Privacy Policy

Introduction

Evolve AI Institute ("we," "us," or "our") operates the Texas DIR AI Awareness Training platform located at evolveaiinstitute.com/texas-training (the "Platform"). We are committed to protecting your privacy and complying with all applicable data protection laws.

This Privacy Policy explains how we collect, use, disclose, retain, and safeguard your personal information when you access or use our Platform. It applies to all users, including individual registrants, government employees enrolled through their agencies, and visitors to the Platform.

This Privacy Policy is designed to comply with the following laws, among others:

• Texas Data Privacy and Security Act (Texas Business and Commerce Code Chapter 541, "TDPSA")
• Texas Identity Theft Enforcement and Protection Act (Texas Business and Commerce Code Chapter 521)
• Texas Public Information Act (Texas Government Code Chapter 552)
• Children's Online Privacy Protection Act (15 U.S.C. Section 6501-6506, "COPPA")
• California Consumer Privacy Act / California Privacy Rights Act (Cal. Civ. Code Section 1798.100 et seq., "CCPA/CPRA"), to the extent applicable

By accessing or using the Platform, you acknowledge that you have read, understood, and agree to the practices described in this Privacy Policy. If you do not agree, please do not use the Platform.

Data Minimization Principles

We adhere to the principle of data minimization. We collect only the personal information that is adequate, relevant, and reasonably necessary for the specific purposes described in this Privacy Policy. We do not collect personal information beyond what is needed to deliver our training services, issue certificates, and fulfill our legal and compliance obligations.

Information We Collect

1. Personal Identifiers

We collect the following when you register for an account:

• Full name (first and last)
• Email address (government or personal)
• Government entity or organization affiliation
• Job title (optional)
• Department (optional)

2. Payment Information

Payment transactions are processed by our third-party payment processor (PayPal and/or Stripe). We do not directly collect, store, or have access to your full credit card number, bank account number, or other sensitive financial account information. We retain only a transaction reference ID, payment amount, date, and payment status for our records.

3. Training and Learning Data

We automatically collect information about your training activity:

• Course enrollment and completion status
• Quiz and assessment attempts, scores, and results
• Time spent on individual lessons and modules
• Progress through course content
• Certificate issuance records (certificate ID, date, name)

4. Technical and Usage Data

We collect technical data for security, functionality, and platform improvement:

• IP address
• Browser type and version
• Operating system
• Device type (desktop, tablet, mobile)
• Login and logout timestamps
• Pages visited and navigation paths
• Referring URLs

5. Communications Data

If you contact us via email, our contact form, or other channels, we retain the content of your communications, your contact information, and our responses.

6. Biometric Data

We do not collect biometric data. We do not use fingerprint scanning, facial recognition, voiceprint analysis, retina scanning, or any other biometric identification technology. If this changes in the future, we will update this Privacy Policy and obtain your explicit consent as required by applicable law before any such collection.

Legal Bases for Processing Your Data

We process your personal information only on lawful grounds, including:

• Performance of a Contract: Processing necessary to deliver the training services you registered for, issue certificates, and manage your account.
• Legal Compliance: Processing required to comply with applicable laws, including compliance reporting to government employers under Texas Government Code Section 2054.5193 and responding to lawful requests from regulatory authorities.
• Consent: Where you have provided explicit consent, such as for optional marketing communications or surveys. You may withdraw consent at any time.
• Legitimate Interests: Processing necessary for our legitimate business interests, including platform security, fraud prevention, service improvement, and analytics, provided such interests do not override your fundamental rights and freedoms.

How We Use Your Information

We use your information for the following purposes:

• Training Delivery: To provide access to course materials, track your progress, and personalize your learning experience.
• Certification: To issue, store, and enable verification of certificates of completion.
• Compliance Reporting: To generate completion and compliance reports for government entities as required by Texas law, including reports to the Texas Department of Information Resources.
• Account Management: To create and maintain your account, authenticate your identity, and process payments.
• Communication: To send essential notifications about your account, training updates, certificate issuance, and system maintenance. Marketing communications are sent only with your explicit consent.
• Platform Improvement: To analyze aggregated and anonymized usage patterns to improve our services, content, and user experience.
• Security: To protect against fraud, unauthorized access, and other security threats, and to enforce our Terms of Service.
• Legal Obligations: To comply with applicable laws, respond to legal process, and cooperate with government authorities.

