Privacy Policy

1. Introduction & Data Controller Information

This Privacy Policy explains how The AI Journal Ltd (“we,” “us,” “our,” or “Company”) collects, uses, stores, processes, and protects your personal information and data when you visit our website, use our services, subscribe to our newsletter, or interact with us through any channel.

We are committed to protecting your privacy and complying with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and all other applicable data protection laws. This policy is transparent about our practices and provides you with information about your rights.

Data Controller Information

  • Data Controller: The AI Journal Ltd

  • Legal Name: The AI Journal Ltd

  • Business Registration: UK VAT registered and HMRC registered business

  • Incorporation Date: May 2020

  • Registered Address: 49 High Street, Stourbridge, UK, DY8 1DE

  • Primary Contact Email: [email protected]

  • Data Protection Officer: [Insert name/contact if applicable, or state “Not Applicable”]

  • Jurisdiction: English law and UK data protection authorities

If you have data protection questions or concerns, please contact us using the information in Section 13 (Contact Information).

2. What Personal Data We Collect

2.1 Data You Provide Directly

When you interact with us, you may voluntarily provide:

  • Account Registration: Name, email address, username, password, profile picture

  • Newsletter Subscription: Email address, name, interests, preferences

  • Contact Forms: Name, email address, phone number (optional), message content

  • Comments & Feedback: User-generated comments, reviews, feedback, profile information

  • Survey or Questionnaire Responses: Responses to surveys, polls, or research

  • Correspondence: Content of emails, messages, or communications with us

  • Payment Information: If applicable, payment details (processed securely; we do not store full credit card details)

2.2 Data Collected Automatically

When you visit our website, we automatically collect:

  • Device Information: Device type, operating system, browser type, IP address, device identifiers

  • Browsing Behavior: Pages visited, time spent on pages, links clicked, referral source, exit pages

  • Location Data: Approximate geographic location based on IP address (not precise GPS location unless you grant permission)

  • Cookies & Tracking Data: Unique identifiers, session tokens, preference data stored in cookies or similar technologies

  • Log Data: Access times, server responses, error logs, bandwidth usage

2.3 Data from Third Parties

We may receive data from:

  • Advertising Partners (Ezoic, Google): Behavioral data, browsing history, interests for ad targeting

  • Analytics Providers (Google Analytics): Aggregated usage statistics and user behavior patterns

  • Social Media Platforms: If you interact with our social media content (comments, shares, tags)

  • Public Sources: Publicly available information for content verification or research purposes

  • Legal or Regulatory Bodies: Information disclosed by law enforcement or regulatory authorities

2.4 Special Categories of Data

We do not intentionally collect sensitive personal data (racial or ethnic origin, political opinions, religious beliefs, trade union membership, genetic data, biometric data, health data, or sexual orientation) unless you voluntarily provide such information or it is necessary for legal compliance. If you provide sensitive data, you consent to us processing it in accordance with this policy and applicable law.

3. Legal Basis for Processing

Under UK GDPR, we process your personal data only where we have a lawful basis. The bases we rely on are:

3.1 Consent

  • Newsletter subscriptions and marketing communications

  • Optional surveys and research participation

  • Personalized advertising preferences

  • You can withdraw consent at any time by unsubscribing or contacting us

3.2 Contractual Necessity

  • Processing data necessary to provide services you request (account creation, website access)

  • Fulfilling orders or service agreements

  • Managing subscriptions

3.3 Legal Obligations

  • Complying with tax and accounting requirements

  • Responding to legal requests from law enforcement or courts

  • Fulfilling data protection, fraud prevention, and cybersecurity obligations

3.4 Legitimate Interests

  • Website improvement and optimization

  • Fraud and security monitoring

  • Analytics and user behavior research

  • Direct marketing and promotional activities (with opt-out available)

  • Business operations and administration

3.5 Vital Interests

  • Protecting safety, health, or life in emergency situations

When relying on legitimate interests, we balance our interests against your rights and freedoms. You have the right to object to processing based on legitimate interests (see Section 9).

