Privacy Policy

Last updated: February 6, 2026

1. Introduction

TXAIMS ("Texas AI Management System"), operated by Jason Pellerin ("we," "us," or "our"), is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

2. Information We Collect

2.1 Account Information

  • Name and email address (from Google/GitHub OAuth)
  • Profile picture (from OAuth provider)
  • Organization name, deployer type, and contact details you provide

2.2 AI System Information

  • AI system names, types, and descriptions
  • Purpose, deployer type, and TRAIGA risk classification
  • Prohibited practice screening results
  • NIST AI RMF alignment documentation
  • Data categories processed by your AI systems

2.3 Compliance Documentation

  • Evidence bundles and compliance assessments
  • NIST alignment reports
  • Healthcare AI disclosure records (SB 1188)
  • Government AI training records (HB 3512)
  • Incident reports, cure notices, and remediation records
  • Audit logs and activity history

2.4 Usage Information

  • IP address and browser type
  • Pages visited and features used
  • Date and time of access

3. How We Use Your Information

We use collected information to:

  • Provide and maintain the Service
  • Generate compliance reports, evidence bundles, and NIST alignment assessments
  • Screen for TRAIGA prohibited practices
  • Send notifications about assessments, incidents, cure deadlines, and regulatory changes
  • Process payments and manage subscriptions
  • Respond to support requests
  • Improve the Service
  • Comply with legal obligations

4. Data Retention

In accordance with TRAIGA compliance documentation best practices, we retain your AI system records, evidence bundles, NIST alignment reports, and related compliance documentation for a minimum of three (3) years. This supports your ability to demonstrate an affirmative defense under TRAIGA Section 546.103 and respond to AG enforcement actions within the 60-day cure period. Account information is retained as long as your account is active, plus any legally required retention period.

5. Data Sharing

We do not sell your personal information. We may share information with:

  • Service Providers: Third parties that help us operate the Service (hosting, payment processing via Stripe, email delivery via Resend)
  • Legal Requirements: When required by law, subpoena, or government request, including Texas AG enforcement actions
  • Business Transfers: In connection with a merger, acquisition, or sale of assets
  • With Your Consent: For any other purpose with your explicit consent

6. Third-Party Services

We use the following third-party services:

  • Google OAuth: For authentication
  • GitHub OAuth: For authentication
  • Stripe: For payment processing
  • Resend: For transactional email delivery
  • Google Drive: For compliance report storage (optional)
  • Apify: For regulatory monitoring intelligence

Each third-party service has its own privacy policy governing their use of your data.

7. Data Security

We implement appropriate technical and organizational measures to protect your data, including:

  • Encryption in transit (HTTPS/TLS with HSTS preloading)
  • Encrypted database storage (PostgreSQL)
  • Access controls and OAuth authentication (no passwords stored)
  • Content Security Policy (CSP) headers
  • Regular security assessments
  • Audit logging of all access

8. Your Rights

You have the right to:

  • Access: Request a copy of your data
  • Correction: Request correction of inaccurate data
  • Deletion: Request deletion of your data (subject to legal retention requirements)
  • Export: Request your data in a portable format
  • Opt-out: Opt out of marketing communications

To exercise these rights, contact us at [email protected].

9. Texas Privacy Rights

If you are a Texas resident, you have rights under the Texas Data Privacy and Security Act (TDPSA), including the right to access, correct, delete, and obtain a copy of your personal data, as well as the right to opt out of the sale of personal data, targeted advertising, and profiling. We do not engage in the sale of personal data or targeted advertising based on personal data.

10. Children's Privacy

The Service is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children.

11. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes via email or through the Service. Your continued use after notification constitutes acceptance of the updated policy.

12. Contact Us

For questions about this Privacy Policy or to exercise your rights, contact:

Email: [email protected]
TXAIMS by Jason Pellerin
Austin, Texas