Information Sharing and Disclosure

No Sale of Personal Data

We do not sell, rent, lease, or trade your personal information to any third party for monetary or other valuable consideration. We have not sold personal data in the preceding twelve (12) months and have no plans to do so.

Government Employer Reporting

If you are enrolled through a government entity, we share the following information with your employer's designated compliance contact for the sole purpose of statutory compliance reporting:

• Your name and email address
• Training enrollment date
• Course completion status and date
• Assessment pass/fail status (not individual question responses)
• Certificate ID and issuance date

This sharing is necessary to enable government entities to satisfy their reporting obligations under Texas Government Code Section 2054.5193. We do not share detailed learning analytics, individual quiz answers, or time-on-page data with employers.

Public Certificate Verification

Our public certificate verification system allows third parties to confirm training completion by entering a certificate ID. The verification page displays only: the certificate holder's name, the certificate ID, the course title, and the date of issuance. No other personal information is disclosed through the verification system.

Service Providers

We share information with trusted third-party service providers who assist us in operating the Platform:

• Payment Processing: PayPal and/or Stripe (for secure payment processing). These providers have their own privacy policies governing their use of your payment information.
• Hosting: Our web hosting provider stores Platform data on servers located within the United States.
• Email Services: We use email service providers to deliver account notifications and, with your consent, marketing communications.
• Analytics: Google Analytics (see "Cookies and Tracking" section below).

All service providers are contractually obligated to use your information only for the purposes of providing services to us and to implement appropriate security measures.

Legal Requirements

We may disclose your information when we believe in good faith that disclosure is necessary to:

• Comply with applicable law, regulation, legal process, or governmental request
• Enforce our Terms of Service or other agreements
• Protect the rights, property, or safety of Evolve AI Institute, our users, or the public
• Detect, prevent, or address fraud, security, or technical issues

Texas Public Information Act

Because many of our users are Texas government employees, certain training records held by your government employer may be subject to disclosure under the Texas Public Information Act (Texas Government Code Chapter 552). Evolve AI Institute is a private company, and records held solely by us are generally not subject to the Public Information Act.

However, to the extent that we provide training completion data to government entities, those records may become government records subject to public disclosure. If we receive a public information request directed at user data, we will:

• Promptly notify the affected government entity
• Cooperate with the entity's determination regarding disclosure
• Not independently release records to third parties without lawful authorization
• Assert applicable exemptions (such as personal privacy) where appropriate

Cookies and Tracking Technologies

We use cookies and similar technologies organized into the following categories:

Strictly Necessary Cookies

Required for the Platform to function. These cannot be disabled.

• Session Cookie (PHPSESSID): Maintains your login session. Expires when you close your browser.
• CSRF Token: Protects against cross-site request forgery attacks. Expires with session.
• Remember Me Token: If you select "Remember Me" at login, this cookie persists for up to 30 days.

Analytics Cookies

Used to understand how visitors interact with the Platform. These are optional.

• Google Analytics (_ga, _gid, _gat): Collects anonymized and aggregated data about page visits, session duration, and navigation patterns. IP addresses are anonymized before storage. Data is retained by Google for 14 months. Google's privacy policy applies to their processing of this data.

Managing Cookies

Strictly necessary cookies are required for the Platform to function and cannot be disabled. You may disable analytics cookies through your browser settings. Disabling strictly necessary cookies may prevent you from using the Platform. We do not use marketing, advertising, or social media tracking cookies.

Data Security

We implement commercially reasonable administrative, technical, and physical safeguards designed to protect your personal information against unauthorized access, disclosure, alteration, and destruction, including:

• Encryption in Transit: All data transmitted between your browser and our servers is encrypted using TLS/SSL (HTTPS).
• Encryption at Rest: Sensitive data fields are encrypted using AES-256 encryption.
• Password Security: Passwords are hashed using Argon2ID, a memory-hard hashing algorithm. We never store plaintext passwords.
• Access Controls: Access to personal information is restricted to authorized personnel on a need-to-know basis.
• Application Security: CSRF protection, XSS prevention, SQL injection prevention via prepared statements, rate limiting, and security headers (CSP, HSTS, X-Frame-Options).
• Monitoring: Security audit logging of administrative actions and authentication events.

