How we handle your data

When you use a Star AI Consulting tool (AI Readiness Assessment, ROI Lab, Microsoft AI Blueprint) or contact us, we collect:

• Identity & contact info — name, work email, company name, and (optionally) phone.
• Assessment inputs — the answers you provide in our tools (industry, company size, current AI usage, pain points, etc.).
• Generated outputs — the reports, recommendations, and scores our tools produce from your inputs.
• Account data — if you sign up, the email tied to your account, your sign-in provider (email, Google, magic-link), and basic profile metadata.
• Usage telemetry — anonymized page views, button clicks, and error logs so we can fix bugs and improve UX.

• To deliver the tool you asked for — generate your report, email it to you, save it in your account for later access.
• To follow up — if you opt in to a strategy session or request the gallery, we'll reach out.
• To improve our tools — aggregate, de-identified analysis of which questions cause friction, which recommendations resonate, etc.
• To comply with the law — invoicing, tax records, and responding to lawful requests.

We do not use your business data to train public foundation models. We do not run advertising and we do not embed third-party advertising trackers.

• All data is stored in managed cloud services (Supabase / PostgreSQL on AWS; Azure Static Web Apps) with encryption at rest and in transit (TLS 1.2+).
• Access is restricted to a small set of authorized personnel with role-based credentials and 2-factor authentication.
• We retain assessment data for as long as your account is active. If you delete an individual report from /account, it's removed from our primary database within minutes (backups are purged on a rolling 30-day cycle).
• If you delete your account, all associated data is removed within 30 days.

We use a small set of trusted sub-processors to operate the service. We do not sell or rent your data, and we don't share it for advertising.

• Supabase — auth, database, file storage.
• Microsoft Azure — hosting (Static Web Apps + serverless functions).
• Resend — transactional email delivery (your reports, sign-in links).
• OpenAI / Anthropic / Microsoft Azure OpenAI — generating the AI Executive Briefing and recommendation copy in your report. Inputs sent to these providers are governed by their enterprise / API terms, which prohibit training on customer data.
• Google — only if you choose to sign in with Google (we receive your verified email + name).

Sub-processors are contractually required to handle your data with at least the same care we do, and only for the limited purpose of providing their service.

We use a minimal set of cookies and browser localStorage entries:

• Auth session — required to keep you signed in.
• UI preferences — language selection, persona / view-mode of your report.
• CSRF protection — to prevent cross-site forgery on form submissions.

We do not use third-party advertising cookies. We do not use any cross-site tracking pixels.

Wherever you live, you can:

• Access — get a copy of the data we hold about you.
• Correct — fix anything that's inaccurate.
• Delete — remove specific reports from /account, or ask us to delete your entire account by email.
• Port — receive your data in a portable format (JSON / PDF).
• Object — tell us to stop using your data for any optional purpose (e.g. inclusion in our Client Gallery).

EEA & UK residents additionally have rights under GDPR (Articles 15–22). California residents have rights under CCPA / CPRA. To exercise any right, email gopalpanigrahy28@gmail.com and we'll respond within 30 days.

Our services are intended for business use by adults. We don't knowingly collect data from anyone under 16. If you believe a child has provided us data, please contact us and we'll delete it.

If we make material changes, we'll update the “Effective” date above and — for account holders — email a summary of what changed. Continued use of the service after a change means you accept the updated terms.

Privacy questions, data requests, or anything that looks off:

gopalpanigrahy28@gmail.com

Star AI Consulting acts as data controller for the information described above.