Privacy Policy

Last updated: February 2026

Overview

GoodHumansSmartMachines (GHSM) is committed to protecting your privacy. This policy explains how the AI Readiness Assessor collects, uses, and safeguards information when you complete our assessment.

What We Collect

  • Survey responses: Your answers to the 28 assessment questions, stored anonymously. No questions ask for personal identifying information.
  • Hashed IP address: Your IP address is cryptographically hashed (SHA-256 with salt) before storage. We never store your raw IP address. This hash is used solely for rate limiting and preventing duplicate submissions.
  • Consent record: Whether you accepted or declined data collection, stored with a hashed IP and timestamp.
  • Session identifier: A randomly generated ID to link your answers together. It contains no personal information.

What We Do NOT Collect

  • Names, email addresses, or contact information
  • Organization names or business identifiers
  • Location data beyond what an IP address may indicate
  • Third-party tracking cookies or advertising identifiers
  • Biometric data or device fingerprints

Cookie Usage

We use a single, essential cookie:

  • ghsm_cookie_consent: Records your consent preference (accepted/declined). This cookie is set with Secure, SameSite=Strict flags and expires after 365 days.

If you decline cookies, your survey still functions normally. We simply will not store your responses for aggregate analysis.

How We Use Data

Anonymized survey data is used exclusively for:

  • Generating your personal AI Readiness results (processed client-side)
  • Producing aggregate benchmarks across organizations (no individual identification)
  • Improving the assessment questions and scoring methodology

Data Security

  • All data is transmitted over HTTPS (TLS encryption in transit)
  • IP addresses are hashed with SHA-256 + salt before any storage
  • Database access is restricted to server-side API routes only
  • Row Level Security (RLS) policies prevent unauthorized direct access
  • Input validation and parameterized queries prevent injection attacks

Your Rights

You have the right to:

  • Decline data collection: Click “Essential Only” on the cookie banner. The survey will still work fully.
  • Request data deletion: Since we store no identifying information, there is no personal data to delete. However, if you have concerns, contact us.
  • Withdraw consent: Clear your browser cookies to reset your consent preference.

Third Parties

We do not sell, share, or transfer any collected data to third parties. The only third-party service used is Vercel for hosting, which processes requests in accordance with their own privacy policy.

Contact

For questions about this policy or your data, contact GoodHumansSmartMachines at your usual point of contact.