Last Updated 25/06/2025  

Privacy Policy

David Longford

Privacy Policy for Principles AI

At Principles AI, we are committed to protecting your privacy. This Privacy Policy outlines the information we collect, how we use it, and how we safeguard your personal data in line with GDPR and other applicable laws.


Controller

PrinciplesAI is operated by David Longford, based in Spain.
For the purposes of data protection law, David Longford is the data controller responsible for the processing of personal data described in this Privacy Policy.

If you have any questions about this Privacy Policy or how your personal data is handled, you can contact us at:
david@principlesai.org

1. Scope of this Privacy Policy
This Privacy Policy applies only to our online activities and is valid for visitors to our website with respect to the information they share and/or collect through our website. It does not apply to any information collected offline or through channels other than this website.

2. Data Collection
We collect personal information when you interact with us, including when you fill out contact forms, register for an account, or communicate with us directly. The personal information we may collect includes your name, email address, and other details you provide.

3. Use of Your Information
We use the information we collect to:

  • Provide and maintain our services
  • Improve, personalize, and expand our website
  • Communicate with you regarding your account, professional updates, and relevant services
  • Ensure the security of our website and services
  • Prevent fraud

4. Legal Basis for Processing
We process personal data under the following legal bases, as applicable:

  • Contractual necessity: where processing is required to provide access to our services, content, or community.
  • Legitimate interests: where processing is necessary to operate, improve, and secure our platform, manage professional communications, and prevent misuse or fraud.
  • Consent: where required, including for marketing communications and non essential cookies.

Where processing is based on consent, you may withdraw that consent at any time.
We do not use personal data for automated decision-making or profiling that produces legal or similarly significant effects.

5. Service Providers and Data Sharing

We use a small number of trusted third party service providers to operate and support PrinciplesAI. These providers process personal data only on our instructions and subject to appropriate contractual safeguards.

Our core service providers may include:

  • Webflow, for website hosting and content delivery
  • Circle, for community and learning platform services
  • Typeform, for forms and surveys
  • HubSpot, for customer relationship management and communications
  • Microsoft 365, for email and internal operations

We may also use additional tools from time to time to support professional outreach, platform operations, or business development.

We do not sell personal data. We only share personal data where necessary to provide our services, comply with legal obligations, or operate the platform effectively.

6. International Transfers
Some of our service providers are located outside the European Economic Area or the United Kingdom. Where personal data is transferred internationally, we rely on appropriate safeguards such as Standard Contractual Clauses or equivalent mechanisms to ensure an adequate level of data protection in accordance with applicable law.

7. Data Retention
We will retain your personal data for as long as necessary to fulfill the purposes outlined in this Privacy Policy or as required by law. This includes retaining data for as long as you maintain an account with us or until you request data erasure, in accordance with your rights under GDPR.

8. Your Rights
Under GDPR, you have the following rights:

  • Access: Request a copy of your personal data.
  • Rectification: Request that we correct any inaccuracies in your personal data.
  • Erasure: Request that we delete your personal data, under certain conditions.
  • Restriction of Processing: Request that we limit the processing of your personal data, under certain conditions.
  • Objection to Processing: Object to the processing of your personal data, under certain conditions.
  • Data Portability: Request that we transfer your personal data to another organization or to you.

To exercise any of these rights, please contact us at david@principlesai.org. We will respond to your request within one month.

9. Cookies

We use Cookiebot to manage cookie notices on our website.

PrinciplesAI uses only strictly necessary cookies that are required for the website and services to function correctly. We do not use analytics, advertising, or tracking cookies.

Because only essential cookies are used, consent is not required. You can find further information about cookies and manage settings through the Cookiebot interface or your browser controls.

10. Marketing and Communication
We may send professional updates, newsletters, or information about our services where you have chosen to receive such communications or where we have a legitimate interest in contacting you in a professional context.

You can opt out of marketing communications at any time by using the unsubscribe link in our emails or by contacting us directly. Opting out of marketing will not affect essential service or account related communications.

11. Security
We implement industry-standard security measures to protect your personal data from unauthorized access or disclosure. However, no method of electronic transmission or storage is 100% secure, and we cannot guarantee absolute security.

12. Changes to This Policy
We may update this Privacy Policy from time to time. Any changes will be posted on this page with the updated date. We encourage you to review this policy periodically for any updates. Significant changes will be communicated to you via email or a prominent notice on our website.

13. Professional Audience and Age Restriction

PrinciplesAI is intended for professionals and is not directed at children. Our services are available only to individuals aged 18 or over.

We do not knowingly collect personal data from anyone under the age of 18. If you believe that personal data relating to a minor has been provided to us, please contact us and we will take appropriate steps to delete it.

14. Legal Compliance
We encourage you to contact us first if you have any questions or concerns about how your personal data is handled, and we will do our best to resolve the issue promptly.

You also have the right to lodge a complaint with a supervisory authority. As we are based in Spain, our lead supervisory authority is the Agencia Española de Protección de Datos (AEPD).

Terms
Privacy Policy