4. How We Use Your Data

4.1 Service Provision

  • Creating and managing your account

  • Delivering website content and services

  • Processing requests and inquiries

  • Providing customer support and responding to communications

  • Verifying your identity and preventing fraud

4.2 Communications

  • Sending newsletters and marketing emails (with consent or legitimate interest)

  • Sending transactional emails (account confirmations, password resets, important notices)

  • Responding to your inquiries and feedback

  • Sending policy or service updates

  • Notifying you of changes to our services or policies

4.3 Analytics & Website Improvement

  • Analyzing website traffic, user behavior, and engagement

  • Identifying popular content and areas for improvement

  • Conducting user research and surveys

  • Testing new features and functionality

  • Troubleshooting technical issues

4.4 Advertising & Marketing

  • Serving targeted advertisements based on your interests and browsing behavior

  • Creating user segments for targeted marketing campaigns

  • Conducting A/B testing and marketing optimization

  • Measuring advertising effectiveness and ROI

  • Personalizing your website experience

4.5 Legal & Compliance

  • Complying with legal obligations and court orders

  • Enforcing our Terms of Service and other agreements

  • Protecting our legal rights and preventing fraud

  • Responding to regulatory inquiries

  • Maintaining records for accounting and tax purposes

4.6 Business Operations

  • Internal administration and business management

  • Security and cybersecurity monitoring

  • Quality assurance and training

  • Aggregated data analysis and reporting

5. Cookies & Tracking Technologies

5.1 What Are Cookies?

Cookies are small text files stored on your device that help us recognize you, remember your preferences, and track your activity. We also use similar technologies such as pixels, web beacons, and local storage.

5.2 Types of Cookies We Use

Essential Cookies

  • Purpose: Enable core website functionality (login, page navigation, security)

  • Duration: Session or persistent

  • Third-party: No

  • Opt-out: Cannot be disabled without breaking website functionality

Performance & Analytics Cookies

  • Purpose: Analyze website usage, user behavior, and performance (Google Analytics)

  • Duration: 1-24 months

  • Third-party: Yes (Google)

  • Data Collected: Pages visited, time spent, events, goals, user flow

  • Opt-out: Google Analytics Opt-Out Browser Extension, browser settings

Advertising & Behavioral Cookies

  • Purpose: Serve targeted advertisements, track ad performance, create user profiles for ad targeting

  • Duration: 30 days to 13 months

  • Third-party: Yes (Ezoic, Google Ads, ad networks)

  • Data Collected: Browsing history, interests, demographics, ad interactions

  • Opt-out: Browser cookie settings, advertising opt-out mechanisms, privacy control tools

Social Media Cookies

  • Purpose: Enable social media features, track social media interactions and shares

  • Duration: Varies by platform

  • Third-party: Yes (Facebook, LinkedIn, Twitter, YouTube, etc.)

  • Opt-out: Social media platform settings

5.3 Third-Party Cookies

Our website uses cookies set by:

  • Google Analytics: _ga_gid_gat – For website analytics and usage tracking

  • Ezoic: Multiple cookies for ad serving, optimization, and performance tracking

  • Google Ads: IDENID – For targeted advertising across Google network

  • Other Ad Networks: Various third-party advertising platforms

5.4 Cookie Consent & Opt-Out

Consent & Banner

When you first visit our website, we display a cookie consent banner. By clicking “Accept,” you consent to all cookie types. You can manage cookie preferences through the banner’s settings.

Opt-Out Options

Google Analytics:

Google Ads & Behavioral Targeting:

Ezoic & Advertising Partners:

  • Contact Ezoic directly or adjust preferences in your account

  • Browser cookie settings and third-party cookie blocking

Browser-Level Control:

  • Most browsers allow you to block or delete cookies through Settings > Privacy > Cookies

  • Setting your browser to “Do Not Track” (though not all sites honor this)

5.5 Persistent Cookies & Local Storage

Some data may be stored in your browser’s local storage or IndexedDB, which persists even after cookies are deleted. These are used for:

  • Remembering login credentials (for convenience)

  • Storing user preferences and settings

  • Caching content for faster loading

You can clear local storage through your browser settings (usually under Storage or Application settings).

6. Data Sharing & Third Parties

6.1 Data Sharing Policy

We are committed to protecting your privacy and do not sell your personal data to third parties for marketing purposes. However, we share data in the following circumstances:

6.2 Service Providers & Data Processors

We share data with service providers who process data on our behalf under strict data processing agreements:

  • Ezoic (Advertising Partner): Ad serving, optimization, performance analytics

  • Google (Analytics, Ads, Workspace): Website analytics, advertising, email services

  • Email Service Providers: Newsletter delivery and management

  • Website Hosting Providers: Server management, data storage, backup

  • Payment Processors: Payment processing and fraud prevention

  • Customer Support Tools: Ticketing systems, chat support

  • Analytics Providers: Usage data and behavioral analysis

All processors are contractually bound to protect your data and use it only for specified purposes.

6.3 Advertising Partners

Your data is shared with Ezoic and Google for the purposes of:

  • Serving personalized advertisements

  • Measuring ad performance and ROI

  • Creating audience segments and user profiles

  • Conducting market research

Both Ezoic and Google maintain their own privacy policies governing their use of your data. We do not control how these partners use your data beyond the scope of our agreements.

6.4 Legal Requirements & Law Enforcement

We may disclose your data when required by law or in response to:

  • Court orders or legal process

  • Government requests or regulatory inquiries

  • Law enforcement investigations

  • Protecting legal rights, safety, or fraud prevention

We will disclose only the minimum information necessary and will notify you when legally possible.

6.5 Business Transfers

If The AI Journal Ltd is acquired, merged, or sold, your data may be transferred as part of that transaction. We will notify you and provide options to opt-out if practicable.

6.6 No Sale of Personal Data

We do not sell personal data to third parties for marketing or commercial purposes. Any sharing is limited to the purposes outlined above.

6.7 Non-Personal Data

We may share aggregated, anonymized, or de-identified data (which cannot identify you) with:

  • Analytics partners

  • Research organizations

  • Marketing partners

  • Public statistics and reports

7. International Data Transfers

7.1 Data Location

Your data is primarily stored and processed in the United Kingdom. However, due to our partnerships with Ezoic and Google, some data may be transferred to:

  • United States (Ezoic, Google, cloud services)

  • European Union / EEA countries (data centers, partners)

  • Other jurisdictions as necessary for service provision

7.2 Data Protection Safeguards

When transferring data internationally, we ensure appropriate safeguards are in place:

  • Adequacy Decisions: Where the UK/EU deems a country’s data protection adequate

  • Standard Contractual Clauses (SCCs): Legal agreements ensuring UK GDPR-compliant transfers

  • Binding Corporate Rules: Where applicable

  • Explicit Consent: Where you consent to international transfer

7.3 Data Protection Officer Involvement

Our Data Protection Officer (if applicable) reviews international transfers to ensure compliance with UK GDPR Article 46.

8. Data Retention

8.1 Retention Periods

We retain personal data only as long as necessary for the purposes outlined in this policy:

Data Type Retention Period Reason
Account Data (Active Users) Duration of account + 12 months Service provision & legal obligations
Account Data (Inactive Users) 24 months Potential re-engagement & legal holds
Newsletter/Email Lists Until unsubscribed Marketing communications
Analytics Data (Google) 26 months Website analytics & optimization
Cookies (Analytics) 1-24 months Performance tracking
Cookies (Advertising) 30 days – 13 months Ad serving & measurement
Payment Records 7 years Tax & accounting requirements
Legal/Compliance Records 7-10 years Regulatory & legal obligations
Comments/User Content Duration of account Content management
Transactional Emails 12 months Service records & support

8.2 Deletion Process

After retention periods expire, data is securely deleted or anonymized. You can request earlier deletion (see Section 9 – Your Rights).

