Privacy Policy

1. Introduction and Overview

Tier8 AI LLC ("Tier8," "we," "us," or "our") is an Idaho limited liability company that provides AI maturity assessment services through its RAISE™ product platform and the website located at www.tier8.ai (collectively, the "Services"). We are committed to protecting the privacy and security of personal information entrusted to us by our clients, assessment participants, and website visitors.

This Privacy Policy explains what information we collect, why we collect it, how we use and protect it, and the rights you have regarding your information. It applies to:

• Visitors to our website (www.tier8.ai and associated subdomains)
• Client organizations and their authorized representatives who purchase or evaluate our Services
• Assessment participants who complete RAISE assessments on behalf of their organizations
• Any other individuals whose personal information we receive in connection with our Services

By accessing our website or using our Services, you acknowledge that you have read and understood this Privacy Policy. If you are accepting this policy on behalf of an organization, you represent that you have authority to bind that organization.

We process personal information based on contractual necessity, legitimate business interests, and consent where required by applicable law.

2. Information We Collect

2.1 Information You Provide Directly

We collect information you provide when you:

• Complete a contact or inquiry form on our website
• Purchase or register for RAISE assessment services
• Participate in a RAISE assessment as an individual respondent
• Schedule or attend a consultation or debrief call
• Communicate with us via email, phone, or other channels

This may include: your name, job title, employer organization, work email address, phone number, billing address, and payment information (processed securely through our third-party payment processor; we do not store full payment card numbers).

2.2 Assessment Response Data

When you complete a RAISE assessment, we collect your individual responses to assessment questions. These responses are aggregated with other designated respondents from your organization to generate an organizational maturity score. Tier8 treats all individual assessment responses as confidential. Organizational reports reflect aggregated and anonymized insights; individual responses are not disclosed to your employer or any other party except as described in this Policy or required by law.

2.3 Information Collected Automatically

When you visit our website, we automatically collect certain technical information, including:

• IP address and approximate geographic location (country/state level)
• Browser type, version, and operating system
• Pages visited, time spent on each page, and referring URL
• Device type and screen resolution
• Interaction data (clicks, scrolls, form interactions)

We collect this information through cookies, web beacons, and similar tracking technologies. See Section 7 (Cookies and Tracking Technologies) for details and your opt-out choices.

Our website does not currently respond to Do Not Track (DNT) browser signals.

2.4 Information from Third Parties

We may receive limited information about you from third-party sources, such as:

• Our payment processor (Stripe), which provides transaction confirmation and fraud signals
• Scheduling tools (such as Calendly) used to arrange consultations
• Survey platforms used to administer assessments
• Publicly available sources for account verification or business contact purposes

3. How We Use Your Information

3.1 Providing and Improving Our Services

• Processing your purchase and delivering RAISE assessments and reports
• Administering your account and responding to your requests
• Conducting debrief calls and providing advisory support
• Improving the accuracy, relevance, and quality of our assessment methodology
• Developing new features, products, and services

3.2 Communications

• Sending transactional communications (purchase confirmations, assessment access links, report delivery, debrief scheduling)
• Sending service updates, policy changes, and security notices
• Sending marketing communications about Tier8 products and services (with your consent where required by applicable law, and subject to your right to opt out at any time)

3.3 Legal and Security Purposes

• Complying with applicable laws, regulations, and legal processes
• Enforcing our Terms of Use and other agreements
• Detecting, preventing, and responding to fraud, abuse, and security incidents
• Protecting the rights, property, and safety of Tier8, our clients, and others

3.4 Aggregated and De-identified Research

We may use de-identified, aggregated data derived from assessments (with all personal and organizational identifiers removed) for benchmarking, research, industry reporting, and product development. This data cannot reasonably be used to identify any individual or organization.

4. How We Share Your Information

We do not sell personal information and do not share it for cross-context behavioral advertising.

4.1 Service Providers

We share information with trusted third-party vendors who assist us in operating our business and delivering our Services. These vendors are contractually obligated to protect your information and use it only for the purposes for which it was disclosed. Current categories of service providers include:

• Payment processing (Stripe)
• Assessment survey delivery platforms (Tally.so)
• Scheduling and calendar tools (Calendly)
• Cloud storage and document management
• Email and communication platforms
• Analytics and website performance tools

4.2 Client Organizations

When Tier8 processes personal information on behalf of client organizations (such as assessment responses), Tier8 acts as a service provider or processor, while the client organization remains the data controller.

If you participate in a RAISE assessment as an employee or representative of a client organization, we will share the aggregated organizational assessment report with that client's authorized account holder(s). We do not share your individual responses or identify you personally in any report delivered to your organization without your separate consent.

4.3 Legal Requirements

We may disclose your information if required to do so by law or in response to a valid legal process (such as a subpoena, court order, or government demand), or when we believe disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request.

4.4 Business Transfers

If Tier8 is involved in a merger, acquisition, asset sale, or similar transaction, your information may be transferred as part of that transaction. We will provide notice before your personal information is transferred and becomes subject to a different privacy policy.

4.5 With Your Consent

We may share your information for other purposes with your explicit prior consent.

5. Artificial Intelligence and Automated Processing

5.1 Current AI Use

As of the Effective Date of this Policy, AI is not used in the generation or scoring of individual RAISE assessment reports. Assessment scores are calculated using defined algorithmic formulas applied to respondent inputs, and reports are assembled through automated workflows that apply pre-authored guidance content based on those scores. No generative AI system produces the substantive findings or recommendations in your report.

We may use AI tools in our internal business operations (for example, drafting communications, data analysis, or software development), but such tools do not generate client-facing outputs.

