AI&ENERGYOS

Legal · AI&ENERGY OS

Privacy Policy

Effective: 19 May 2026 · Last updated: 19 May 2026 · Version 1.0

AI&ENERGY OS is built for Principals and their households who treat information about themselves as a sovereign asset. This document explains how we receive, hold, use, and release that information. Where standard industry practice and Principal sovereignty conflict, we resolve the conflict in favor of sovereignty.

Three commitments, in plain language:

One. We never use your information — voice, text, household details, anything — to train any AI model, ours or another company's. There is no exception clause.

Two. We do not record phone calls or voice notes unless we have your advance written consent and we have given ours. Default is off.

Three. We do not sell, rent, license, syndicate, or share your information with advertising networks, data brokers, lead-generation services, or any commercial third party other than the named infrastructure providers we cannot operate without.

§1Defined terms

Principal
The natural person, household, family office, trust, single-family office, or closely-held entity whom we serve. References to "you" or "your" mean the Principal.
Household
The Principal plus any individuals the Principal explicitly extends our services to (spouse, children, staff, advisors).
Engagement
The specific business purpose for which we collected information about a Principal — a waitlist application, a cohort enrollment, an advisory call, an introduction, or a delivered service.
Information
Any data that identifies, relates to, describes, or is reasonably capable of being associated with a Principal or Household, including derived data.
We, us, our
AI&ENERGY OS, a product line and operating system delivered by AI&ENERGY OS.

§2What we collect

We collect Information only for a stated Engagement. The categories are:

  • Identity. Name, salutation, role, and (where you choose to disclose them) the entity or family you represent.
  • Reach. An email address, a phone number, or both. At least one is required so we can respond; otherwise we cannot communicate.
  • Stated context. The free-form text you write to us — your application notes, the reason for your inquiry, the question you ask.
  • Engagement metadata. The page you came from, the approximate time, the locale of the browser, and a one-way hashed fingerprint of your IP address used only for de-duplication and abuse prevention. We do not store raw IP addresses.
  • Voice or recorded media, only when you have actively created it and submitted it to us through our voice-message channel.

§3What we do not collect

This section is binding on us. We do not:

  • Buy, license, or otherwise acquire Information about a Principal from a third party (no data enrichment, no append, no append-by-implication).
  • Maintain advertising-network profiles, behavioral segments, or look-alike audiences derived from your Information.
  • Track you across other websites using third-party cookies or fingerprinting libraries.
  • Embed analytics scripts, advertising tags, social-network widgets, or session-replay scripts on our public pages.
  • Collect biometric identifiers, government identifiers, financial account numbers, or health information except where you affirmatively choose to share them as part of a specific Engagement that requires them.

§4How we use information

We use Information only for the Engagement under which we received it — principally:

  • To respond to your waitlist application, inquiry, or message.
  • To schedule and conduct introductions, calls, and meetings you have requested.
  • To deliver the specific service you have engaged us for.
  • To operate the website, secure our systems, and prevent abuse.
  • To meet legal, audit, and recordkeeping obligations that bind us.

We do not repurpose Information across Engagements without your renewed consent. If you applied to the cohort waitlist, we will not later add you to a separate marketing channel because we now have your email.

§5AI processing & model training

AI&ENERGY OS uses AI systems internally to operate the product. Where AI processes your Information — for example, to transcribe a voice note or to draft an internal summary — we do so under the following non-negotiable rules:

  • No training, ever. Your Information is never submitted to any AI model provider as training data, fine-tuning data, or evaluation data. We use AI providers under "no-training" terms of service or with explicit data-isolation contracts.
  • No long-term retention by providers. Prompts and outputs are configured to be discarded by the provider on the shortest retention setting they offer.
  • Human review required for material decisions. AI-generated output is never the sole basis for an operational, legal, medical, or financial decision communicated to you.
  • Provider transparency. See §10 for the named providers we use.

This commitment is absolute. There is no "unless you authorize" clause and we will not seek that authorization. If a future product requires training on Principal data, it will be built on a separate platform under a separate brand and separate contract.

§6SMS, voice & call recordings

SMS

Our SMS program is transactional and conversational only. You opt in by giving us your mobile number for a specific Engagement (e.g., "send me a confirmation when my application is reviewed"). Consent to receive SMS is never a condition of any service. You can opt out at any time by replying STOP. See the SMS Policy for the complete program detail, including required carrier disclosures.

Voice messages

When you record a voice message through the floating microphone on the website, the audio file is forwarded directly to the operator's encrypted Telegram channel and stored in our database only as a length-and-timestamp record. We do not transcribe voice messages by default. If a transcript is needed for accessibility or follow-up, we ask for your permission first.

Inbound and outbound phone calls

We do not record calls by default. If a recording is needed for a specific reason — a fiduciary minute, a compliance file, a Principal request — we obtain explicit, advance, written, two-party consent before any recording begins. This is stricter than California law requires; it reflects who we serve.

If you call our line and reach voicemail, the voicemail recording is treated as a voice message under the rules above.

§7Cookies & browser storage

Our website uses only what is strictly necessary for the page to function:

  • A short-lived localStorage entry that remembers an email address you previously typed into a form, so you do not retype it next time on the same device. You can clear it from your browser at any time.
  • A short-lived localStorage entry that records the tokens of any voice messages you have left, so you can revisit your private receipt page (/v/<token>). This entry never leaves your device.

We do not use third-party cookies, analytics cookies, advertising cookies, cross-site tracking pixels, fingerprinting libraries, or session-replay scripts. We do not participate in advertising identifier syncs (e.g., FLoC, Topics API), and we explicitly opt out via a Permissions-Policy: interest-cohort=() response header. Because we use only strictly-necessary storage, we do not display a cookie banner.

