FRI, 22 MAY 2026
Live · Daily AI brief from inside the industry
14:19:41 UTC
LEGAL / Privacy Policy

Privacy Policy

Effective: 20 May 2026 · Last updated: 20 May 2026

This Privacy Policy describes how AI Insiders ("we", "us", "our") collects, uses, stores, and shares personal data when you read the website at aiinsiders.net, subscribe to our newsletter, or contact us. We aim to apply the most protective standard across the jurisdictions where our readers live, which means EU General Data Protection Regulation (GDPR), UK GDPR, and the California Consumer Privacy Act as amended by the CPRA (collectively, "CCPA").

1. Who we are

AI Insiders is an independent daily editorial publication. The data controller for the purposes of GDPR and the business for the purposes of the CCPA is Alessandro Benigni, operating as AI Insiders.

For any question about this policy, to exercise your rights described below, or to file a complaint, contact us at: hello@aiinsiders.net

2. What data we collect and why

We collect only what we need to operate the publication. We do not run advertising trackers, behavioural analytics, or third-party marketing pixels.

2.1 Newsletter subscribers

When you submit our newsletter signup form, we store:

  • Your email address.
  • The IP address Cloudflare attaches to the request, and the country it derives from that IP.
  • The source page that submitted the signup ("website").
  • The timestamp of your signup and your subscription status.

Purpose. To send you the AI Insiders newsletter and to operate basic anti-abuse and deliverability controls.
Lawful basis (GDPR). Your consent, given by submitting the form. You may withdraw consent at any time by unsubscribing through any newsletter link or by emailing us.

2.2 Sponsor inquiries

When you submit the sponsor inquiry form at /sponsor, we collect your name, company, work email, optional company URL, selected sponsorship package, target timing, and message body. This information is transmitted to the operator's inbox via our email provider (see section 4).

Purpose. To evaluate and respond to your sponsorship inquiry.
Lawful basis (GDPR). Our legitimate interest in operating commercial relationships, balanced against your reasonable expectation that we will reply to a sales inquiry you submitted.

2.3 Anti-bot challenge (Cloudflare Turnstile)

Our sponsor inquiry form uses Cloudflare Turnstile to distinguish humans from automated submissions. Turnstile is provided by Cloudflare, Inc. and may set its own functional storage and analyse browser signals as part of the challenge. Cloudflare publishes its own privacy notice for Turnstile.

Purpose. To prevent automated abuse of the sponsor form.
Lawful basis (GDPR). Our legitimate interest in protecting the site from spam and abuse.

2.4 Server logs

Cloudflare, our hosting provider, automatically records request metadata for every page view: IP address, approximate country, browser user-agent, the URL requested, the response status code, and the timestamp. These logs are kept for a limited window for security, abuse prevention, and operational debugging, consistent with Cloudflare's retention policies.

Purpose. Security, abuse prevention, reliability.
Lawful basis (GDPR). Our legitimate interest in maintaining a secure and reliable service.

2.5 Local storage on your device

We use a small amount of first-party browser storage:

  • aii.theme: remembers your light or dark theme preference.
  • aii.subs: a local record of email addresses you have subscribed with, used to avoid asking returning visitors to subscribe again.
  • aii.cookie-ack: remembers that you have seen our cookie notice.

This storage stays on your device. It is not transmitted to us. See our Cookie Policy for full detail.

3. What we do not do

For clarity, AI Insiders does not:

  • Sell, rent, or share your personal data with third parties for advertising or marketing.
  • Embed advertising trackers, social-media pixels, behavioural analytics, or remarketing scripts on this site.
  • Set cookies for marketing or behavioural profiling.
  • Combine your reading behaviour with third-party datasets to build profiles.
  • Use your data to train machine-learning models.

4. Who processes your data on our behalf

We use a small number of service providers (processors under GDPR, service providers under CCPA) to operate the publication. Each is bound by a data-processing agreement and may process your data only on our instruction.

  • Cloudflare, Inc. (San Francisco, California, USA): hosting, CDN, Workers runtime, the D1 database that stores subscribers, Email Routing, Turnstile bot protection. Cloudflare Privacy Policy.
  • Resend, Inc. (Delaware, USA): transactional email delivery, used to forward sponsor inquiries to the operator and to send operator notifications when someone subscribes. Resend Privacy Policy.

