Privacy Policy

Hart AI Governance · Last updated June 1, 2026

This Privacy Policy describes how HAIG handles information submitted through The Leash, our compliance gap assessment platform.

1. What We Collect

When you use The Leash, we collect your responses to the assessment intake questions, including your company name, contact name, email address, and descriptions of your systems and operations. We also collect any documents you voluntarily upload during the session, and basic session metadata such as session ID and timestamp. We do not collect payment information through The Leash. We do not require account creation.

2. How We Use It

The information you submit is used solely to generate your compliance gap assessment report. It is processed by an AI-assisted analysis system and used to produce the Word document report that is delivered to you. Your email address is used to send you the report and for HAIG to follow up regarding your assessment if you have requested consultation. It is not added to any marketing list without your explicit consent.

3. Data Retention and Deletion

Session data is automatically deleted after your assessment is complete and the report has been delivered. HAIG does not maintain a database of completed assessments tied to your organization. Documents you upload are stored temporarily in a secure cloud environment during the session and deleted upon session completion.

4. Third-Party Processing

The Leash uses the following third-party services to operate:

  • Anthropic — AI analysis of your assessment responses. Data is processed under Anthropic's API terms, which prohibit training on API data by default.
  • Amazon Web Services (AWS) — Secure cloud infrastructure for session processing and temporary document storage. All data is encrypted in transit and at rest.

HAIG does not sell your data to any third party.

5. Sensitive Information

The Leash is designed for compliance professionals describing their organizational systems and processes. If you submit documents containing protected health information (PHI) or personally identifiable information (PII), that information is subject to the same session-based deletion policy described above. If your organization is subject to HIPAA and you require a Business Associate Agreement (BAA) before submitting PHI, please contact HAIG before using the service: jesse.hart@hart-ai-governance.com

6. Your Rights

You may request information about what data HAIG holds related to your session, or request deletion of any data that has not already been automatically deleted, by contacting jesse.hart@hart-ai-governance.com. For users in the European Union or California, additional rights may apply under GDPR and the California Consumer Privacy Act respectively. HAIG will respond to verified requests within 30 days.

7. Security

HAIG uses industry-standard security measures including encryption in transit (TLS) and encryption at rest for all session data. Access to session data is restricted to HAIG systems and the third-party processors listed above.

8. Changes to This Policy

HAIG may update this Privacy Policy at any time. The current version will always be available at hart-ai-governance.com/privacy.

9. Contact

Privacy questions or requests: jesse.hart@hart-ai-governance.com