aiactcheck
Start Assessment

Privacy Policy

Effective date: 1 February 2026

aiactcheck.org ("we", "us", "our") is committed to protecting your privacy. This policy explains what data we collect, how we use it, and your rights under the General Data Protection Regulation (GDPR).

1. Data Controller

The data controller for this service is aiactcheck.org. For any privacy-related inquiries, contact us at [email protected].

2. Data We Collect

We collect the minimum amount of data necessary to provide our service:

  • Assessment answers — The responses you provide during the AI system risk classification assessment.
  • Email address (optional) — If you choose to provide your email address to receive your report, we store it solely for that purpose.
  • IP address — We temporarily process IP addresses for rate limiting and abuse prevention.

3. Cookies

We use cookies only for analytics purposes. Google Analytics sets cookies (such as _ga and _ga_*) to distinguish unique users and track session information. These cookies are set only after you give your explicit consent via our cookie banner.

You can withdraw your consent at any time by clearing your browser cookies for this site. No analytics cookies are set if you decline consent.

4. Analytics

We use Google Analytics 4 (measurement ID: G-FDWMVJ820Q) to understand how visitors use our site. Analytics data is processed by Google LLC. Google is certified under the EU-US Data Privacy Framework. Analytics scripts are loaded only after you consent.

5. Third-Party Services

Apart from Google Analytics (with your consent), we do not use any third-party tracking services, advertising pixels, or social media trackers.

6. Data Retention

  • Assessment results and reports are stored for up to 12 months.
  • Email addresses are retained for up to 12 months and then deleted.
  • IP addresses used for rate limiting are not stored long-term.

7. Legal Basis (GDPR Art. 6)

  • Legitimate interest (Art. 6(1)(f)) — Rate limiting and abuse prevention.
  • Consent (Art. 6(1)(a)) — When you provide your email or accept cookies.
  • Contract performance (Art. 6(1)(b)) — Processing your assessment.

8. Your Rights Under GDPR

Right of access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction (Art. 18), data portability (Art. 20), and right to object (Art. 21).

Contact us at [email protected]. We will respond within 30 days.

9. Data Security

Data is transmitted over HTTPS and stored in encrypted form.

10. Changes to This Policy

Changes will be posted on this page with an updated effective date.