Privacy Policy

Last updated: June 2026

This Privacy Policy explains how The CAIO ("we", "us"), operated by iMentiX, collects, uses, and protects your personal data when you use thecaio.eu (the "Site"), including the free AI Readiness Self-Assessment. We are committed to processing personal data in accordance with the EU General Data Protection Regulation (GDPR).

1. Who is responsible for your data

The data controller is The CAIO, operated by iMentiX. For any privacy question or request, contact us at im@imentix.ai.

2. What we collect

When you complete the AI Readiness Self-Assessment, we collect:

• Organization details you provide: company name, your role, annual revenue range, and industry.
• Your assessment answers: your 1–5 ratings across strategy & governance, implementation, people & culture, and risk & compliance.
• Computed results: your overall and per-dimension scores and maturity label.
• Contact details: your email address, and — if you choose to provide them — your phone number and a free-text description of your biggest AI challenge.
• Technical metadata: the date and time of submission, your browser's user-agent string, and the referring page. This is used for aggregate device and traffic analytics.

If you contact us by email or book a call, we also process the information you choose to share with us.

3. Why we use it, and our legal basis

• To calculate and deliver your AI readiness score and personalized report — on the basis of your consent, which you give via the checkbox on the assessment form.
• To follow up with relevant insights and tailor our advisory approach to your needs — on the basis of your consent.
• To understand and improve how the Site is used (aggregate analytics) — on the basis of our legitimate interest in operating and improving our services.

4. Cookies and tracking

This Site does not use tracking or advertising cookies, and does not run third-party analytics trackers. We do not build advertising profiles of visitors.

5. Where your data is stored and who can access it

Assessment submissions are stored in a database hosted on Cloudflare infrastructure, with the primary database located in the European Union (Western Europe region). We use the following processors and third-party services:

• Cloudflare — website hosting and database (Cloudflare Pages and D1).
• Google Fonts — web fonts served from Google's CDN, which may receive your IP address as part of the request.
• Google Calendar (Appointment Scheduling) — if you book a call, your booking details are processed by Google under its own privacy terms.

We do not sell your personal data to anyone.

6. How long we keep it

We retain assessment submissions for as long as necessary to provide our services and maintain a record of our engagement with you, and no longer than required for the purposes described above. You can ask us to delete your data at any time.

7. Your rights

Under the GDPR you have the right to access, rectify, erase, restrict, or object to the processing of your personal data, the right to data portability, and the right to withdraw consent at any time (without affecting processing carried out before withdrawal). To exercise any of these rights, email im@imentix.ai. You also have the right to lodge a complaint with your local data protection authority.

8. Security

We apply appropriate technical and organizational measures to protect personal data, including transport encryption (HTTPS) and access controls on our database. No method of transmission or storage is completely secure, but we work to protect your information.

9. Changes to this policy

We may update this Privacy Policy from time to time. The "Last updated" date above reflects the latest revision.

10. Contact

Questions about this policy or your data? Email im@imentix.ai.