Data Deletion Policy

AIML Governance LLC (“AIML Governance,” “we,” “us,” or “our”) is committed to respecting your right to control your personal data. This Data Deletion Policy explains how you can request the deletion of personal information we have collected, how we process those requests, and the circumstances under which certain data may be retained.

This policy supplements our Privacy Policy and applies to all personal data collected through our website at www.aimlgovernance.com (the “Site”), including contact form submissions, inquiry records, and analytics data.

1. Your Right to Deletion

Under applicable privacy laws, including the California Consumer Privacy Act (CCPA/CPRA), Virginia Consumer Data Protection Act (VCDPA), Colorado Privacy Act (CPA), Connecticut Data Privacy Act (CTDPA), Texas Data Privacy and Security Act (TDPSA), and other state privacy legislation, you have the right to request the deletion of personal information that we have collected from you.

This right applies to all individuals whose personal data we process, regardless of your location. We extend deletion rights to all requestors as a matter of policy, not only to residents of states with comprehensive privacy laws.

2. Data We Collect and Can Delete

The following categories of personal data may be subject to a deletion request:

Data Category	Examples	Deletable?
Contact form submissions	Name, email, phone, company, job title, message content	Yes
Email correspondence	Emails sent to or received from AIML Governance	Yes
CRM records	Lead records, contact history, inquiry tracking	Yes
Analytics data	IP address, browsing behavior, device info	Partially (see Section 7)
Cookies	Session cookies, analytics cookies, functional cookies	Yes (via browser settings)

3. How to Submit a Deletion Request

You may submit a data deletion request through any of the following methods:

Your request should include:

• Your full name and email address associated with the data
• A description of the data you want deleted (or a request to delete all personal data)
• Any additional information that may help us locate your records

You may also designate an authorized agent to submit a deletion request on your behalf. Authorized agents must provide written proof of authorization signed by you, along with verification of their own identity.

4. Identity Verification

To protect your privacy and prevent unauthorized deletion of personal data, we must verify your identity before processing a deletion request. Verification methods may include:

• Email verification: We will send a confirmation email to the address associated with the data. You must respond to confirm the request.
• Information matching: We may ask you to confirm specific details (such as the date of your inquiry or the content of your submission) to match against our records.

We will not require you to create an account or provide sensitive personal information solely for the purpose of verifying a deletion request. If we cannot reasonably verify your identity, we will inform you and explain the steps needed to complete verification.

5. How We Process Deletion Requests

Once your identity is verified, we will take the following steps:

• Identify all records: We will search our systems to locate all personal data associated with your request, including data held in our website database, CRM, email systems, and any backup archives.
• Delete or anonymize: We will permanently delete your personal data from our active systems. Where permanent deletion is not technically feasible (such as in encrypted backup systems), we will anonymize the data so it can no longer be associated with you and ensure it is not used for any purpose.
• Notify third parties: We will direct any third-party service providers who process your data on our behalf (such as CRM platforms, email services, and analytics providers) to delete your personal data from their systems.
• Confirm completion: We will send you a written confirmation once the deletion process is complete, detailing what data was deleted and from which systems.

6. Response Timeline

We will acknowledge receipt of your deletion request within 5 business days.

We will complete the deletion process and provide confirmation within 30 calendar days of receiving a verified request. If the request is unusually complex or if we receive a high volume of requests, we may extend this period by an additional 30 days, for a maximum of 60 calendar days. If an extension is necessary, we will notify you of the reason and expected completion date within the initial 30-day period.

7. Exceptions to Deletion

We may retain certain personal data despite a deletion request when necessary for the following purposes, as permitted by applicable law:

• Legal compliance: Data required to comply with a legal obligation, including tax records, contractual obligations, or regulatory requirements
• Legal claims: Data necessary to establish, exercise, or defend against legal claims or disputes
• Security: Data needed to detect, prevent, or investigate security incidents, fraud, or illegal activity
• Internal operations: Data used solely for internal operations that are reasonably aligned with your expectations based on your relationship with us
• Aggregated or anonymized data: Data that has been fully anonymized or aggregated so that it can no longer be linked to you. Anonymized data is not personal data and falls outside the scope of deletion requests.

If any portion of your data falls under an exception, we will delete all data that is not subject to an exception and clearly explain which data we have retained and the legal basis for doing so.

8. Third-Party Data Deletion

When we receive a verified deletion request, we will notify the following categories of third-party service providers to delete your personal data from their systems:

Provider Category	Action Taken
CRM / Email platforms	Contact record and associated communications permanently deleted
Website hosting	Form submission records and server logs purged
Analytics (Google Analytics)	User-level data deletion requested via Google’s data deletion tools; aggregated data is retained
Security providers	IP-based records removed from firewall and spam protection logs

Third-party providers operate under their own data retention schedules. While we direct them to delete your data promptly, the actual deletion timeline may vary. We are not responsible for data retained by third parties in compliance with their own legal obligations.

9. Appeal Process

If your deletion request is denied in whole or in part, you have the right to appeal our decision. To file an appeal:

• Email privacy@aimlgovernance.com with the subject line “Deletion Appeal”
• Include the date of your original request and a description of why you believe the denial was incorrect

We will review your appeal and provide a written response within 30 calendar days. If we deny the appeal, we will provide a clear explanation of the reasons and inform you of your right to file a complaint with your state attorney general or applicable regulatory authority.

10. Contact Us

For questions about this Data Deletion Policy, to submit a deletion request, or to check the status of an existing request, please contact us:

AIML Governance LLC
Email: privacy@aimlgovernance.com
Website: www.aimlgovernance.com/contact

This Data Deletion Policy should be read in conjunction with our Privacy Policy. In the event of a conflict between this policy and the Privacy Policy, the Privacy Policy shall govern.