Privacy Policy

AI Data Security Collective

Effective Date: December 18, 2025

1. INTRODUCTION

The AI Data Security Collective (the "Collective," "we," "our," or "us") is committed to protecting your privacy and helping you understand how we collect, use, protect, and share your personal information. This Privacy Policy ("Policy") explains our privacy practices for the website located at https://aidatasecurity.org (the "Website"), our membership program, events, and all related services (collectively, the "Services").

The AI Data Security Collective is created and sponsored by Cyberhaven, Inc. ("Cyberhaven"). References to the Collective include Cyberhaven and its affiliates, officers, directors, employees, agents, and representatives when acting on behalf of the Collective.

This Privacy Policy is incorporated into and forms an integral part of our Terms and Conditions ("Terms"). Unless otherwise defined in this Policy, capitalized terms have the meanings given in the Terms.

BY ACCESSING THE WEBSITE OR USING THE SERVICES, YOU ACKNOWLEDGE THAT YOU HAVE READ AND UNDERSTOOD THIS PRIVACY POLICY AND AGREE TO THE COLLECTION, USE, AND DISCLOSURE OF YOUR PERSONAL INFORMATION AS DESCRIBED HEREIN. IF YOU DO NOT AGREE WITH THIS PRIVACY POLICY, DO NOT ACCESS OR USE THE SERVICES.

2. SCOPE OF THIS POLICY

This Privacy Policy applies to personal information collected through the Website and Services. It does not apply to:

• Third-party websites or services, including LinkedIn, that we do not control
• Information collected by Cyberhaven through its own products and services (which are governed by Cyberhaven's separate privacy policy)
• Information practices of Event sponsors, co-hosts, or other third parties

We encourage you to review the privacy policies of any third-party websites or services you access through the Services.

3. DEFINITIONS

For purposes of this Privacy Policy, the following definitions apply:

"Personal Information" or "Personal Data" means information that (i) identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, to an identified or identifiable natural person; or (ii) is otherwise considered personal data or personal information under applicable privacy laws.

"Processing" means any operation or set of operations performed on Personal Information, including collection, recording, organization, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure, transmission, dissemination, restriction, erasure, or destruction.

"Controller" means the entity that determines the purposes and means of Processing Personal Information.

"Processor" means an entity that Processes Personal Information on behalf of the Controller.

"Member" means an individual who has been approved for membership in the Collective.

"Visitor" means any individual who visits or interacts with the Website.

"Event" means any in-person, virtual, or hybrid event, gathering, workshop, dinner, forum, or conference organized by the Collective.

"Cookie" means a small text file stored on your device that enables the Website to recognize your device and store certain information.

4. INFORMATION WE COLLECT

We collect Personal Information through various means when you interact with the Website and Services. The categories of information we collect are described below.

4.1 Information You Provide Directly

When you apply for membership, register for Events, or interact with the Services, you may provide us with the following information:

Contact Information:

• First and last name
• Phone number
• Country of residence

Professional Information:

• Job title
• Company name
• Company email address
• LinkedIn profile URL

Communications:

• Information you provide when you contact us with questions, feedback, or support requests
• Information you provide in surveys or feedback forms
• Content of messages you send through the Website

4.2 Information We Collect from LinkedIn

When you apply for membership or become a Member, we collect publicly available information from your LinkedIn profile, including:

• Profile photograph
• Full name
• Current job title
• Current company name
• LinkedIn profile URL
• Professional summary (if publicly available)
• Work history (if publicly available)

You represent and warrant that:

• The information on your LinkedIn profile is accurate and current
• You have the right to grant us permission to display this information in our member directory
• The information is publicly available on LinkedIn and does not include restricted or private content
• Your use of LinkedIn complies with LinkedIn's Terms of Service

We periodically refresh member directory information from LinkedIn profiles, but we do not guarantee the frequency of updates or the accuracy of displayed information.