8.3 Backup Data

Deleted data may remain in backups for an additional 30-90 days before permanent deletion from backup systems.

9. Your Data Protection Rights

Under UK GDPR and the Data Protection Act 2018, you have the following rights:

9.1 Right of Access

You have the right to request a copy of all personal data we hold about you. This is called a “Subject Access Request” (SAR).

  • How to Request: Contact us in writing with “Subject Access Request” in the subject line

  • Timeline: We will respond within 30 calendar days

  • Format: Data will be provided in a commonly used electronic format (typically CSV or PDF)

  • Cost: Usually free (we may charge a reasonable fee for excessive requests)

9.2 Right to Rectification

You have the right to correct inaccurate or incomplete data.

  • How to Request: Contact us with the data that needs correction

  • Timeline: We will make corrections within 30 days

  • Verification: We may request proof of correction (e.g., updated address with utility bill)

9.3 Right to Erasure (“Right to Be Forgotten”)

You have the right to request deletion of your personal data in certain circumstances:

  • You no longer consent to processing

  • The data is no longer necessary for the original purpose

  • You object to processing on legitimate interest grounds

  • Processing is unlawful

  • We are legally obligated to delete

Limitations: We may retain data if necessary for:

  • Legal compliance or court orders

  • Fulfilling contracts

  • Establishing, exercising, or defending legal claims

  • Public interest or legal obligations

  • How to Request: Contact us requesting erasure and stating the reason

  • Timeline: We will respond within 30 days

9.4 Right to Restrict Processing

You have the right to restrict how we process your data while we verify its accuracy or appropriateness.

  • When to Use: If you dispute accuracy, we have no legal basis, or you object to processing

  • How to Request: Contact us requesting restriction and stating the reason

  • Effect: We will store but not actively process restricted data

9.5 Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, machine-readable format and transmit it to another controller.

  • Applicable Data: Data you provided or that we process based on your consent or contract

  • How to Request: Contact us requesting data portability

  • Format: We will provide data in CSV, JSON, or similar open format

  • Timeline: Within 30 days

9.6 Right to Object

You have the right to object to processing of your data in certain circumstances:

  • Marketing Communications: You can unsubscribe from newsletters at any time

  • Behavioral Advertising: You can opt out of targeted ads (see Section 5)

  • Legitimate Interest Processing: You can object to processing based on legitimate interests

  • Direct Marketing: You can opt out of direct marketing and promotional emails

  • How to Request: Unsubscribe links in emails, contact us, or adjust preference settings

  • Timeline: Immediate for marketing; 30 days for other objections

9.7 Right to Not Be Subject to Automated Decision-Making

You have the right not to be subject to a decision based solely on automated processing that produces a legal or similarly significant effect on you.

  • What This Means: Profiling for loans, employment, or other consequential decisions

  • Exceptions: If necessary for contract performance or where you’ve given explicit consent

  • How to Request: Contact us if you believe you’re subject to automated decisions

9.8 Right to Lodge a Complaint

You have the right to lodge a complaint with the Information Commissioner’s Office (ICO):

  • ICO Contact: https://ico.org.uk

  • Address: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

  • Phone: 0303 123 1113

  • Email: [email protected]

10. Data Security

10.1 Security Measures

We implement industry-standard security measures to protect your data:

  • Encryption: Data in transit is encrypted using TLS/SSL; sensitive data at rest is encrypted

  • Access Controls: Role-based access; only authorized staff can access personal data

  • Firewalls & Intrusion Detection: Network security to prevent unauthorized access

  • Regular Security Audits: Third-party security assessments and penetration testing

  • Secure Backups: Regular, encrypted backups with restricted access

  • Staff Training: Data protection and security awareness training for all staff

  • Incident Response: Documented procedures for responding to security breaches

10.2 Limitations of Security

While we strive to protect your data, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security. You use our services at your own risk.

