Privacy Policy

This policy explains how Purpose Led AI ("PLAI", "we", "us") collects, uses, and protects information when you visit our website, fill in a form, sign up to hear from us, use our PLAIground community platform, or otherwise share your details with us.

We've written this in plain language because we think you deserve to actually understand it.

PLAI (Purpose Led AI) is an AI training and consulting organisation working with nonprofits, INGOs, and mission-driven organisations globally. We operate across Canada, Australia, and internationally.

Data controller: PLAI — Purpose Led AI Pty Ltd Registered address: 4 Taylor Street, Kiama, NSW, 2533, Australia Privacy officer: Kaz McGrath, CEO of PLAI, team@weareplai.com Contact for privacy questions: team@weareplai.com

We collect information you give us directly, plus a small amount of standard website analytics. We don't use advertising pixels, third-party behavioural tracking, or profiling tools.

When you contact us or sign up, we collect:

• Your name
• Your email address
• Your organisation and role (if you share them)
• Anything you write in a message or form field
• Country or region (if relevant to the enquiry)

When you visit the website, our website host may collect basic technical information (e.g., approximate location, browser type, pages visited) to keep the site running and secure. We also use Google Analytics to understand, in aggregate, how people use the site — see the Cookies section below. None of this is used to build a profile of you as an individual.

Our emails include standard open and click measurement so we can see what's useful and what isn't. If you'd rather we didn't, unsubscribe or just ask us.

When you use PLAIground, see the PLAIground section below for full details.

If your organisation engages PLAI for a programme or project, we may receive some of your information indirectly — from your organisation's designated project lead rather than from you directly. This typically includes your name, email address, role, team, department, and project involvement.

We use this only for the purpose of delivering our work with your organisation: inviting you to meetings, organisational events and activities that are part of the project, and sharing project-related activities such as surveys. Nothing else.

All the rights described in this policy apply to this information too — you can ask what we hold, correct it, or ask us to remove you from project communications at any time.

Our website uses:

• Strictly necessary cookies — set by our website host to keep the site running and secure
• Google Analytics cookies — to measure, in aggregate, how the site is used (pages visited, where visitors come from). This data isn't used to identify you or target you with anything.

If you're visiting from the EU/EEA, we'll ask for your consent before setting analytics cookies, and you can decline without losing access to anything. You can also block or delete cookies through your browser settings at any time.

PLAIground (hosted by Circle) uses its own cookies — including session cookies needed to keep you logged in and analytics cookies. Circle asks for consent before setting non-essential cookies for visitors from the EEA, UK, and Switzerland. See Circle's Cookie Policy (circle.so/cookie-policy) for details.

We don't collect sensitive information (health, race, religion, political views, etc.) unless it's genuinely necessary for delivering a service you've asked for — and only with your consent.

We only use your information for the reason you gave it to us:

• To respond to enquiries you send via our contact form
• To send you communications you've signed up for (newsletter, programme updates, event invitations)
• To deliver services if you become a client or training participant
• To manage your PLAIground membership and deliver community features
• To improve our work by understanding what's resonating with our community

Our legal basis (for those who care about GDPR language): consent for marketing communications, legitimate interest for responding to direct enquiries, contract performance for client and programme work, and legal obligation for records we're required to keep (like accounting).

We share your information only with the service providers we use to run our business — never with anyone for their own marketing or advertising purposes. We don't sell your data. We don't rent it. We don't trade it.

We sometimes work with partners to develop and deliver better programmes for our community, and we publish sector research and reports. Where we do, we share or publish aggregated, anonymised insights — things like what topics our community is asking about, where skill gaps are, or how AI adoption is trending across the sector — never your personal information. If a specific programme or event ever involves sharing your details with a named partner (for example, a co-delivered programme), we'll tell you up front and ask first.

The categories of providers we use, with current examples:

• Email and marketing tools (Ortto, Circle) — to send communications you've opted into
• Customer/CRM and project tools (Ortto, Notion, Google Workspace) — to track conversations, communications, and projects
• Website hosting and analytics (Cloudflare, Supabase, Google Analytics) — to run the website and understand how it's used
• Programme delivery tools (Zoom, Jotform) — to run live sessions, registrations, and surveys when you take part in a programme
• Payment processing (Stripe) — payment processing and reconciliation
• Accounting (Xero) — only if we have a financial relationship with you or your organisation
• Community platform (Circle) — to host and operate PLAIground, PLAI's online community and other learning and cohort experiences. Circle processes member data on PLAI's behalf. See circle.so/privacy for Circle's own privacy practices.

These providers process your data on our behalf, under contracts that restrict what they can do with it. We may change providers within these categories from time to time; we'll keep this list current, and the protections described in this policy apply regardless of which provider we use.

We may disclose information if legally required (e.g., a valid court order), but we'll challenge overbroad requests where we reasonably can, and notify you unless legally prohibited.

PLAI operates internationally, and the tools we use may store data in Canada, Australia, the United States, or the European Union. Where data leaves your home region, we rely on the standard contractual protections those providers have in place (GDPR Standard Contractual Clauses, the UK International Data Transfer Addendum, and equivalent Canadian, Australian, and New Zealand arrangements) — and PLAI remains accountable for how your information is handled by the providers we choose, wherever they are.

PLAIground data is hosted in the United States via Circle (CircleCo, Inc., New York). Circle is GDPR-compliant, CCPA-compliant, and SOC 2 certified.