4.3 Information We Collect Automatically

When you visit the Website or use the Services, we automatically collect certain information through cookies and similar technologies:

Device Information:

• Device type, model, and manufacturer
• Operating system and version
• Browser type and version
• Device identifiers (such as advertising ID)
• Screen resolution and display settings

Browser Information:

• IP address
• Geographic location (country, state/region, city) derived from IP address
• Browser language preference
• Time zone setting

Usage Information:

• Pages visited on the Website
• Features and functionalities accessed
• Links clicked
• Search queries entered
• Time spent on pages
• Referring website or source
• Date and time of visits
• Navigation paths through the Website

Event Interaction Information:

• Event registration data
• Event attendance records
• Participation in Event activities
• Interactions with Event sponsors or exhibitors (if applicable)

4.4 Information from Third-Party Sources

We may receive Personal Information about you from third-party sources, including:

• Event registration platforms and service providers
• Email service providers and marketing platforms
• Analytics service providers
• Public databases and data enrichment services
• Business partners and Event sponsors (with appropriate consent)

4.5 Photographs, Videos, and Recordings

At Events, we may capture your image, voice, and likeness through photographs, video recordings, and audio recordings. By attending an Event, you consent to such capture and use as described in Section 5.4 below.

5. HOW WE USE YOUR INFORMATION

We use your Personal Information for the following purposes:

5.1 Membership Administration

• Reviewing and processing membership applications
• Communicating decisions from the Steering Committee
• Managing Member accounts and profiles
• Maintaining the member directory
• Verifying Member eligibility and credentials
• Enforcing membership terms and policies

5.2 Event Management

• Processing Event registrations
• Communicating Event details, updates, and changes
• Managing Event logistics and attendance
• Facilitating networking and connections among participants
• Improving future Event planning and execution
• Creating Event materials, promotional content, and marketing materials

5.3 Communications

• Sending administrative notifications about your account or membership
• Providing customer support and responding to inquiries
• Sending newsletters, updates, and announcements about the Collective's activities
• Notifying you about upcoming Events and opportunities
• Sharing thought leadership content and industry insights
• Conducting surveys and soliciting feedback

5.4 Marketing and Promotion

• Promoting the Collective and its mission
• Marketing Events and encouraging participation
• Creating promotional materials featuring Members (with consent as described in the Terms)
• Publicizing the Collective's activities through social media, press releases, and other channels
• Using photographs, videos, and recordings from Events in marketing materials
• Highlighting Member achievements and contributions (with appropriate consent)

5.5 Website and Service Improvement

• Analyzing usage patterns and trends
• Improving Website functionality and user experience
• Developing new features and services
• Conducting research and analytics
• Testing and troubleshooting technical issues
• Ensuring Website security and preventing fraud

5.6 Legal and Compliance

• Complying with legal obligations and responding to legal requests
• Enforcing our Terms and this Privacy Policy
• Protecting the rights, property, and safety of the Collective, Members, and others
• Resolving disputes and preventing fraud or abuse
• Maintaining records as required by law

5.7 Sponsorship and Partnerships

• Sharing information with Cyberhaven as the Collective's sponsor
• Facilitating partnerships with Event sponsors and co-hosts
• Supporting collaborative activities and joint initiatives
• Demonstrating the value and reach of the Collective to sponsors

5.8 Business Operations

• Managing business relationships and contracts
• Processing payments (if applicable in the future)
• Conducting internal audits and quality assurance
• Facilitating business transactions (such as mergers, acquisitions, or asset sales)

6. HOW WE SHARE YOUR INFORMATION

We share your Personal Information in the following circumstances:

6.1 Member Directory

Your information is displayed publicly in the member directory on the Website. As described in the Terms, by becoming a Member, you consent to the public display of:

• Your profile photograph (from LinkedIn)
• Your full name
• Your current job title
• Your current company name
• A link to your LinkedIn profile

The member directory is accessible to anyone who visits the Website, including search engines and other third parties. We are not responsible for how third parties use or disseminate information from the member directory.

6.2 Cyberhaven and Affiliates

We share Personal Information with Cyberhaven, our sponsor, and its affiliates, subsidiaries, and related entities for:

• Administrative and operational purposes
• Marketing and promotional activities
• Support and infrastructure services
• Data analytics and research
• Legal compliance and risk management

6.3 Event Sponsors and Partners

We may share certain Personal Information with Event sponsors, co-hosts, exhibitors, and partners, including:

• Name, job title, company name, and email address of Event registrants and attendees
• Event participation data and interaction information
• Professional interests and areas of expertise
• Information you voluntarily share with sponsors at Events

Event sponsors may use your information for their own marketing purposes. Their use of your information is governed by their own privacy policies, and we are not responsible for their practices.

6.4 Service Providers

We engage third-party service providers to perform functions on our behalf, including:

• Website hosting and infrastructure providers
• Email delivery and marketing automation platforms
• Event registration and management platforms
• Analytics and data enrichment services
• Customer support and communication tools
• Payment processors (if applicable)

These service providers have access to Personal Information only as necessary to perform their functions and are obligated to maintain its confidentiality and security.

6.5 Legal Requirements and Protection of Rights

We may disclose Personal Information when we believe in good faith that disclosure is necessary to:

• Comply with applicable laws, regulations, legal processes, or governmental requests
• Enforce our Terms, this Privacy Policy, or other agreements
• Investigate potential violations of our policies
• Detect, prevent, or address fraud, security, or technical issues
• Protect the rights, property, or safety of the Collective, our Members, or the public as required or permitted by law

6.6 Business Transfers

If the Collective, Cyberhaven, or substantially all of our assets are acquired by or merged with another entity, or in the event of bankruptcy, insolvency, or reorganization, Personal Information may be transferred to the successor entity. In such circumstances, we will use reasonable efforts to notify you before your Personal Information is transferred and becomes subject to a different privacy policy.

6.7 With Your Consent

We may share your Personal Information with third parties when we have your express consent to do so.

6.8 Aggregated and De-Identified Information

We may share aggregated, anonymized, or de-identified information that cannot reasonably be used to identify you with third parties for marketing, advertising, research, analytics, or other purposes.

7. COOKIES AND TRACKING TECHNOLOGIES

7.1 What Are Cookies?

Cookies are small text files that are stored on your device when you visit a website. Cookies enable the Website to recognize your device, remember your preferences, and provide you with a personalized experience.

7.2 Types of Cookies We Use

We and our service providers use the following types of cookies:

Essential Cookies:
These cookies are necessary for the Website to function properly. They enable basic features such as page navigation, access to secure areas, and form submission. The Website cannot function properly without these cookies.

Functional Cookies:
These cookies enable enhanced functionality and personalization, such as remembering your preferences, settings, and login information. They improve your experience but are not essential for the Website to function.

Analytics Cookies:
These cookies collect information about how you use the Website, such as which pages you visit, how long you stay on each page, and which links you click. We use this information to analyze usage patterns, improve the Website, and enhance user experience. We may use third-party analytics services such as Google Analytics.

Advertising and Marketing Cookies:
These cookies track your browsing activity across websites and are used to deliver targeted advertising and measure the effectiveness of marketing campaigns. They may be set by us or by third-party advertising partners.

7.3 Cookie Persistence

Session Cookies:
These cookies are temporary and are deleted when you close your browser. They enable basic functionality during your browsing session.

Persistent Cookies:
These cookies remain on your device after you close your browser and are used to remember your preferences, track usage over time, and deliver personalized content. They remain on your device for a set period or until you manually delete them.

7.4 Managing Cookies

You can control and manage cookies through your browser settings. Most browsers allow you to:

• View and delete cookies
• Block all cookies
• Block third-party cookies only
• Clear cookies when you close your browser
• Receive notifications when cookies are set

Please note that disabling or blocking cookies may affect your ability to use certain features of the Website. For example, you may need to log in each time you visit, and some functionality may not work properly.

To manage cookies in your browser:

• Google Chrome: Settings > Privacy and Security > Cookies and other site data
• Mozilla Firefox: Settings > Privacy & Security > Cookies and Site Data
• Apple Safari: Preferences > Privacy > Cookies and website data
• Microsoft Edge: Settings > Privacy, search, and services > Cookies and site permissions

For more information about cookies and how to manage them, visit www.allaboutcookies.org or www.aboutcookies.org.

7.5 Third-Party Analytics

We use third-party analytics services, such as Google Analytics, to collect and analyze usage information. These services may use cookies and similar technologies to collect information about your use of the Website and other websites. The information collected is used to improve the Website and understand user behavior.

For more information about Google Analytics and how to opt out, visit https://tools.google.com/dlpage/gaoptout.

7.6 Do Not Track Signals

Some browsers have a "Do Not Track" (DNT) feature that signals to websites that you do not want your online activities tracked. Currently, there is no industry standard for how to respond to DNT signals, and the Website does not respond to DNT signals at this time. We continue to collect information about your usage as described in this Privacy Policy even if you have enabled DNT in your browser.

8. YOUR PRIVACY RIGHTS

Depending on your location, you may have certain rights regarding your Personal Information. The specific rights available to you are described below.

8.1 Rights for All Users

Regardless of location, you may:

• Update Your Information: You may update your account information and membership profile by contacting us at info@aidatasecurity.org.
• Opt Out of Marketing Communications: You may opt out of receiving promotional emails by clicking the "unsubscribe" link in any marketing email or by contacting us. Please note that even if you opt out of marketing communications, you will still receive administrative and transactional communications regarding your membership and the Services.
• Request Removal from Member Directory: You may request removal from the publicly accessible member directory by contacting us at info@aidatasecurity.org. We will process your request within a reasonable timeframe, but cached versions may persist in search engines and third-party databases beyond our control.

8.2 European Economic Area (EEA), United Kingdom (UK), and Switzerland

If you are located in the EEA, UK, or Switzerland, you have the following rights under the General Data Protection Regulation (GDPR) and applicable UK data protection laws:

Right to Access:
You have the right to request access to the Personal Information we hold about you and to receive information about how we Process it.

Right to Rectification:
You have the right to request correction of inaccurate or incomplete Personal Information.

Right to Erasure (Right to Be Forgotten):
You have the right to request deletion of your Personal Information in certain circumstances, such as when the information is no longer necessary for the purposes for which it was collected.

Right to Restriction of Processing:
You have the right to request that we restrict Processing of your Personal Information in certain circumstances, such as when you contest the accuracy of the information or object to Processing.

Right to Data Portability:
You have the right to receive your Personal Information in a structured, commonly used, and machine-readable format and to transmit it to another controller.

Right to Object:
You have the right to object to Processing of your Personal Information for direct marketing purposes or based on legitimate interests. Upon receipt of an objection, we will stop Processing unless we have compelling legitimate grounds that override your interests or the Processing is necessary for legal claims.

Right to Withdraw Consent:
Where Processing is based on your consent, you have the right to withdraw consent at any time without affecting the lawfulness of Processing based on consent before withdrawal.

Right to Lodge a Complaint:
You have the right to lodge a complaint with a supervisory authority in your country if you believe that the Processing of your Personal Information violates applicable data protection laws.

To exercise your rights, please contact us at info@aidatasecurity.org with the subject line "GDPR Data Subject Request." We will respond to your request within one month, although this period may be extended by up to two additional months in certain circumstances. We may require verification of your identity before Processing your request.

8.3 California Residents

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

Right to Know:
You have the right to request disclosure of the categories and specific pieces of Personal Information we have collected about you, the categories of sources from which the information was collected, the business or commercial purposes for collecting the information, and the categories of third parties with whom we share the information. You may make such requests up to twice in a 12-month period.

Right to Delete:
You have the right to request deletion of your Personal Information, subject to certain exceptions under the CCPA.

Right to Correct:
You have the right to request correction of inaccurate Personal Information we maintain about you.

Right to Opt Out of Sale or Sharing:
You have the right to opt out of the "sale" or "sharing" of your Personal Information (as those terms are defined under the CCPA). At this time, we do not sell Personal Information as traditionally understood, but we may share information with third parties in ways that constitute "sharing" under the CCPA (such as cross-context behavioral advertising). To opt out, please contact us at info@aidatasecurity.org.

Right to Limit Use of Sensitive Personal Information:
You have the right to limit our use and disclosure of sensitive Personal Information to purposes specified in the CPRA. We do not use or disclose sensitive Personal Information for purposes beyond those specified unless required by law.

Right to Non-Discrimination:
You have the right not to receive discriminatory treatment for exercising your privacy rights under the CCPA. We will not deny you services, charge different prices, provide different quality of services, or retaliate against you for exercising your rights.

To exercise your rights, please contact us at info@aidatasecurity.org with the subject line "California Data Subject Request" or call us at the contact number we provide upon request. We will verify your identity before Processing your request using information we have collected about you. If you use an authorized agent to submit a request, we may require written authorization demonstrating that the agent is authorized to act on your behalf.

We do not charge a fee to process or respond to verifiable consumer requests unless they are excessive, repetitive, or manifestly unfounded. If we determine that a request warrants a fee, we will inform you of the reasons and provide a cost estimate before completing the request.

Additional California Privacy Disclosures:

• We have collected the categories of Personal Information described in Section 4 within the last 12 months.
• We use and disclose Personal Information for the business and commercial purposes described in Section 5 and Section 6.
• We do not knowingly sell or share Personal Information of consumers under 16 years of age.

8.4 Other Jurisdictions

If you are located in a jurisdiction with privacy laws that provide specific rights, you may have additional rights regarding your Personal Information. Please contact us at info@aidatasecurity.org to inquire about rights available in your jurisdiction.

9. DATA SECURITY

We implement reasonable administrative, technical, and physical security measures designed to protect your Personal Information from unauthorized access, use, disclosure, alteration, and destruction. These measures include:

• Encryption of data in transit using secure socket layer (SSL) technology
• Encryption of sensitive data at rest
• Access controls and authentication mechanisms to limit access to Personal Information
• Regular security assessments and vulnerability testing
• Employee training on data security and privacy practices
• Monitoring and logging of system activity to detect and respond to security incidents

Despite our efforts, no security measures are perfect or impenetrable, and no method of data transmission or storage can be guaranteed to be 100% secure. We cannot guarantee the absolute security of your Personal Information. You acknowledge and accept the inherent risks of transmitting information over the internet.

You are responsible for maintaining the confidentiality of your account credentials and for all activities that occur under your account. You should use a strong, unique password and not share it with others. If you believe your account has been compromised, please contact us immediately at info@aidatasecurity.org.

10. DATA RETENTION

We retain your Personal Information for as long as necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law. The retention period depends on various factors, including:

• The nature and sensitivity of the information
• The purposes for which we collected and Process the information
• Legal, regulatory, accounting, or reporting requirements
• Our legitimate business interests

Specific Retention Periods:

• Membership Information: We retain membership information for the duration of your membership and for a reasonable period thereafter for record-keeping, legal compliance, and dispute resolution purposes. If you request deletion of your information, we will delete or anonymize it within a reasonable timeframe, subject to legal obligations.
  
  
• Event Information: We retain Event registration and attendance information for a reasonable period to fulfill Event-related purposes, comply with legal obligations, and improve future Events.
  
  
• Marketing Communications: We retain marketing communication records for as long as you remain subscribed to our communications and for a reasonable period thereafter to respect opt-out preferences and comply with legal requirements.
  
  
• Website Usage Data: We retain Website usage data, analytics, and log files for a limited period necessary for operational and analytical purposes.
  
  

When Personal Information is no longer needed, we will delete, destroy, or anonymize it in accordance with our data retention policies and applicable laws.

11. INTERNATIONAL DATA TRANSFERS

The Collective operates in the United States, and your Personal Information may be transferred to, stored, and Processed in the United States and other countries where our service providers operate. These countries may have data protection laws that differ from those in your country of residence.

If you are located outside the United States, by using the Services, you acknowledge and consent to the transfer of your Personal Information to the United States and other countries for Processing as described in this Privacy Policy.

For users in the EEA, UK, and Switzerland, we implement appropriate safeguards to ensure that your Personal Information receives an adequate level of protection when transferred internationally. These safeguards may include:

• Standard contractual clauses approved by the European Commission
• Adequacy decisions recognizing certain countries as providing adequate data protection
• Other legally approved transfer mechanisms

If you would like more information about the safeguards we use for international data transfers, please contact us at info@aidatasecurity.org.

12. CHILDREN'S PRIVACY

The Services are not intended for, and we do not knowingly collect Personal Information from, individuals under the age of 18. The Website and Services are designed for and directed to adults. If we learn that we have collected Personal Information from a child under 18, we will take steps to delete such information as soon as reasonably practicable.

If you believe that we have collected Personal Information from a child under 18, please contact us immediately at info@aidatasecurity.org.

13. THIRD-PARTY WEBSITES AND SERVICES

The Website and Services may contain links to third-party websites, applications, and services, including LinkedIn. This Privacy Policy does not apply to those third-party sites and services, which are governed by their own privacy policies.

We are not responsible for the privacy practices, content, or security of any third-party websites or services. We encourage you to review the privacy policies of any third-party sites you visit or services you use.

13.1 LinkedIn Integration

We integrate with LinkedIn to collect publicly available information from Member profiles. Your use of LinkedIn and our access to your LinkedIn information are governed by LinkedIn's Terms of Service and Privacy Policy. We are not responsible for LinkedIn's privacy practices or changes to LinkedIn's APIs, terms, or functionality.

The Collective may, at its discretion, discontinue LinkedIn integration or migrate to different platforms without liability.

14. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or for other operational, legal, or regulatory reasons. When we make material changes, we will:

• Post the updated Privacy Policy on the Website with a new "Effective Date"
• Send email notification to Members at the email address associated with their account (if we have it)
• Provide prominent notice on the Website for a reasonable period

Material changes will become effective thirty (30) days after notice is provided, unless a shorter period is required by law. Non-material changes will become effective immediately upon posting.

Your continued use of the Services after the effective date of any changes constitutes your acceptance of the updated Privacy Policy. If you do not agree with the changes, you must discontinue use of the Services and may contact us to request deletion of your information (subject to legal retention requirements).

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your Personal Information.

15. CONTACT INFORMATION

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

AI Data Security Collective
Email: info@aidatasecurity.org
Website: https://aidatasecurity.org

For Data Subject Rights Requests:

• GDPR Requests: Email info@aidatasecurity.org with subject line "GDPR Data Subject Request"
• CCPA Requests: Email info@aidatasecurity.org with subject line "California Data Subject Request"
• Other Privacy Requests: Email info@aidatasecurity.org with subject line "Privacy Request"

We will respond to your inquiry as promptly as possible, typically within 30 days, although response times may vary depending on the nature and complexity of your request.

16. ACKNOWLEDGMENT

By accessing the Website or using the Services, you acknowledge that:

1. You have read and understood this Privacy Policy in its entirety
2. You consent to the collection, use, and disclosure of your Personal Information as described in this Privacy Policy
3. You understand that your information may be transferred to and Processed in the United States and other countries
4. You have had the opportunity to seek independent legal advice regarding this Privacy Policy
5. If you do not agree with this Privacy Policy, you must not access or use the Services

Last Updated: December 18, 2025