10.3 Data Breach Notification

In the event of a personal data breach that poses a risk to your rights and freedoms, we will:

  • Notify affected individuals without undue delay (typically within 72 hours)

  • Provide details of the breach, data affected, and steps we’re taking

  • Notify relevant authorities where required

  • Provide resources for protecting yourself (credit monitoring, etc.)

11. Marketing & Communications

11.1 Newsletter & Email Marketing

We send newsletters and marketing emails only with your consent (where you’ve explicitly opted in).

11.2 Opting In

You can subscribe to our newsletter by:

  • Checking the opt-in box during account registration

  • Subscribing through our newsletter signup form

  • Requesting to be added to our mailing list

11.3 Opting Out

You can unsubscribe or manage preferences by:

  • Clicking the “Unsubscribe” link at the bottom of any email

  • Updating preferences in your account settings

  • Contacting us with your unsubscribe request

  • Replying “STOP” to marketing emails

Unsubscribe requests are processed within 10 business days.

11.4 Transactional Emails

We send transactional emails (account confirmations, password resets, important notices) regardless of marketing preferences, as these are necessary for service provision.

11.5 Legitimate Interest Marketing

In some cases, we may send marketing communications based on legitimate interests. You can object to these at any time through the opt-out methods above.

12. Third-Party Privacy Policies

Our website includes links to and integrations with third-party services. Their privacy practices are governed by their own policies:

We recommend reviewing these policies to understand how third parties handle your data. We are not responsible for their privacy practices.

13. Contact Information & Data Protection Officer

For questions, requests, or concerns regarding this Privacy Policy or your personal data:

The AI Journal Ltd – Data Protection

Information Commissioner’s Office (ICO):

14. Changes to This Privacy Policy

We may update this Privacy Policy to reflect:

  • Changes in our data practices

  • New legal or regulatory requirements

  • Feedback from users or regulators

  • Updates to third-party services

14.1 Notification of Changes

  • Method: We will announce significant changes on our website homepage and/or via email

  • Effective Date: We will provide at least 30 days’ notice before material changes take effect

  • Your Consent: Continued use of our services after the effective date constitutes acceptance of the updated policy

14.2 Viewing Previous Versions

Previous versions of this Privacy Policy can be provided upon request.

15. Additional Information

15.1 California Residents (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

  • Right to know what personal information is collected

  • Right to delete personal information (with certain exceptions)

  • Right to opt-out of sale or sharing of personal information

  • Right to non-discrimination for exercising your rights

To exercise CCPA/CPRA rights, contact us using the information in Section 13.

15.2 European Union Residents (GDPR)

If you are an EU resident, your data transfer to the UK is protected by UK GDPR equivalence determinations and Standard Contractual Clauses.

15.3 Children’s Privacy

Our services are not directed to children under 13. We do not knowingly collect personal data from children under 13. If we become aware that a child under 13 has provided data, we will delete it promptly. For children 13-18, parental consent is required.

16. Related Policies

This Privacy Policy should be read in conjunction with:

  • Terms of Service – General terms and conditions for using our website

  • Prohibited Content Policy – Content standards and restrictions

  • Contributor Agreement – Terms for contributors and guest posters

  • Copyright Policy – Copyright ownership and DMCA procedures

  • Communications Policy – Newsletter and communication terms

  • Advertiser & Partner Policy – Advertising and partnership disclosures

© 2025 The AI Journal Ltd. All rights reserved.

Privacy Policy Last Updated: October 30, 2025

By using The AI Journal, you acknowledge that you have read, understood, and agree to this Privacy Policy.

Back to top button