1. Overview
This Privacy Policy explains how Directive AI ("Directive AI," "we," "us," or "our") collects, uses, stores, and protects information about you when you use our website at directiveai.ai, our SaaS platform, and our done-for-you AI automation services (collectively, the "Service").
We are committed to protecting your privacy. This policy is designed to be transparent, readable, and actionable. If you have questions at any time, email us at directiveai.ai@gmail.com.
Short version: We collect information to provide and improve the Service. We don't sell your personal data. You have rights to access, correct, and delete your data. We use industry-standard security practices.
2. Information We Collect
2.1 Information You Provide Directly
| Data Type |
Examples |
When Collected |
| Contact Information |
Name, email address, phone number |
Account registration, intake forms, contact requests |
| Business Information |
Company name, industry, business description, challenges |
AI audit form, project inquiries |
| Account Credentials |
Email address, password (hashed) |
Account creation and login |
| Payment Information |
Billing address, payment method (processed by Stripe) |
Subscription or project payments |
| Communications |
Emails, support messages, chatbot conversations |
Customer support, chatbot interactions |
| Project Data |
Business processes, workflows, sample data |
Done-for-you project delivery |
2.2 Information Collected Automatically
- Usage Data: Pages visited, features used, click patterns, session duration.
- Device & Technical Data: IP address, browser type, operating system, device identifiers.
- Log Data: Server logs including timestamps, URLs accessed, error messages.
- Referral Data: UTM parameters and source/medium/campaign tracking.
2.3 Information from Third Parties
- Analytics providers (e.g., Google Analytics) may provide aggregate behavioral data.
- Payment processors (e.g., Stripe) provide transaction confirmation data.
- Publicly available sources such as company websites or LinkedIn, for lead enrichment.
3. How We Use Your Information
We use your information for the following purposes:
- Providing the Service: To operate, maintain, and improve our platform and deliver done-for-you AI agent builds.
- Account Management: To create and manage your account, authenticate you, and process payments.
- Communication: To respond to inquiries, send service updates, invoices, and operational messages.
- Marketing (with consent): To send newsletters, promotional offers, and product updates where you have opted in. You can opt out at any time.
- Improving the Service: To analyze usage patterns, identify bugs, test new features, and enhance user experience.
- Security: To detect fraud, abuse, and other harmful activity and to protect our platform and users.
- Legal Compliance: To fulfill legal obligations, enforce our Terms of Service, and respond to lawful requests.
- Lead Enrichment: To research and qualify potential clients to personalize our outreach and service recommendations.
We do not use your personal data to train AI models that are sold or licensed to third parties.
4. Information Sharing
We do not sell, rent, or trade your personal information. We may share your information only in the following limited circumstances:
4.1 Service Providers
We share information with trusted third-party vendors who help us operate the Service, including:
- Payment Processing: Stripe (payment data; see Stripe's Privacy Policy)
- Email Delivery: Email service providers for transactional and marketing emails
- Cloud Infrastructure: Hosting and database providers
- Analytics: Analytics platforms for aggregated usage analysis
- AI Processing: Third-party AI APIs (e.g., Anthropic, OpenAI) to power AI features
These providers are contractually obligated to protect your data and may only use it to perform services for us.
4.2 Legal Requirements
We may disclose information when required to comply with applicable law, regulation, court order, or governmental request, or when we believe disclosure is necessary to protect our rights, your safety, or the safety of others.
4.3 Business Transfers
If Directive AI is involved in a merger, acquisition, or asset sale, your personal information may be transferred as a business asset. We will notify you via email or a prominent notice on our website before your information is transferred.
4.4 With Your Consent
We may share your information in other ways with your explicit consent.
5. Cookies & Tracking Technologies
5.1 What We Use
We use cookies and similar tracking technologies to provide, improve, and analyze the Service. These include:
- Strictly Necessary Cookies: Required for authentication, security, and core functionality. Cannot be disabled.
- Analytics Cookies: Help us understand how visitors interact with our website (e.g., Google Analytics).
- Marketing Cookies: Used to track campaigns and deliver relevant advertisements.
- Preference Cookies: Remember your settings and preferences for a better experience.
5.2 Your Choices
You can control cookies through your browser settings. Most browsers allow you to refuse or delete cookies. Note that disabling certain cookies may affect the functionality of the Service.
To opt out of Google Analytics, install the Google Analytics Opt-out Browser Add-on.
6. Data Retention
We retain personal information for as long as necessary to:
- Provide the Service and maintain your account;
- Comply with legal obligations (e.g., tax records, contracts);
- Resolve disputes and enforce agreements;
- Conduct legitimate business analytics and reporting.
When retention is no longer necessary, we delete or anonymize your personal information. Typical retention periods:
| Data Category |
Retention Period |
| Account data |
Duration of account + 2 years after closure |
| Transaction / billing records |
7 years (tax and legal compliance) |
| Marketing leads |
3 years from last interaction (unless opted out) |
| Support communications |
3 years from resolution |
| Analytics data |
26 months (aggregated/anonymized) |
| Server logs |
90 days |
You may request earlier deletion; see Your Rights below.
7. Data Security
We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:
- Encryption of data in transit (TLS/HTTPS) and at rest
- Secure, hashed storage of passwords
- Access controls limiting data access to authorized personnel
- Regular security reviews and vulnerability assessments
- Encrypted storage of sensitive credentials and tokens
No method of transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security. If a data breach occurs that is likely to result in risk to your rights, we will notify you as required by law.
8. Your Rights
You have the following rights regarding your personal information:
Access
Request a copy of the personal data we hold about you.
Correction
Request correction of inaccurate or incomplete data.
Deletion
Request deletion of your personal data ("right to be forgotten").
Portability
Request your data in a structured, machine-readable format.
Objection
Object to processing for direct marketing or certain other purposes.
Restriction
Request that we restrict processing of your data in certain circumstances.
To exercise any of these rights, email us at directiveai.ai@gmail.com. We will respond within 30 days. We may ask you to verify your identity before processing certain requests.
You also have the right to opt out of marketing emails at any time by clicking "Unsubscribe" in any email we send you, or by emailing us directly.
9. GDPR — EU & UK Users
If you are located in the European Economic Area (EEA) or United Kingdom, the General Data Protection Regulation (GDPR) or UK GDPR applies to our processing of your personal data.
9.1 Legal Bases for Processing
We process your personal data on the following legal bases:
- Contract Performance: Processing necessary to provide the Service you've requested.
- Legitimate Interests: Processing for fraud prevention, security, analytics, and service improvement where your interests do not override ours.
- Consent: Marketing communications, non-essential cookies, and optional data processing where you have provided clear consent.
- Legal Obligation: Compliance with applicable laws, regulations, or court orders.
9.2 Data Controller
Directive AI acts as the data controller for personal data collected via the Service. For data processed as part of AI agent builds for clients, Directive AI may act as a data processor on behalf of the client.
9.3 Your GDPR Rights
In addition to the general rights above, EU/UK residents have the right to lodge a complaint with your local data protection authority if you believe we are processing your data unlawfully.
10. CCPA — California Residents
If you are a California resident, the California Consumer Privacy Act (CCPA) grants you the following rights:
- Right to Know: Request that we disclose the categories and specific pieces of personal information we've collected, the sources, purposes, and third parties with whom we share it.
- Right to Delete: Request deletion of personal information we have collected, subject to certain exceptions.
- Right to Opt-Out of Sale: We do not sell personal information. If this changes, we will provide a "Do Not Sell My Personal Information" link.
- Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.
To exercise these rights, contact us at directiveai.ai@gmail.com or via the information in the Contact Us section.
Personal Information Categories (CCPA)
In the past 12 months, we have collected the following categories of personal information:
- Identifiers (name, email, IP address)
- Commercial information (purchase history, billing records)
- Internet or other electronic network activity (usage data, log data)
- Professional or employment-related information (company, job role)
- Inferences drawn to create a profile about preferences and interests
11. Children's Privacy
The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a child under 18, please contact us at directiveai.ai@gmail.com and we will promptly delete such information.
12. Third-Party Services & Links
The Service may contain links to third-party websites, tools, or services that are not owned or controlled by Directive AI. This Privacy Policy does not apply to those third parties. We encourage you to review the privacy policies of any third-party services you access.
We are not responsible for the privacy practices of any third-party services you interact with through or in connection with the Service.
13. International Data Transfers
Directive AI is based in the United States. If you are located outside the United States, your information may be transferred to and processed in the United States or other countries where our service providers operate.
For transfers of personal data from the EEA, UK, or Switzerland to the United States, we rely on appropriate transfer mechanisms including Standard Contractual Clauses as approved by the European Commission, or other mechanisms where applicable.
14. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will:
- Post the updated policy on this page with a new "Last Updated" date;
- Notify registered users via email at the address associated with their account;
- Where required by law, obtain your consent before implementing material changes.
We encourage you to review this page periodically. Your continued use of the Service after changes become effective constitutes your acceptance of the updated policy.