AI First Era ("Company," "we," "us," or "our") operates the website aifirstera.com and all associated subdomains and services. We are a newsletter and AI business training platform based in the United States. Our mission is to provide actionable AI strategies, workflows, and training programs to help businesses operate more effectively with artificial intelligence.
For purposes of applicable privacy law, AI First Era acts as the data controller of the personal data described in this policy — meaning we determine the purposes and means of processing your personal information.
Our primary privacy contact is reachable at: info@aifirstera.com
This Privacy Policy applies to all personal data collected through:
This policy does not apply to third-party websites, applications, or services that may be linked from our content. We encourage you to review the privacy policies of any third party you interact with.
| Data Element | When Collected | Required? |
|---|---|---|
| Email address | Newsletter sign-up, training enrollment, contact forms | Yes |
| First name | Newsletter sign-up (if provided), training enrollment | Optional |
| Last name | Training enrollment, paid products | Varies |
| Message content | Contact form submissions | When using contact form |
| Payment data | Paid training purchases (processed by payment provider; we do not store card data) | For paid products |
When you visit our website, we and our service providers automatically collect certain technical information:
When we send you emails, we collect engagement data including:
See Section 6 for full details on email tracking and your choices.
If you create an account to access paid training programs, we collect authentication-related data through our authentication provider (Clerk), including login method, account creation timestamp, and session metadata. We do not store passwords in plaintext.
We do not collect Social Security numbers, government identification numbers, precise geolocation, biometric data, financial account credentials, or health information. We do not build behavioral advertising profiles or sell your data to data brokers.
Your primary purpose in sharing your email is to receive our newsletter. We use your email address and name (if provided) to:
For subscribers who purchase paid training programs, we use your data to:
We analyze aggregated and de-identified usage data to:
We process certain data (IP addresses, device fingerprints, account activity) to detect and prevent spam subscriptions, abuse, unauthorized access, and fraud.
We may process your data as required to comply with applicable laws, respond to legal process, enforce our Terms of Service, or protect the rights and safety of AI First Era or others.
For users in the European Economic Area (EEA), United Kingdom, and other jurisdictions where a legal basis is required for data processing, we rely on the following bases under the GDPR and equivalent laws:
| Processing Activity | Legal Basis |
|---|---|
| Sending newsletters you subscribed to | Consent (Art. 6(1)(a) GDPR) — you opted in via our sign-up form |
| Delivering paid training products | Contract performance (Art. 6(1)(b)) — necessary to fulfill your purchase |
| Transactional emails (receipts, access) | Contract performance (Art. 6(1)(b)) |
| Website analytics and usage data | Legitimate interests (Art. 6(1)(f)) — improving our services |
| Security monitoring and fraud prevention | Legitimate interests (Art. 6(1)(f)) — protecting users and infrastructure |
| Email engagement tracking (opens/clicks) | Legitimate interests (Art. 6(1)(f)) — improving content quality and deliverability |
| Legal obligations (e.g., tax records) | Legal obligation (Art. 6(1)(c)) |
Where we rely on legitimate interests, we have conducted a balancing test and determined that our interests do not override your fundamental rights. You may object to processing based on legitimate interests at any time (see Section 11).
Where we rely on consent, you have the right to withdraw that consent at any time without affecting the lawfulness of processing that occurred before withdrawal.
Our emails contain standard email engagement tracking mechanisms used across the industry:
Email engagement data is used solely to:
We do not use individual-level engagement data to make automated decisions that significantly affect you (see Section 17).
You can limit email tracking by:
Cookies are small text files placed on your device by websites you visit. We use cookies and similar technologies (local storage, session storage) to operate our website, remember your preferences, and understand how visitors use our site.
| Category | Purpose | Can be disabled? |
|---|---|---|
| Strictly necessary | Authentication sessions (Clerk), security tokens, CSRF protection. Required for the site to function. | No |
| Functional | Remembering preferences such as form completion state and returning visitor status. | Yes (may affect functionality) |
| Analytics | Aggregate website usage statistics via Cloudflare Web Analytics. Privacy-preserving; no cross-site tracking. | Yes |
| Marketing / Retargeting | We do not currently use marketing or retargeting cookies. | N/A |
We use Cloudflare Web Analytics for website usage measurement. Cloudflare's analytics approach is privacy-preserving by design: it does not use cookies, does not track visitors across sites, does not create persistent user profiles, and does not share data with advertising networks. Data is aggregated and anonymized. See Cloudflare's Privacy Policy for details.
You can control cookies through your browser settings. All major browsers allow you to view, delete, and block cookies. Note that blocking strictly necessary cookies will impair site functionality. For more information on managing cookies, visit allaboutcookies.org.
