Privacy

This page describes the data AI Resource Zone collects, how that data is used, what it is never used for, and the controls visitors have. It is written in plain English. The short version: we collect the minimum needed to run the site, we keep the data first-party, and we do not sell or share user data with advertisers or data brokers.

If any specific question on this page is unclear, the contact form has a dedicated category for privacy enquiries. We answer privacy questions in writing, and we keep a copy of the answer alongside the question so the next person who asks gets the same response.

Members who create an account give us an email address and a password. The password is stored only as a one-way hash, never as the plain string. The email address is used for sign-in, password resets, and account-related notifications. Members can choose to follow topics or save resources; those choices are stored against the account.

Readers who submit a statement give us the statement text, an optional display name, and a primary topic. The statement is associated with the submitter's account when the submitter is signed in; otherwise it is anonymous. To prevent abuse we record a SHA-256 hash of the submitter's IP address and a SHA-256 hash of their user-agent string against the statement row. We do not store the raw IP.

Readers who use the Chat Center create a chat session identified by a guest token cookie hash. Each message is stored alongside the session so the conversation has context. Page views are recorded with the URL path, an optional route name, a hashed session token, and the broad family of the user agent (for example, "Chrome" or "Safari"). Search queries are recorded with the query string and a hashed IP for rate-limiting and analytics.

The first reason we collect anything is to make the feature work. A statement needs a body. A chat session needs a session ID. A search needs a query. Beyond that, we use the page-view, search, and chat data to produce aggregate analytics — what pages are popular, what queries fail, where the chatbot is most useful — so we can improve the site. We do not produce per-user dashboards, and we do not enrich our records with data bought from third parties.

We rate-limit submissions and searches by hashed IP so a single source cannot flood the queue. The hash is one-way, salted by the site key, and it lets us count without identifying. There are no third-party advertising networks on the site, no behavioral retargeting, and we never sell user data. If a future change to this would ever be on the table, this page would be updated first and members would be emailed.

The contact form stores the submitted name, email, subject, and message body so an editor can read it and reply. A SHA-256 hash of the submitter IP and the user-agent family are also stored alongside the row so we can identify and block abuse without keeping the raw values. Inbound contact messages are not used for anything other than answering the message and improving site moderation.

There is no behavioral advertising on the site. There are no tracking pixels from social networks or ad networks. There is no browser fingerprinting library. There is no email-list rental, sale, or transfer.

We do not embed third-party widgets that load scripts from external advertising or analytics platforms. The site uses a small number of first-party assets and a self-hosted analytics path. Where we link out to an external resource — for example, a government guidance PDF — that link is a normal hyperlink; following it loads that other site under its own privacy terms, not ours.

The site uses three first-party cookies. The Laravel session cookie keeps a signed-in member signed in across pages and is required to use any account feature. A `guest_chat_token` cookie, set only when a non-member starts a chat, keeps a chat session continuous across page loads. A `site_session_token` cookie supports first-party analytics with a 30-day lifetime so visit patterns can be measured without identifying the visitor.

Every cookie is first-party, every cookie uses the SameSite=Lax attribute, and no cookie carries personal information directly — only opaque identifiers. There are no third-party advertising or social-network cookies set by this site, and the site does not embed third-party iframes that would set cookies in their own context.

Members can delete their account from the account settings page. Deletion removes the account record and clears the link between the account and any submitted statements; the statements remain visible if they were approved, but with no link back to the original member. Members can request an export of their account data and submitted content through the contact form. Corrections to anything we have written about you can be requested through the contact form too.

Retention windows are short by design. Search log entries are pruned at 90 days by a scheduled command. Page-view rows are pruned at 90 days by the same scheduled command. Chat messages are kept for the lifetime of the chat session and are not used to train any model. Statement audit-trail rows persist for as long as the statement does.

If you live in a jurisdiction with formal data-rights legislation — for example, the EU GDPR, the UK Data Protection Act, or the California Consumer Privacy Act — you may exercise the rights granted to you under that law by contacting us through the form on the contact page. We will respond inside the timeframe set by the relevant law, and we will tell you in writing what action we have taken in response. Where a request cannot be fulfilled (for example, where deletion would also remove a moderation audit trail required for site integrity), we will explain why.