We do not engage processors outside the list above. If we do in the future, we will update this notice and tell subscribers in the newsletter.

5. International transfers

Both Cloudflare and Resend are headquartered in the United States and operate global infrastructure. If you access AI Insiders from the European Economic Area, the United Kingdom, or Switzerland, your personal data may be processed in the United States or at edge locations worldwide.

For these transfers we rely on a combination of: (a) the EU-US Data Privacy Framework, the UK Extension to the DPF, and the Swiss-US DPF, where the recipient is certified, and (b) the European Commission's Standard Contractual Clauses (SCCs) where the DPF is not applicable, together with supplementary measures (encryption in transit and at rest, access controls). You may request a copy of the relevant transfer safeguards at hello@aiinsiders.net.

6. How long we keep your data

  • Newsletter subscribers: until you unsubscribe. We may delete records that bounce permanently or that have been inactive for more than 24 months.
  • Sponsor inquiries: retained in the operator's email inbox until the inquiry is resolved and for a reasonable period afterward to support audit and tax recordkeeping.
  • Server logs: typically up to 30 days, per Cloudflare defaults.
  • Local storage on your device: until you clear your browser data.

7. Your rights

Depending on where you live, you have some or all of the following rights. We honour the strictest applicable standard across the laws below.

7.1 GDPR and UK GDPR rights (EEA, UK, Switzerland)

  • Access the personal data we hold about you.
  • Rectify inaccurate or incomplete data.
  • Erasure ("right to be forgotten") of your data, subject to limited exceptions.
  • Restriction of processing in specified circumstances.
  • Portability: receive your data in a machine-readable format.
  • Object to processing based on legitimate interest, including direct marketing.
  • Withdraw consent at any time, where processing relies on consent.
  • Lodge a complaint with your national supervisory authority. A list is at edpb.europa.eu; UK residents can complain to the Information Commissioner's Office (ICO).

7.2 CCPA / CPRA rights (California residents)

  • Right to know what categories of personal information we have collected, the sources, the business purposes, and the categories of third parties we share with.
  • Right to delete the personal information we hold about you.
  • Right to correct inaccurate personal information.
  • Right to opt out of sale or sharing. We do not sell or share personal information for cross-context behavioural advertising, but you may exercise this right as a matter of record.
  • Right to limit use of sensitive personal information. We do not collect sensitive personal information as defined by the CPRA.
  • Right to non-discrimination for exercising any of the above.

California residents may also designate an authorised agent to make requests on their behalf. We may require reasonable verification before processing.

7.3 How to exercise your rights

Email hello@aiinsiders.net with the right you wish to exercise and the email address associated with your data. We respond within 30 days for GDPR requests and 45 days for CCPA requests, extendable once where permitted by law. There is no fee for reasonable requests.

8. Security

We protect your data with industry-standard controls: TLS 1.2+ for all connections, HSTS with preload, Cloudflare-managed DDoS protection, encrypted storage at rest (D1, Resend), Cloudflare Turnstile for the sponsor form, and a minimal third-party processor footprint. We cannot guarantee absolute security and do not promise one, but we work to apply the standards a reader would reasonably expect of an editorial publication.

9. Children

AI Insiders is intended for adult readers and is not directed to children under 16. We do not knowingly collect personal data from children under 16. If you believe a child has provided us personal data, contact us and we will delete it.

10. Cookies and similar technologies

See our Cookie Policy for a full inventory of the first-party storage we use, the third-party challenge service on the sponsor form, and how to control or delete them.

11. Changes to this policy

We may update this policy as our practices evolve. The "Last updated" date at the top of the page reflects the most recent revision. Material changes that affect how we process subscriber data will be announced in the newsletter before they take effect. Continued use of the site after the effective date of an update constitutes acceptance of the updated policy.

12. Contact

Questions, requests, or complaints can be sent to hello@aiinsiders.net. For postal contact, message us first via email so we can confirm a delivery address.

This policy is provided in plain English. Where any term has a legal meaning under GDPR, UK GDPR, or the CCPA, that meaning applies. Nothing in this policy limits any statutory right you have under applicable law.