5.2 Future AI Features

We intend to incorporate AI-assisted features into future versions of RAISE and potentially into additional Tier8 products. Before any such features are deployed that process personal information or assessment data, we will:

• Update this Privacy Policy to describe the AI processing in plain language
• Identify the categories of data processed by or submitted to AI systems
• Describe how AI outputs are reviewed or validated before use
• Provide appropriate disclosures at the point of collection where required by law

5.3 No Automated Decisions with Legal Effect

We do not currently use automated decision-making systems to make decisions about individuals that produce legal or similarly significant effects. If we introduce such features in the future, we will provide the disclosures required by applicable law, including any right to human review.

5.4 Third-Party AI Tools

We may use third-party AI products in our internal operations. When such tools process personal data, we require our vendors to maintain appropriate security and privacy protections consistent with this Policy and applicable law. We do not intentionally submit identifiable personal information to publicly available AI chat products for client work without appropriate safeguards.

6. Data Retention

We retain personal information for as long as necessary to fulfill the purposes described in this Policy, unless a longer retention period is required or permitted by law. Our general retention practices are:

• Account and Client Data: Retained for the duration of the client relationship and for a period of three (3) years following the last active engagement, after which it is deleted or anonymized.
• Assessment Response Data: Individual response data is retained for three (3) years to support longitudinal benchmarking at the organizational level, after which it is anonymized or deleted.
• Financial and Transaction Records: Retained for seven (7) years in accordance with standard accounting and tax requirements.
• Website Analytics Data: Retained for up to twenty-four (24) months.
• Marketing Communications Data: Retained until you opt out or withdraw consent, plus a reasonable period to process your request.

You may request deletion of your personal information at any time, subject to our legal obligations to retain certain records. See Section 9 (Your Rights and Choices) for how to submit a request.

7. Cookies and Tracking Technologies

Our website uses cookies and similar technologies to enhance functionality, analyze usage, and support marketing. The categories we use include:

• Strictly Necessary Cookies: Essential for the website to function. These cannot be disabled.
• Analytics Cookies: Help us understand how visitors interact with our website (e.g., pages visited, session duration). We use aggregated, anonymized data only.
• Preference Cookies: Remember your settings and choices to improve your experience.
• Marketing Cookies: Used to deliver relevant content and measure campaign effectiveness. We will not deploy targeted advertising cookies without your consent. Where required by law, we obtain consent before using certain cookies.

You can manage your cookie preferences through your browser settings or any cookie preference tool displayed on our website. Note that disabling certain cookies may affect website functionality. Our website does not currently respond to Do Not Track (DNT) browser signals.

8. Data Security

We implement administrative, technical, and physical safeguards designed to protect your personal information from unauthorized access, disclosure, alteration, and destruction. Our security measures include:

• Encryption of data in transit using TLS/SSL protocols
• Access controls limiting data access to authorized personnel on a need-to-know basis
• Secure third-party infrastructure for data storage and processing
• Regular review of security practices and vendor security postures

No method of transmission over the internet or electronic storage is 100% secure. While we take commercially reasonable steps to protect your information, we cannot guarantee absolute security. If you believe your information has been compromised, please contact us immediately at the address in Section 12.

9. Your Rights and Choices

Depending on your location and applicable law, you may have some or all of the following rights with respect to your personal information:

• Access: Request a copy of the personal information we hold about you.
• Correction: Request that we correct inaccurate or incomplete information.
• Deletion: Request that we delete your personal information, subject to our legal obligations.
• Portability: Request that we provide your information in a structured, machine-readable format.
• Restriction: Request that we restrict processing of your information in certain circumstances.
• Objection: Object to our processing of your information for direct marketing or other purposes based on legitimate interests.
• Withdrawal of Consent: Where processing is based on your consent, withdraw that consent at any time without affecting the lawfulness of processing before withdrawal.

To exercise any of these rights, please contact us at the address in Section 12. We will respond within thirty (30) days, or within any shorter timeframe required by applicable law. We may ask you to verify your identity before processing your request.

9.1 Marketing Opt-Out

You may opt out of marketing communications at any time by clicking the unsubscribe link in any marketing email or by contacting us directly. Transactional and service-related communications are not subject to opt-out as they are necessary to provide the Services.

10. Children's Privacy

Our Services are designed for business professionals and are not directed to individuals under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have collected such information, we will take prompt steps to delete it. If you believe we have collected information from a child, please contact us immediately.

11. Third-Party Links and Integrations

Our website and Services may contain links to third-party websites or integrate with third-party platforms (such as payment processors, scheduling tools, or survey platforms). This Privacy Policy does not apply to those third parties. We encourage you to review the privacy policies of any third-party services you access through or in connection with our Services. We are not responsible for the privacy practices of third parties.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. When we make material changes, we will update the "Last Updated" date at the top of this Policy and, where appropriate, provide additional notice (such as by email or a prominent notice on our website).

Your continued use of our Services after any update constitutes your acceptance of the revised Policy. We encourage you to review this Policy periodically.

14. State-Specific Privacy Disclosures

14.1 California Residents (CCPA / CPRA)

If you are a California resident, you may have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), including the right to know, delete, correct, and opt out of the "sale" or "sharing" of personal information. We do not sell or share personal information as those terms are defined under California law. To submit a request, see Section 9. You will not receive discriminatory treatment for exercising your rights.

14.2 Nevada Residents

Nevada residents may opt out of the sale of covered information. We do not sell covered information as defined under Nevada law.

14.3 Other U.S. States

Various U.S. states have enacted or are enacting comprehensive privacy laws (including Virginia, Colorado, Connecticut, Texas, and others). Where applicable, residents of those states may have rights similar to those described in Section 9. We will honor such rights to the extent required by applicable law.