Privacy Policy

1. Introduction

AI Executive LTD (“AI Executive”, “we”, “us”, “our”) is committed to protecting your privacy and handling your personal data responsibly. This Privacy Policy explains how we collect, use, store, and share your personal data when you visit joinaiexecutive.com (“our Website”), use our services, or interact with us.

We are the data controller for the personal data described in this policy. We process your data in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations (PECR).

If you have any questions about this policy, please contact us at support@joinaiexecutive.com.

2. Personal Data We Collect

2.1 Data You Provide Directly

• Account, authentication, and profile information: name, username, business email address, password status, multi-factor authentication status, role, tier, organisation, avatar, job title, location, and social/profile links you choose to add
• Location data (manual approximate input via map): city/state level location that you manually provide through our map-based location picker in your profile settings. You also choose a visibility radius. When displayed on the public profile map, the platform generates a random point within your chosen radius to show an approximate area rather than your exact location, protecting your privacy. We do not access your device's GPS or precise geolocation.
• Purchase, checkout, and membership information: billing contact details, plan, tier, entitlement, renewal, cancellation, refund, transaction references, checkout status, abandoned-checkout status, recovery status, and information needed to return you to an incomplete checkout. Payments are processed by Creem; we do not store full payment card details.
• Application, lead, and questionnaire responses: business information, company website, goals, challenges, and answers submitted via our forms, lead magnets, Board Room applications, in-person experience enquiries, or Enterprise enquiries
• Platform activity: course progress, lesson completion, event registrations, in-person event eligibility or attendance status, booking status, announcement confirmations, feedback submissions, roadmap/contact preferences, and admin actions relating to organisations or licences
• Communication and community data: direct messages, event chat messages, future community posts and feeds where enabled, replies, reactions, attachments, event questions, support requests, feedback, Telegram handles or messages where you use Telegram for advisory support, and call-related information sent through email, our platform, Cal.com bookings, or Google Meet links
• Native call and recording data: participant identity, attendance, roles, mute/camera/screen-sharing state, moderation actions, call metadata, audio, video, and screen-share streams transmitted during a call, and call recordings where recording is enabled. Live media is processed to deliver the call; recordings and associated metadata may be stored and made available to authorised members.
• Uploaded content: profile avatars, organisation logos, course thumbnails, announcement images, and other files you or an authorised admin upload to the platform

2.2 Data Collected Automatically

• Website and platform usage data: pages visited, time on page, click behaviour, referral source, UTM/source attribution, browser type, device type, and IP address
• Security and technical data: login events, session data, rate-limit events, error logs, IP address, device/browser metadata, call quality and connection diagnostics, and information needed to operate communications, troubleshoot reliability, prevent abuse, or block unauthorised access
• Cookies and tracking technologies: data collected through cookies, pixels, and similar technologies (see Section 7)

3. How We Use Your Data

We process your personal data for the following purposes and under the following lawful bases:

4. Third-Party Data Processors

We share your personal data with the following third-party service providers who process data on our behalf. Each processor is contractually required to handle your data securely and only for the purposes we specify:

• Supabase — authentication, database, storage, access control, and member profile infrastructure
• Vercel — website hosting, deployment, serverless functions, routing, and technical logs
• Stream (Stream.io, Inc.) — infrastructure for direct messages, event chat, native video and audio calls, screen sharing, participant presence and moderation, call recordings where enabled, delivery and reliability diagnostics, and community activity feeds, posts, comments, and reactions where those features are enabled. Depending on the feature used, Stream may process profile identifiers, avatars, message and attachment content, call metadata, live audio/video/screen-share media, recordings, IP addresses, device data, and connection diagnostics on our behalf.
• Creem — payment processing, subscriptions, invoices, taxes, refunds, checkout management, abandoned-checkout detection, recovery emails, and recovered transaction reporting
• Cal.com — call scheduling and booking management for onboarding and consultancy calls
• Google Meet — off-platform virtual meeting links where an event or call is hosted on Google Meet. Group coaching calls and events hosted on Google Meet may be recorded. For private one-to-one consulting calls, we will disclose at the time if we intend to record.
• Telegram — asynchronous one-to-one advisory communication for Board Room members where you choose to communicate with us through Telegram
• Wistia — hosting and playback of onboarding, course, and upsell videos
• Resend — transactional email delivery
• Firecrawl — optional company website enrichment for Enterprise or consulting enquiries you submit
• Google Analytics — website analytics and usage tracking where enabled
• Meta (Facebook) Pixel — advertising measurement and audience targeting where enabled and consented to

Some of these processors, including Stream, are based in or may process data in the United States and other countries. Where data is transferred outside the UK, we use appropriate safeguards such as the UK International Data Transfer Addendum, Standard Contractual Clauses (SCCs), adequacy regulations, or a processor's participation in a recognised data transfer framework where applicable.

AI Executive remains the controller of member data used through our platform, while Stream generally acts as our processor or service provider when it handles that data to provide its services. Stream may use its own subprocessors under its contractual terms. Further information is available in Stream's Privacy Statement, Data Processing Addendum, and security information.

5. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law. Our general retention periods are:

• Account and purchase data: for the duration of your active subscription, plus 6 years after cancellation (for tax and legal compliance under UK HMRC requirements)
• Profile, course progress, community, booking, and feedback data: for the duration of your account, unless you request deletion and we are not required to retain it for legal, contractual, security, or dispute-resolution reasons
• Messages, community content, consulting, support, Telegram, event, and platform communications: while your account remains active and for up to 12 months after the relevant engagement or account ends, unless you delete content sooner, request deletion, or a longer period is reasonably required for legal, contractual, security, moderation, or dispute-resolution records
• Call media and recordings: live audio, video, and screen-share media is processed for the duration needed to deliver the call. Recordings, attendance, moderation events, and call metadata are retained while needed to provide authorised replay, administer the event, investigate misuse, or meet legal and contractual requirements, and may also be subject to Stream's configured retention and deletion processes.
• Security, rate-limit, and technical logs: for as long as reasonably necessary to protect the platform, investigate abuse, and maintain service reliability
• Website analytics data: up to 26 months (as configured in Google Analytics)
• Marketing consent records: retained for as long as your consent is active, plus 12 months after withdrawal
• Abandoned-checkout recovery data: retained only for as long as reasonably needed to send recovery reminders, measure recovered purchases, manage suppression records, resolve disputes, and meet legal or accounting obligations

6. Abandoned-Checkout Recovery Emails

If you start a checkout through Creem and provide your email address but do not complete the purchase, Creem may identify the checkout as abandoned and send one or more recovery reminder emails on our behalf. These emails may include details of the plan or product you selected and a link to return to checkout.

We process this data to help you complete a transaction you started, to measure whether a recovery email led to a completed purchase, and to maintain opt-out or suppression records. For UK and EU contacts, we only send these reminders where we have consent or where the applicable soft opt-in rules allow us to contact someone who bought, or negotiated to buy, similar services and was given a clear opportunity to opt out. For contacts in other regions, we aim to comply with applicable email marketing laws, including requirements for clear sender identification, truthful subject lines, a valid opt-out method, and honouring unsubscribe requests.

You can opt out of abandoned-checkout recovery and other marketing emails at any time by using the unsubscribe or opt-out link in the email or by contacting support@joinaiexecutive.com. Opting out of marketing or recovery emails will not stop essential service, payment, security, or account communications.

7. Cookies and Tracking Technologies

Our Website uses cookies and similar tracking technologies. Cookies are small text files stored on your device that help us understand how you use our Website and enable certain functionality.

7.1 Types of Cookies We Use

• Strictly necessary cookies: required for the Website to function (e.g. session management). These do not require consent.
• Security and preference cookies/local storage: used for login state, account security, preference storage, draft autosave, cookie consent preferences, and basic platform functionality. These are necessary for the service.
• Attribution cookies/local storage: used to track the source of your visit (e.g. UTM parameters, referral links) so we can measure the effectiveness of our marketing efforts. These are considered necessary for our legitimate interest in understanding how users find our platform.
• Analytics cookies (Google Analytics): help us understand how visitors interact with our Website. These require your consent.
• Marketing/advertising cookies (Meta Pixel): used to measure the effectiveness of our advertising campaigns on Meta platforms and to build audiences for targeted advertising. These require your consent.

When you first visit our Website, you will be presented with a cookie consent banner. Non-essential cookies will only be activated after you provide your consent. You may change or withdraw your cookie preferences at any time through the cookie settings link on our Website.

7.2 How to Control Cookies

In addition to our cookie consent mechanism, you can control cookies through your browser settings. Most browsers allow you to refuse or delete cookies. Please note that disabling cookies may affect the functionality of our Website.

8. Your Rights Under UK GDPR

Under the UK GDPR, you have the following rights in relation to your personal data:

• Right of access: request a copy of the personal data we hold about you
• Right to rectification: request correction of inaccurate or incomplete data
• Right to erasure: request deletion of your personal data (subject to legal retention requirements)
• Right to restrict processing: request that we limit how we use your data
• Right to data portability: request your data in a structured, machine-readable format
• Right to object: object to processing based on legitimate interest or for direct marketing purposes
• Right to withdraw consent: withdraw consent at any time where processing is based on consent

To exercise any of these rights, please contact us at support@joinaiexecutive.com. We will respond to your request within one month, as required by law. If you are not satisfied with how we handle your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

9. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include encrypted connections (HTTPS and encrypted transport for communications), access controls, role-based admin and call permissions, optional multi-factor authentication, rate limiting, and secure third-party service providers including Stream.

While we take reasonable steps to protect your data, no method of electronic transmission or storage is completely secure. We cannot guarantee absolute security of your data.

10. Children's Data

Our services are intended for individuals aged 18 and over. We do not knowingly collect personal data from anyone under the age of 18. If we become aware that we have collected data from a person under 18, we will take steps to delete that data promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes via email or a prominent notice on our Website. We encourage you to review this policy periodically.

12. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us: