Privacy Policy

Last updated: May 19, 2026. This policy describes how The Extreme AI, Inc. ("The Extreme AI," "we," "our," or "us") collects, uses, and protects your personal information when you use our website and services.

1. Information We Collect

Information You Provide Directly

• Contact information: Name, business email address, company name, and phone number when you submit our contact form, book a discovery call, or email us.
• Booking information: When you schedule a call via Calendly, we receive your name, email, and any information you enter in the booking form (e.g., company size, industry, use case).
• Engagement data: For clients who proceed to a Diagnostic or build engagement, we collect business information you share during the engagement — workflow documentation, tool access credentials (stored securely, never retained after engagement), and operational data needed to build and configure agents.
• Communications: Records of emails, calls, and messages exchanged in the course of our work together.
• Payment information: Payment is processed through Stripe. We do not store credit card numbers or full payment details on our systems. Stripe's privacy policy governs payment data handling.

Information We Collect Automatically

• Log data: IP address, browser type and version, pages visited, time spent on pages, and referring URL. Collected via standard server logs.
• Analytics: We use privacy-respecting analytics to understand aggregate traffic patterns. We do not use Google Analytics. Analytics data is not linked to individual identities.
• Technical data: Screen resolution, device type, operating system — collected for the purpose of optimizing the website experience.

2. How We Use Your Information

We use the information we collect to:

• Respond to your inquiries and schedule discovery calls
• Deliver the AI Diagnostic and build engagement services you've contracted for
• Send transactional communications related to your engagement (status updates, deliverables, invoices)
• Improve our website and services based on aggregate usage patterns
• Comply with legal obligations (tax records, regulatory requirements)
• Protect against fraud, abuse, or security threats

We do not use your information for: behavioral advertising, sale to third parties, training AI models, or marketing without your explicit consent. If you receive a newsletter or follow-up sequence you did not opt into, email us and we will remove you immediately.

3. Data Sharing and Disclosure

We do not sell your personal information. We share data only in the following circumstances:

• Service providers (subprocessors): We use a small number of third-party services to deliver our services — Calendly (scheduling), Stripe (payments), Google Workspace (email and documents), Supabase (database for the client portal), and Notion (internal project management). All subprocessors are contractually required to protect your data and may only use it to provide services on our behalf.
• AI model providers: When building and testing agents, we may pass structured business data to AI inference APIs (Anthropic, OpenAI). These providers are configured with zero data retention — your data is not used to train their models. We use only the data necessary for the specific agent task.
• Legal requirements: We may disclose information if required by law, court order, or government authority with jurisdiction, or to protect the rights and safety of our users and business.
• Business transfers: In the event of a merger, acquisition, or asset sale, your information may be transferred. We will notify you before your information is subject to a different privacy policy.

4. Cookies and Tracking Technologies

Our website uses a minimal set of cookies:

• Strictly necessary cookies: Session management for the client portal sign-in. These cannot be disabled.
• Analytics cookies: Anonymous, aggregate page-view tracking. No cross-site tracking. No advertising networks.
• Preference cookies: Remembering your language or display preferences where applicable.

We do not use third-party advertising cookies, tracking pixels, or retargeting scripts. You can disable analytics cookies via your browser settings without affecting the core functionality of our site.

Do Not Track: We honor Do Not Track signals. When DNT is enabled in your browser, we disable all non-essential tracking.

5. Data Retention

• Website visitors: Log data is retained for 90 days, then automatically deleted.
• Prospective clients (pre-engagement): Contact information retained for 24 months from last interaction, unless you request deletion earlier.
• Active and completed engagements: Client business data is retained for the duration of the engagement plus 3 years (required for tax and legal compliance). Sensitive operational data (e.g., API credentials, employee PII) is deleted within 30 days of engagement close.
• Financial records: Payment and invoice records retained for 7 years as required by US tax law.

You may request deletion of your personal data at any time. We will fulfill deletion requests within 30 days, except where we are required by law to retain certain records.

6. Your Privacy Rights

Rights for All Users

• Access: Request a copy of the personal information we hold about you.
• Correction: Request correction of inaccurate or incomplete data.
• Deletion: Request deletion of your personal data (subject to legal retention requirements).
• Portability: Receive your data in a structured, machine-readable format.
• Opt-out of marketing: Unsubscribe from any marketing communications at any time.

GDPR Rights (EU/UK Residents)

In addition to the rights above, EU and UK residents have the right to:

• Object to processing of your personal data
• Restrict processing in certain circumstances
• Lodge a complaint with your local data protection authority (DPA)
• Withdraw consent at any time, where processing is based on consent

Legal basis for processing: We process your data under legitimate interests (responding to business inquiries, delivering contracted services), contractual necessity (delivering engagements you've paid for), and legal obligation (tax and regulatory compliance).

CCPA Rights (California Residents)

California residents have the right to know what personal information is collected and how it is used, delete personal information, opt out of the "sale" of personal information (we do not sell personal information), and non-discrimination for exercising privacy rights.

To submit a CCPA request, email info@theextremeai.com with subject line "CCPA Request." We will verify your identity and respond within 45 days.

7. Security

We implement technical and organizational measures to protect your personal information against unauthorized access, disclosure, or destruction. This includes encryption at rest and in transit, access controls, and regular security assessments. For details, see our Security & Compliance page.

No method of transmission over the internet is 100% secure. In the event of a data breach affecting your personal information, we will notify you within 72 hours as required by applicable law.

8. Children's Privacy

Our services are directed at business professionals and are not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child under 18, we will delete it immediately. Contact us if you believe we may have inadvertently collected such data.

9. International Data Transfers

The Extreme AI is based in the United States. If you are located outside the United States, your information may be transferred to and processed in the US or other countries where our subprocessors operate.

For transfers of EU personal data to the US, we use Standard Contractual Clauses (SCCs) approved by the European Commission as the legal transfer mechanism. For clients requiring EU-only data residency, we offer EU-hosted deployment options.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page with an updated date, and by email if you are an active client. We encourage you to review this policy periodically. Your continued use of our services after any change constitutes acceptance of the updated policy.

11. Contact Us

For privacy questions, requests, or complaints:

The Extreme AI, Inc.
8 The Green STE B
Dover, DE 19901
United States
Email: info@theextremeai.com
Subject line: "Privacy Request"

We will respond to all privacy requests within 30 days.