Residents of jurisdictions requiring cookie consent banners (e.g., EU/EEA under ePrivacy Directive) may see a consent prompt on their first visit.
We engage the following sub-processors who handle personal data on our behalf. Each has been evaluated for appropriate security and privacy standards, and each is bound by a Data Processing Agreement (DPA) or equivalent contractual terms.
| Processor | Purpose | Data Shared | Location |
|---|---|---|---|
| Amazon Web Services (AWS) — SES | Email delivery infrastructure; sends transactional and newsletter emails on our behalf | Email address, name, email content, delivery metadata | United States (with global CDN) |
| Amazon Web Services (AWS) — General | Cloud hosting, storage, and compute infrastructure | Any data processed on our platform | United States |
| Cloudflare | DNS, CDN, DDoS protection, web hosting, privacy-preserving analytics | IP addresses, request metadata, aggregated analytics | United States (global network) |
| Neon | Serverless PostgreSQL database hosting — stores subscriber records, email logs, and platform data | Email address, name, subscription status, engagement data, account records | United States (AWS us-east-1) |
| Clerk | User authentication and account management for paid training access | Email address, name, login credentials (hashed), session tokens | United States |
We do not authorize any of our processors to use your personal data for their own marketing or advertising purposes. We require all processors to maintain appropriate technical and organizational security measures.
We do not sell, rent, or share your personal data with any third party for their own independent marketing purposes. We do not share data with data brokers, advertising networks, or social media platforms for targeting purposes.
AI First Era is based in the United States. If you access our services from outside the United States — including from the European Economic Area (EEA), United Kingdom, Switzerland, Canada, or other jurisdictions — your personal data will be transferred to and processed in the United States.
The United States does not have an adequacy decision from the European Commission for all data transfers. Where required by applicable law (including GDPR Chapter V), we ensure that transfers to the US rely on appropriate safeguards, including:
In addition to contractual safeguards, we implement technical and organizational measures to protect transferred data, including encryption in transit (TLS 1.2+), encryption at rest, access controls, and pseudonymization where feasible.
You may request a copy of the transfer mechanisms we rely on by contacting us at info@aifirstera.com.
We retain personal data only for as long as necessary to fulfill the purposes described in this policy, or as required by law.
| Data Type | Retention Period | Basis |
|---|---|---|
| Newsletter subscriber records (active) | Duration of subscription + 30 days after unsubscribe | Service delivery; CAN-SPAM suppression list requirement |
| Unsubscribe / suppression records | Indefinitely (to honor opt-out and comply with CAN-SPAM) | Legal obligation |
| Email engagement logs (opens, clicks) | 24 months from the event date | Legitimate interests (analytics, list hygiene) |
| Paid customer records | 7 years from transaction date | Legal obligation (tax and accounting requirements) |
| Authentication / account data | Duration of account + 90 days after deletion request | Service delivery; security logs |
| Website analytics data | 13 months (aggregated; no individual-level retention) | Legitimate interests |
| Server and security logs | 90 days | Security and fraud prevention |
| Contact form submissions | 2 years unless incorporated into an ongoing relationship | Legitimate interests |
After the applicable retention period, data is securely deleted or irreversibly anonymized. We do not retain data "just in case" it might be useful in the future.
If you submit a deletion request under Section 11, we will delete your data within 30 days, subject to our obligation to retain certain records (such as unsubscribe suppression lists and financial records) as required by law.
Depending on where you are located, you may have some or all of the following rights with respect to your personal data. We honor these rights for all users globally, not only those in jurisdictions where they are legally mandated.
You have the right to request a copy of the personal data we hold about you, including the categories of data, purposes of processing, recipients, and retention periods.
If any personal data we hold about you is inaccurate or incomplete, you have the right to request that we correct it. You can update your name and email preferences directly via the unsubscribe link in any email, or by contacting us.
You have the right to request deletion of your personal data. We will honor deletion requests within 30 days. Note that we may retain certain data where:
You have the right to receive the personal data you provided to us in a structured, commonly used, machine-readable format (JSON or CSV), and to transmit that data to another controller. This right applies to data you actively provided and that is processed based on consent or contract.
You may request that we restrict processing of your personal data in the following circumstances:
You have the right to object to processing of your personal data that is based on our legitimate interests. We will cease such processing unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms, or where processing is necessary for legal claims.
You have an unconditional right to object to direct marketing at any time. If you object to marketing, we will immediately cease sending marketing communications to you.
