: Retained for the life of your account. Following account termination, you have at least 30 days to export your data before it is deleted
- Usage and technical data: Typically retained for up to 12 months for security and analytics purposes
- Communications: Retained for as long as necessary to resolve any open matter and for a reasonable period thereafter
When data is no longer required, it is securely deleted or anonymised. You may request earlier deletion of your data at any time â see Section 9.
Security
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, disclosure, alteration, or destruction. These measures include:
- HTTPS encryption for all data in transit
- Bcrypt hashing for all stored passwords
- Session hardening including CSRF protection, HTTP-only cookies, and periodic session regeneration
- Access controls limiting data access to authorised personnel only
- Regular review of security practices
No method of electronic transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security. In the event of a data breach that poses a risk to your rights, we will notify affected users as required by applicable law.
Your Rights
Depending on your location and applicable law, you may have some or all of the following rights regarding your personal data:
To exercise any of these rights, contact us at consulting@sigma-ai-consulting.com. We will respond within 30 days. We may need to verify your identity before acting on your request.
These rights may be limited in some circumstances by applicable law or legitimate business interests.
Cookies
We use strictly necessary cookies to operate the Platform. These include:
- Session cookies: Used to maintain your logged-in state. These expire when you close your browser.
- Security cookies: Used for CSRF protection and session integrity.
We do not currently use tracking, analytics, or advertising cookies. If this changes, we will update this policy and obtain your consent where required by applicable law.
You can control cookies through your browser settings. Disabling strictly necessary cookies will prevent the Platform from functioning correctly.
Children
The Services are intended for use by business professionals and organisations. We do not knowingly collect personal data from individuals under the age of 18.
If you believe that we have inadvertently collected data from a minor, please contact us immediately at consulting@sigma-ai-consulting.com and we will take prompt steps to delete it.
International Data Transfers
Our Services are accessible globally. If you access the Services from outside the country in which our servers or service providers are located, your data may be transferred across international borders.
Where we transfer personal data internationally, we take appropriate steps to ensure that such transfers are conducted in accordance with applicable data protection laws and that adequate safeguards are in place to protect your data.
If you have questions about the safeguards applicable to your data transfer, please contact us at consulting@sigma-ai-consulting.com.
Changes to this Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will notify you by email or by displaying a prominent notice on the Platform prior to the changes becoming effective.
The "Last updated" date at the top of this page reflects the most recent revision. We encourage you to review this policy periodically. Your continued use of the Services after the effective date of any changes constitutes your acceptance of the updated policy.
Contact & Complaints
If you have any questions, concerns, or requests relating to this Privacy Policy or the handling of your personal data, please contact us:
Sigma AI Consulting
Email: consulting@sigma-ai-consulting.com
Website: sigma-ai-consulting.com
We aim to respond to all privacy-related enquiries within 30 days.
If you are not satisfied with our response, you may have the right to lodge a complaint with the applicable data protection authority in your jurisdiction. We encourage you to contact us first so we can attempt to resolve your concern directly.