• Contact form enquiries: up to 2 years after our last meaningful interaction, unless you ask us to delete sooner
• Newsletter / mailing list: until you unsubscribe (one click in any email)
• Client records: for the duration of our engagement plus 7 years for accounting and tax compliance
• PLAIground membership data: for the duration of your membership, plus up to 12 months after it ends, unless you request deletion sooner

Regardless of where you live, you can:

• Ask what we hold about you
• Correct anything that's wrong
• Ask us to delete it (subject to legal retention requirements)
• Withdraw consent to marketing at any time
• Object to how we're using it
• Get a copy of your data in a portable format
• Complain to your local privacy regulator if you think we've got it wrong

If anything we hold about you is wrong or out of date, please tell us — we'll fix it.

Email team@weareplai.com. We'll respond within 30 days — sooner where your local law requires it (e.g., 20 working days in New Zealand) — and usually much faster.

You can also complain to us directly — we'll acknowledge within 30 days and tell you what we're doing about it.

If you're in the EU/UK, you can also complain to your data protection authority. If you're in Canada, that's the Office of the Privacy Commissioner (or the Commission d'accès à l'information if you're in Quebec). In Australia, it's the OAIC. In New Zealand, it's the Office of the Privacy Commissioner.

Our services are designed for professionals. We don't knowingly collect information from anyone under 16. If you believe a child has provided us information, contact us and we'll delete it.

We use reasonable technical and organisational measures to protect your information — encrypted storage, access controls, vetted vendors, and a documented data breach response process. No system is perfect; if something goes wrong that affects you, we'll tell you.

We'll update this policy as our practices evolve. The date at the top tells you when it was last changed. For significant changes, we'll notify you directly if we have your email.

PLAIground is PLAI's online community platform, hosted by Circle (circle.so). It's where programme participants, alumni, and invited members connect, access resources, and engage with PLAI's learning community.

To access PLAIground, you'll create a Circle account. Circle has its own privacy policy (circle.so/privacy) which governs how Circle operates its platform. This section explains how PLAI handles the data generated by your participation in our community.

Information you provide directly:

• Your name and email address (used to create your Circle account and community profile)
• Profile information you choose to add (role, organisation, photo, bio)
• Content you post or share — posts, comments, replies, resources, event registrations
• Messages you send to other members via the platform's direct messaging feature
• Responses to any surveys, polls, or course activities within the platform

Information collected automatically by Circle:

• Device and browser information (IP address, browser type, operating system)
• Usage data (pages visited, features used, time spent, links clicked)
• Approximate location derived from IP address
• Cookies and similar tracking technologies — see Circle's Cookie Policy (circle.so/cookie-policy)

Circle, as the platform provider, processes some of this technical data as part of delivering the service. PLAI does not control Circle's infrastructure-level data collection, but Circle is contractually committed to processing member data only on behalf of and under the instruction of the community owner (PLAI).

PLAI uses information from PLAIground to:

• Manage your community membership and access
• Deliver programme content, learning activities, and resources
• Facilitate connection and communication between members
• Send platform notifications and programme-related updates
• Monitor community health and engagement to improve the PLAIground experience
• Evaluate programme outcomes and impact (in aggregate or anonymised where possible)
• Produce aggregated, anonymised insights about community needs and sector trends — for improving our programmes, working with partners, and publishing sector research. These insights never include your personal information.

We do not use your PLAIground data for advertising, third-party marketing, or behavioural profiling.

PLAIground is a community space. Some of what you share will be visible to other members:

• Your profile name and any profile details you add are visible to other PLAIground members
• Posts, comments, and content you contribute to community spaces are visible to other members
• Direct messages are private between you and the recipient(s)

Think of it like a shared workplace or learning environment — what you put into public spaces is shared with the community. Please don't share sensitive personal information in community posts.

Circle provides the underlying platform. As the platform operator, Circle may use some data for:

• Operating and securing the platform
• Analytics to maintain platform performance
• AI-powered features (where enabled by PLAI), such as content suggestions or community moderation tools

Circle states that your personal data will not be used to train or fine-tune any external AI models — by Circle or by the AI providers it works with. Any AI features on the platform process data securely and do not retain or log data with third-party AI providers beyond what is needed to generate a response.

If we enable new AI features in PLAIground (such as AI Agents), we'll update this policy and let members know before they go live.

For full details on how Circle handles platform-level data, see circle.so/privacy.

When you interact with other members on PLAIground, those members may see the information you share. PLAI cannot control how other members use information you voluntarily share in community spaces. Please use good judgement about what personal information you include in public posts or messages.

• While you're an active member: for the duration of your membership
• After your membership ends: up to 12 months, unless you request deletion sooner
• Content you've posted may remain visible to other members after your membership ends unless you delete it or request removal

To request deletion of your PLAIground data, email team@weareplai.com.

All the rights described above apply to your PLAIground data. Additionally:

• You can update your Circle profile at any time
• You can delete posts and content you've created
• You can request that your account be deactivated or removed by emailing team@weareplai.com
• You can manage notification preferences directly in your Circle account settings

PLAIground may integrate with tools that PLAI already uses, including Ortto (for email communications). Where this applies, we'll tell you. Data passed between PLAIground and these tools is governed by the same principles as the rest of this policy.

Email team@weareplai.com and a real human will respond.