While we strive to use commercially reasonable means to protect your personal information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

Data Breach Notification

In the event of a security breach involving your personal information, we will comply with all applicable breach notification laws, including:

• Texas Law: As required by Texas Business and Commerce Code Section 521.053, we will notify affected Texas residents as quickly as possible and without unreasonable delay, but no later than sixty (60) days after discovery of the breach. If the breach affects more than 250 Texas residents, we will also notify the Texas Attorney General.
• Notification Content: Breach notifications will include a description of the incident, the types of information involved, steps we are taking to investigate and remediate, and contact information for questions.
• Government Employer Notification: If the breach affects users enrolled through a government entity, we will also promptly notify the entity's designated security contact.

Data Retention

We retain your personal information only as long as necessary to fulfill the purposes for which it was collected. Specific retention periods are as follows:

When retention periods expire, data is securely deleted or irreversibly anonymized. Certain records may be retained longer if required by applicable law, regulation, or legal proceedings.

Data Storage and Cross-Border Transfers

All personal data collected through the Platform is stored and processed on servers located within the United States. We do not transfer your personal data outside the United States. Our hosting infrastructure is located in the continental United States.

Our third-party service providers (payment processors, email services, analytics) may process data on servers located in the United States. We require all service providers to maintain appropriate security measures.

Your Rights Under Texas Law (TDPSA)

Under the Texas Data Privacy and Security Act, Texas residents have the following rights:

• Right to Know: You may request confirmation of whether we are processing your personal data and access to that data.
• Right to Correct: You may request correction of inaccurate personal data.
• Right to Delete: You may request deletion of your personal data, subject to legal retention requirements and exceptions.
• Right to Data Portability: You may request a copy of your personal data in a portable, readily usable format (CSV or JSON).
• Right to Opt Out: You may opt out of the processing of your personal data for targeted advertising, the sale of personal data, or profiling that produces legal or similarly significant effects. Note: We do not engage in any of these activities.
• Right to Non-Discrimination: We will not discriminate against you for exercising any of these rights.

How to Exercise Your Rights:

• Email: privacy@evolveaiinstitute.com
• Subject line: "Texas Privacy Rights Request"

We will verify your identity before processing any request. We will respond to verified requests within forty-five (45) days. If we need additional time, we will notify you of the extension and the reasons, up to a maximum of ninety (90) days total.

If we decline your request, you may appeal by emailing privacy@evolveaiinstitute.com with the subject line "Privacy Rights Appeal." We will respond to appeals within sixty (60) days. If you are not satisfied with the outcome of an appeal, you may file a complaint with the Texas Attorney General at www.texasattorneygeneral.gov.

California Privacy Rights (CCPA/CPRA)

If you are a California resident, you may have additional rights under the California Consumer Privacy Act and California Privacy Rights Act, including:

• The right to know what personal information we collect, use, and disclose
• The right to request deletion of your personal information
• The right to opt out of the sale or sharing of personal information
• The right to non-discrimination for exercising your privacy rights

We do not sell or share personal information as defined by the CCPA/CPRA. In the preceding twelve (12) months, we have not sold or shared personal information of California residents. To exercise your California privacy rights, contact us at privacy@evolveaiinstitute.com.

Children's Privacy

This Platform is intended solely for adult government employees and authorized personnel. It is not directed to children under the age of thirteen (13), and we do not knowingly collect personal information from children under 13 in compliance with the Children's Online Privacy Protection Act (COPPA).

If we become aware that we have inadvertently collected personal information from a child under 13, we will promptly delete that information. If you believe that a child under 13 has provided us with personal information, please contact us immediately at privacy@evolveaiinstitute.com.

International Users

This Platform is operated from the United States and is intended primarily for Texas government employees. If you access the Platform from outside the United States, please be aware that your information will be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your country of residence. By using the Platform, you consent to the transfer and processing of your information in the United States.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

• Update the "Last Updated" date at the top of this page
• Post a prominent notice on the Platform
• Send an email notification to registered users for material changes that affect their rights

We encourage you to review this Privacy Policy periodically. Your continued use of the Platform after changes are posted constitutes your acceptance of the updated Privacy Policy.