§8Encryption, storage & residency

  • In transit. All traffic to and from our properties is served over TLS 1.3 with HSTS preload.
  • At rest. Persistent data is stored in encrypted database storage provided by our infrastructure providers. Backups inherit the same encryption.
  • Residency. Information is processed within the United States.
  • Cryptographic deletion. Where we control the key, deletion requests are honored by destroying the key material rather than only the ciphertext. Where a provider holds the key, we issue a deletion instruction and confirm execution in writing.

§9Infrastructure providers

We disclose every infrastructure provider that processes Principal Information on our behalf, so you can evaluate the chain. As of the effective date above, the list is:

  • Cloudflare, Inc. — web edge, application hosting, database (D1), domain DNS.
  • Twilio Inc. — voice line and SMS messaging delivery.
  • Resend (Resend, Inc.) — transactional email delivery.
  • Telegram FZ-LLC — operator-side notifications and voice-note relay.
  • GitHub, Inc. — source code and configuration management.

Each provider is bound by its own data-processing terms. We do not authorize any of them to use Principal Information for their own marketing, advertising, model training, or product development. We will publish material changes to this list in this policy.

§10Sharing & disclosure

We do not sell, rent, license, syndicate, or share Information with any party not listed in §9, with three narrow exceptions:

  • By your direction. Where you instruct us in writing to share specific Information with a specific recipient for a specific purpose.
  • Legal compulsion. Where we are bound by a valid subpoena, court order, or equivalent legal process. We will, where the law permits, give the affected Principal advance notice and the opportunity to seek a protective order.
  • Vital safety. Where disclosure is genuinely necessary to prevent imminent harm to a Principal or another person.

We do not maintain a relationship with any data broker, advertising network, lead-generation service, or commercial profile-enrichment service.

§11Retention

We retain Information only as long as the Engagement reasonably requires, plus the minimum period required by tax, accounting, or specific legal obligations. Default schedule:

  • Waitlist applications. Retained while you remain on the waitlist; archived for one (1) year after the cohort closes, then permanently destroyed.
  • Voice and text messages. Retained for ninety (90) days unless you ask us to retain or delete sooner; the receipt token grants you the right to permanently destroy a message at any time via a single click.
  • Active client Engagements. Retained for the duration of the Engagement plus seven (7) years of tax / fiduciary record-keeping, after which records are destroyed unless the law specifically requires longer.
  • Operational logs. Edge access logs are retained no longer than thirty (30) days.

§12Your rights

Every Principal — regardless of jurisdiction — has the following rights with respect to their own Information. These are not contingent on residency, citizenship, or service tier.

  • Access. Ask us in writing what Information about you we hold, and receive an exportable copy.
  • Correction. Ask us to correct Information you have shown to be inaccurate.
  • Erasure. Ask us to permanently destroy Information about you. We will do so unless a specific legal obligation prevents it, in which case we will tell you which obligation, for how long, and what we have destroyed in the meantime.
  • Audit log. Ask us for the log of internal access and disclosures regarding your Information. We maintain such a log; you may read it.
  • Restriction. Ask us to pause processing while a dispute about your Information is being resolved.
  • Portability. Receive your Information in a structured, machine-readable format.
  • Withdrawal of consent. Withdraw any consent you previously gave us, going forward.

To exercise any right, email privacy@aienergyos.com. We verify identity proportionate to the sensitivity of the request, respond within thirty (30) calendar days, and do not charge a fee.

§13Service area

AI&ENERGY OS is offered to Principals resident in the United States. We do not currently accept Principals resident in the European Economic Area, the United Kingdom, Switzerland, or other jurisdictions with restrictions on outward data transfer. Inquiries from outside the United States are politely declined unless the Principal has a substantial U.S. residence or U.S. tax identity sufficient to establish service eligibility.

§14California principals

California residents have additional rights under the California Consumer Privacy Act, as amended (CCPA/CPRA). In addition to the rights enumerated in §12, you have:

  • The right to know the categories of personal information we collect, the sources, the business purposes, and the categories of recipients.
  • The right to opt out of the "sale" or "sharing" of personal information for cross-context behavioral advertising. As stated in §10, we do not sell or share personal information for such purposes, so this right has nothing to act upon — but you have it.
  • The right to limit the use of sensitive personal information.
  • The right to be free from discrimination for exercising any privacy right.

To submit a verified California request, use the contact details in §12. We will not retaliate, deny service, or change pricing because you exercise a right.

§15Children

Our services are designed for adult Principals managing the affairs of their own households. We do not knowingly collect Information directly from anyone under the age of sixteen (16). Where a Principal extends services to a minor member of their Household, the Principal is the data controller for that minor's Information vis-à-vis us, and we will treat the minor's Information with the heightened protections appropriate to its sensitivity.

§16Successor obligations

If AI&ENERGY OS or any affiliated entity is acquired, merged, restructured, or wound down, the successor or transferee inherits this Privacy Policy in its then-current form as a condition of the transaction, with respect to Information held at the time of the transaction. Principals will receive written notice in advance of any such change, and may exercise their right of erasure (§12) before the change takes effect.

§17Changes to this policy

We revise this policy when our practices change or when the law requires. The "Last updated" date at the top of this page reflects the most recent revision. For material changes — particularly to §5 (AI), §6 (voice/recording), or §10 (sharing) — we will notify active Principals directly via the contact method they provided, at least thirty (30) days in advance of the change taking effect. Continued use of the services after the effective date constitutes acceptance.

§18Contact

Privacy inquiries and rights requests: