Tools Privacy Policy

Effective date: 12/15/2025

Purpose

The tools subdomain provides governance and AI-readiness assessments. Inputs you provide help generate assessments and are not used for advertising or resale.

Information We Collect

  • Form inputs: Data you enter into assessments (e.g., maturity ratings, notes, contact details if requested for follow-up).
  • Operational logs: IP address, user agent, and request details to monitor reliability and security.
  • Analytics: Aggregated usage metrics to understand which tools are most helpful.

How We Use Information

  • Generate assessment outputs you request.
  • Improve scoring logic, guidance, and user experience.
  • Maintain security and prevent abuse.

Data Handling

  • Local (your browser): Draft responses, session state, and saved view preferences may be stored in your browser to keep progress and recall results.
  • Server storage: Assessment submissions and scores are stored when you submit an assessment or request deliverables like PDF generation, email delivery, or explicit save. Feedback submissions and operational logs are stored on our servers to improve the tools and keep them reliable.
  • Retention: We retain stored data only as long as needed to deliver results, support follow-up, or meet operational and security needs.
  • No sale of data or sharing with advertisers.
  • Limited access: only operational personnel supporting the tools platform.

AI and Model Use

Some tools send assessment data and derived scores to a large language model (LLM) via API to generate questions and summaries. We currently use Anthropic for these LLM calls. Prompts are structured to minimize exposure of sensitive details; avoid entering regulated or confidential information.

Third-Party Processing

When an LLM response is requested, relevant assessment inputs and scores are transmitted to Anthropic for processing. This data is handled under Anthropic's API terms and policies. We do not sell data or authorize use for advertising.

LinkedIn Sign-In (Duty of Care Game)

The Duty of Care board game offers an optional "Sign in with LinkedIn" feature using LinkedIn's OpenID Connect protocol.

  • What we collect: Your name, email address, and profile picture URL as provided by LinkedIn during sign-in.
  • How we use it: To identify your account for game result storage and optional public leaderboard display. Your name and profile picture appear on the leaderboard only if you explicitly opt in.
  • What we don't do: We never post to your LinkedIn feed, access your connections, or share your LinkedIn data with third parties.
  • Retention: Your LinkedIn profile data is retained until you request deletion via [email protected].

Security

We use HTTPS, role-based access to infrastructure, and dependency patching. While no system is perfectly secure, controls are reviewed to keep risk low.

Your Choices

  • Request deletion of submitted data by emailing [email protected] with the date and tool used.
  • You may decline optional fields and still receive a result when possible.

Contact

Privacy questions for the tools subdomain: [email protected].