Where processing is based on your consent (e.g., newsletter subscription), you may withdraw that consent at any time by clicking the unsubscribe link in any email or contacting us directly. Withdrawal does not affect the lawfulness of processing that occurred before withdrawal.
You have the right not to be subject to decisions based solely on automated processing that produce legal or similarly significant effects. See Section 17 for our practices on automated decision-making.
If you believe we have violated your privacy rights, you have the right to lodge a complaint with your local data protection authority. In the EU, this is your national supervisory authority (e.g., CNIL in France, ICO in the UK, BfDI in Germany). A list of EU supervisory authorities is available at edpb.europa.eu. UK residents may contact the Information Commissioner's Office (ICO).
To exercise any of the above rights, contact us at info@aifirstera.com with the subject line "Privacy Request." We will respond within 30 days (or within any shorter period required by applicable law). We may need to verify your identity before processing your request.
This section applies to California residents under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA).
In the preceding 12 months, we have collected the following categories of personal information as defined by the CCPA:
We collect the above categories for the purposes stated in Section 4 of this policy: service delivery, analytics, security, legal compliance, and communications.
California residents have the following rights:
California residents may designate an authorized agent to submit requests on their behalf. We will require written proof of authorization before processing requests submitted by an agent.
Under California Civil Code Section 1798.83, California residents may request information about our disclosures of personal information to third parties for direct marketing purposes. We do not disclose personal information to third parties for their direct marketing purposes.
Email info@aifirstera.com with the subject line "California Privacy Request." We will respond within 45 days, with one possible 45-day extension if reasonably necessary.
All commercial email messages sent by AI First Era comply with the CAN-SPAM Act of 2003 and its implementing regulations. Specifically:
To unsubscribe from our marketing emails, click the "Unsubscribe" link at the bottom of any email, or send a request to info@aifirstera.com.
Note: Transactional emails (purchase receipts, account notifications) are not subject to CAN-SPAM opt-out requirements, as they are necessary to fulfill a transaction you initiated.
Our services are intended for adults and are not directed to children. Specifically:
If we become aware that we have collected personal information from a child under 16 without verifiable parental consent, we will take steps to delete that information promptly. If you believe a child has provided us with personal information, please contact us at info@aifirstera.com.
For users in jurisdictions where a higher age threshold applies (e.g., age 18 in some jurisdictions), our services are intended for users meeting that threshold.
We implement technical, administrative, and physical safeguards designed to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:
No method of transmission over the internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal data, we cannot guarantee absolute security. In the event of a confirmed breach, we will comply with our notification obligations described in Section 16.
In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will:
Breach notifications will be sent to the email address associated with your account. We encourage you to keep your contact information current. If you suspect your data may have been compromised, please contact us immediately at info@aifirstera.com.
We use limited automation in how we manage our subscriber list. Specifically:
We do not use personal data to make automated decisions that produce legal effects or decisions that significantly affect you (such as credit decisions, employment screening, or insurance pricing). No profiling for advertising targeting or sale to data brokers occurs.
If you have questions about how automation affects your relationship with us, or if you believe an automated action was applied to you in error, please contact us at info@aifirstera.com.
By subscribing to AI First Era, you consent to receive the following types of communications:
Separate from marketing, we send transactional emails that are necessary to deliver services you have purchased or requested, such as purchase confirmations, access credentials, and account notifications. These cannot be opted out of while you maintain an active account or subscription.
We aim to send newsletters no more than once per week. We do not engage in daily promotional blasting. You can manage your email preferences or unsubscribe at any time via the link at the bottom of every marketing email or by contacting us.
We do not share your email address or personal data with any third party for their independent marketing purposes. We do not participate in email list swaps, co-registration arrangements, or affiliate-driven data sharing.
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make changes:
Your continued use of our services after the effective date of any changes constitutes your acknowledgment of the updated policy. If you do not agree with the updated policy, you should stop using our services and request deletion of your data.
All prior versions of this policy are available upon request by emailing info@aifirstera.com.
AI First Era does not have a statutory obligation to appoint a Data Protection Officer (DPO) under GDPR Article 37, as we are not a public authority, do not carry out large-scale systematic monitoring of individuals, and do not process special categories of data at scale. However, we take privacy obligations seriously and have designated a privacy contact responsible for data protection matters.
For all privacy-related inquiries — including rights requests, complaints, questions about this policy, or requests for our data processing agreements — please contact:
AI First Era — Privacy
Email: info@aifirstera.com
Website: aifirstera.com
Country of establishment: United States
We aim to respond to all privacy inquiries within 5 business days and to resolve all requests within the timeframes required by applicable law (30 days for GDPR; 45 days for CCPA).