The AI Protocol respects your privacy. This page explains what information we collect, how we use it, who we share it with, and what choices you have. If anything below is unclear, write to mirza@theaiprotocol.co and we'll talk it through.
We're a small business operated by Mirza Daniels (sole proprietor) based in Eastanollee, Georgia. We work with local businesses across the rural Southeast US in English and Spanish.
What we collect
We collect different types of information depending on how you use our website and services.
Information you give us directly
- Name, email address, phone number, business name, and location — when you book an audit call, take the AI Readiness Score quiz, fill out a contact form, or sign a client agreement.
- Business details — your industry, current tools, team size, goals, and pain points — when you complete our onboarding questionnaire or talk with us on calls.
- Content you share — emails you send us, photos you provide for site builds, login credentials you share for installs (which we strongly recommend you change after our engagement ends).
Information collected automatically
- Basic website analytics — pages visited, time on site, country, device type, and referring site. We use this to understand which parts of the site are useful and which aren't.
- Cookies — small text files that help our website function and remember your preferences. We use only essential and analytics cookies (no advertising cookies).
Payment information
When you pay an invoice, your payment information (card numbers, bank account numbers) is handled directly by Stripe, our payment processor. We never see, store, or have access to your full card number. We only see the last four digits of your card for our own records.
Why we collect it
- To deliver the services you bought. Site builds, installs, training, audits — we need your business info to do the work.
- To send invoices and receipts. We need your contact and payment info to bill you and confirm payments.
- To communicate with you. Project updates, scheduled calls, support questions, occasional check-ins.
- To respond to inquiries. When you reach out, we need your name and email to write back.
- To improve our work. Anonymous patterns from website analytics help us understand what's useful.
We do not sell your information. We do not rent it. We do not use it for advertising beyond communicating with you directly about your own engagement.
Who we share it with
We share your information only with the small set of trusted services we use to run our business. Each of these has its own privacy policy you can review.
We do not share your information with anyone else without your explicit written consent, except when legally required (for example, by court order or subpoena).
How long we keep it
- Active client information: kept for the duration of our engagement and 3 years after, for tax and reference purposes.
- Inactive leads and quiz takers: kept for 1 year, then deleted unless you become an active client.
- Payment records: kept for 7 years for tax compliance (required by U.S. law).
- Anonymous analytics: kept indefinitely in aggregate form, but not tied to your identity.
You can request earlier deletion at any time — see Section 5.
Your rights
You can request the following at any time by emailing mirza@theaiprotocol.co with the subject line "Privacy Request."
- Access — A copy of all personal information we have about you.
- Correction — Fix anything that's wrong or out of date.
- Deletion — Remove your data from our systems (except records we're legally required to keep, like tax-related payment records).
- Opt out of communications — Stop receiving any non-essential email from us. Active project emails will continue until your project ends.
- Data portability — Receive your information in a common, machine-readable format.
We respond to privacy requests within 7 business days.
Security
We take reasonable precautions to protect your information:
- Our website uses HTTPS encryption (the lock icon in your browser).
- Payment data is handled entirely by Stripe, which is PCI-DSS compliant.
- We use strong, unique passwords for all business accounts.
- We do not download or store credit card information.
- Files shared with us are kept in private, password-protected storage.
No system is 100% secure, and we will notify you within 72 hours if we ever experience a data breach that affects your information.
Children
The AI Protocol provides services to businesses, not to children. We do not knowingly collect information from anyone under 18. If we learn that we have collected information from a minor, we will delete it promptly.
International users
Our services are primarily intended for businesses in the United States. If you access our website from outside the U.S.:
- Your information will be transferred to and processed in the United States.
- If you are located in the European Union, you have additional rights under the GDPR, including the right to lodge a complaint with your local data protection authority.
- If you are a California resident, you have additional rights under the CCPA. Email us to request a "shine the light" disclosure or to opt out of any data sharing.
We currently do not sell personal information under any definition of "sale" in any privacy law.
Cookies and tracking
Our website uses cookies for two purposes only:
- Essential cookies: Required to make the site function (session management, language preference).
- Analytics cookies: Help us understand which pages are useful. The information is aggregated and not tied to your identity.
We do not use advertising cookies. We do not allow third-party advertisers to track you across other websites.
You can disable cookies in your browser settings. The site will still work but may forget your preferences between visits.
Third-party links
Our website may link to other websites (Instagram, LinkedIn, Stripe, our partners). When you click those links, you leave our site, and we are no longer responsible for the privacy practices of those websites. Read their privacy policies separately.
Changes to this policy
We may update this Privacy Policy as our services evolve. Material changes will be communicated to active clients at least 30 days before they take effect. The "Effective" date at the top of this page will always show when this policy was last updated.
If you continue using our services after a policy update, you are accepting the updated terms. If you don't accept the changes, you can email us to terminate the relationship and request deletion of your information.
Governing law
This Privacy Policy is governed by the laws of the State of Georgia, United States. Any disputes related to privacy will be addressed under the dispute resolution process described in our Refund and Cancellation Policy.
Last updated: May 15, 2026