Privacy Policy
Last updated: 1 July 2026
We believe trust starts with restraint, so we run our sites without the invasive tracking common on the modern web. This policy explains what we collect, why, and the choices you have.
1. Who We Are
airihub.io is operated by Laurence Liew, AI-First Nation (the “Operator”, “we”, “us”). The Operator runs a small family of privacy-first sites — aiready.sg, airi.foundation, aifirstnation.org, and airihub.io — which share the approach set out below. The AI Readiness Framework itself is published at airi.foundation under a Creative Commons CC BY 4.0 licence.
2. Our Privacy Commitment
- We do not use Google Analytics or any third-party advertising analytics.
- We do not use advertising, marketing, or cross-site tracking cookies.
- We do not sell your data or build advertising profiles.
- Our own analytics are cookieless and first-party (see below).
3. Information We Collect
airihub.io is the AIRI assessment hub, where organisations host their own branded assessment sites. We collect:
- Hub enquiries — name, email, organisation, and message when you request a hub or contact us.
- Collaborator accounts — account and contact details for approved organisations that host a branded site.
- Assessment respondent data — when you complete an Organisational AIRI (oAIRI) assessment on a branded sub-site, your responses plus your name and email are used only to calculate and deliver your result, then discarded. No individual result is stored (see “How Assessment Data Works”).
- Aggregated, cookieless page analytics (see below).
4. How Assessment Data Works (Privacy by Design)
airihub.io hosts the Organisational AIRI (oAIRI) assessment, and is designed so that no individual result is ever retained. When you complete an assessment, your result is shown to you once on-screen and sent to you by email (with a PDF) — that delivered copy is the only record of your individual result. Your name and email are used solely to produce and send it, and are not stored afterwards.
We keep only a de-identified score record for each completed assessment: the pillar scores and readiness level, plus the self-declared industry and country and which sub-site it came from. It contains no name, email, or other identifier and cannot be linked back to you. Because it is anonymised it is not personal data; we use it only for aggregate statistics.
A host organisation that runs a branded sub-site (for example, yourname.airihub.io) sees only these de-identified aggregates for their own site, and only once enough people have taken part — never an individual response or identity. If you have questions about an assessment you took on a branded site, you may also contact that organisation.
We also use the same de-identified records for network-level aggregate reporting across airihub.io, and may publish aggregate statistics drawn from them (for example, readiness reporting by industry or country). Published figures never include anything that identifies a person, and any breakdown with fewer than five responses is withheld.
5. Use of AI Language Models
Some features of our sites use a third-party AI language-model (LLM) service to help process text — for example, to assist in reviewing an application, answering your questions, or tailoring guidance and feedback to you. We currently use Z.AI (Zhipu AI), whose international service infrastructure is located in Singapore, so this processing takes place in Singapore and remains covered by Singapore’s PDPA. Only the specific text a feature needs is sent to the provider; it is used solely to deliver that feature, and it is not used to train the provider’s models or for any purpose of the provider’s own.
We may change our AI provider from time to time — for reasons of quality, cost, or data residency — and will update this notice when we do. Any provider we use is held to the same commitments: limited-purpose processing, no training on your data, and appropriate data-protection safeguards. Your AIRI readiness scores themselves are calculated against a fixed, published rubric — they are not generated by an AI.
6. Analytics (Cookieless)
To understand which parts of the site are useful, we use Independent Analytics, a privacy-first tool hosted entirely on our own servers. It does not set tracking cookies, sends no data to third parties, and does not follow you across other websites; no personal data or full IP addresses are collected. To meet data-minimisation standards under the GDPR and Singapore’s PDPA, analytics records are automatically deleted after two years.
7. Cookies
We use only essential and functionality cookies — never advertising, marketing, or tracking cookies. Because of this, we do not display a cookie consent banner. Full detail is in our Cookie Policy.
8. How We Use Your Information
- Operate, secure, and improve the platform
- Respond to enquiries and provision approved hubs
- Send transactional email (account and support messages)
- Understand aggregate usage to improve the service
9. Third-Party Processors
We use a limited number of service providers to operate the site. None are advertising companies, and none are permitted to use your data for their own purposes.
- Rocket.net (via Cloudflare) — hosting and content delivery (data stored in Singapore)
- SMTP2Go — secure delivery of transactional and notification email
- CleanTalk — server-side anti-spam and security; it checks the IP address and email submitted through our forms to block spam and abuse, and runs in cookieless mode (it sets no cookies)
10. Data Storage & Security
Data is hosted on Rocket.net’s managed WordPress platform in Singapore. Traffic is encrypted in transit, account passwords are stored as salted hashes, and administrative access is protected by two-factor authentication.
11. Data Retention
Individual assessment results are not retained — a respondent’s result is shown once and emailed to them, and their name and email are used only to deliver it, then discarded. We keep only a de-identified score record (scores, self-declared industry and country, and the originating sub-site) that cannot identify anyone; because it is anonymised it is not personal data and may be kept indefinitely for aggregate statistics. Account and enquiry data are retained while your relationship with us is active and deleted on request. Aggregated, anonymised analytics cannot identify you.
12. Data Protection Officer
We have appointed a Data Protection Officer (DPO) responsible for overseeing our compliance with Singapore’s Personal Data Protection Act (PDPA) and this policy. If you have a question about how we handle your personal data, or wish to make an access, correction, or deletion request or a complaint, please contact us and mark your message “for the attention of the Data Protection Officer.” We will respond within the timeframes required under the PDPA.
13. Your Rights
Subject to applicable law (including the EU GDPR and Singapore’s PDPA), you may request to access, correct, delete, or export your personal data, and withdraw consent for optional processing or unsubscribe from email at any time. To exercise these rights, please contact us. We aim to respond within 30 days.
14. Children’s Privacy
Our sites are intended for organisations and professionals and are not directed at children.
Changes to This Policy
We may update this policy to reflect changes in our practices or for legal reasons. The “Last updated” date shows when it was last revised.
Contact
Have a question about this policy? Please contact us.
