Privacy Policy
Last updated: April 15, 2026
AI Laws by State LLC ("the Site," "we," "our") operates AILawsByState.com and respects your privacy. This policy explains what information we collect, how we use it, and your rights regarding your data.
1. Information We Collect
Information you provide directly:
- Email address — when you create a free account or subscribe to our newsletter
- Payment information — processed securely by Stripe; we do not store credit card numbers on our servers
- State preferences — which states you want to track for notifications
Information collected automatically:
- Usage data — pages visited, features used, and time spent on the Site
- Device information — browser type, operating system, screen resolution
- IP address — for security, performance, and analytics purposes
- Cookies — see Section 8 below for a full list of cookies used
2. How We Use Your Information
| Purpose | Data Used | Legal Basis |
|---|---|---|
| Provide our service | Email, state preferences | Contract performance |
| Send welcome emails | Contract performance | |
| Send bill update notifications | Email, state preferences | Consent (opt-in) |
| Send newsletter | Consent (opt-in with pre-checked checkbox) | |
| Process payments | Payment data (via Stripe) | Contract performance |
| Site analytics | Usage data, device info, cookies | Consent (cookie banner) |
| Performance & security | IP address, request metadata | Legitimate interest |
| Prevent fraud/abuse | IP address, usage patterns | Legitimate interest |
3. Third-Party Services
We use the following third-party services that may process your data:
- Google Analytics — website analytics. Loads only after you accept analytics cookies via our consent banner. Sets cookies (
_ga) to track anonymous usage data. Data may be transferred to Google servers in the United States. (Google Privacy Policy) - Cloudflare — CDN, DNS, and security services. Processes request metadata (IP address, user agent, request headers) to provide performance optimization and DDoS protection. May set the
__cf_bmcookie for bot management. Data is processed on Cloudflare's global network, which includes servers in the United States and other countries. (Cloudflare Privacy Policy) - Stripe — payment processing. Processes payment card data directly; we never see or store your full card number. (Stripe Privacy Policy)
- Railway — hosting infrastructure (Railway Privacy Policy)
- OpenAI — AI-powered bill analysis (bill text only; no personal data is sent to OpenAI)
- Legislative data APIs — official state legislature records (public data only; no personal data shared)
4. Newsletter and Email Communications
When you create an account, you may opt in to our weekly newsletter. The opt-in checkbox is pre-selected by default.
- You can uncheck the newsletter checkbox before creating your account
- You can unsubscribe from the newsletter at any time via the link in any email
- You can unsubscribe from site notifications using the unsubscribe link in notification emails
- Transactional emails (welcome, payment confirmation) are sent regardless of marketing preferences as they relate to your account
All emails are sent from [email protected] via Google Workspace (Gmail SMTP). Google processes this email data under its terms of service.
5. Data Retention
- Account data — retained as long as your account is active; deleted upon request
- Payment records — retained as required by law (typically 7 years for tax purposes)
- Analytics data — Google Analytics retains data for 14 months by default
- Cookie preferences — your cookie consent choice is stored for 1 year
- Newsletter subscription — unsubscribe at any time via the link in any email
6. Your Rights
You have the right to:
- Access your personal data — email [email protected] to request a copy
- Correct inaccurate data
- Delete your account and associated data — email [email protected]
- Unsubscribe from marketing communications at any time
- Object to processing based on legitimate interest
- Withdraw consent for analytics cookies at any time (see Section 8)
California Residents (CCPA/CPRA)
Under the California Consumer Privacy Act, as amended by the California Privacy Rights Act, you have additional rights including:
- The right to know what personal information is collected, used, and disclosed
- The right to request deletion of your personal information
- The right to opt out of the sale or sharing of your personal information
- The right to non-discrimination for exercising your privacy rights
Our use of Google Analytics may constitute "sharing" of personal information under the CCPA/CPRA. To opt out, visit our Do Not Sell or Share My Personal Information page, or reject analytics cookies via our cookie consent banner.
We honor the Global Privacy Control (GPC) signal as a valid opt-out request.
European Residents (GDPR)
If you are located in the European Economic Area or United Kingdom, you have additional rights under the General Data Protection Regulation, including the right to data portability and the right to lodge a complaint with a supervisory authority. Our legal basis for processing is described in Section 2 above. Analytics cookies require your explicit consent before loading.
7. Data Security
We implement reasonable security measures to protect your data, including:
- HTTPS encryption for all data in transit
- Encrypted database connections
- Secure payment processing via Stripe (PCI DSS compliant)
- Access controls on administrative functions
- Cloudflare DDoS protection and Web Application Firewall
No system is 100% secure. If we discover a data breach that may affect your personal information, we will notify you as required by applicable law.
8. Cookies and Tracking Technologies
The Site uses cookies as described below. Non-essential cookies are only set after you consent via our cookie banner.
Essential Cookies (always active)
| Cookie | Purpose | Duration |
|---|---|---|
ailaws_session | User authentication session | Session / 30 days |
ailaws_admin | Admin authentication | Session |
ailaws_cookies | Stores your cookie consent preference | 1 year |
__cf_bm | Cloudflare bot management (security) | 30 minutes |
Analytics Cookies (require consent)
| Cookie | Purpose | Duration | Provider |
|---|---|---|---|
_ga | Distinguishes unique users for Google Analytics | 2 years | |
_ga_* | Maintains session state for Google Analytics | 2 years |
You can change your cookie preferences at any time by clicking "Reject Non-Essential" on the cookie banner, or by visiting our Do Not Sell or Share My Personal Information page. You can also clear cookies through your browser settings.
9. International Data Transfers
Your data may be transferred to and processed in countries outside your country of residence, including the United States. Specifically:
- Google Analytics — data may be processed on Google servers in the United States
- Cloudflare — data is processed on a global network spanning multiple countries
- Stripe — payment data may be processed in the United States
- Railway — hosting infrastructure located in the United States
- OpenAI — bill text (no personal data) processed in the United States
These transfers are necessary for the provision of our services. Where required by applicable law (such as the GDPR), we rely on Standard Contractual Clauses or the service provider's data processing agreements to ensure adequate protection of your data.
10. Children's Privacy
The Site is not directed at children under 16. We do not knowingly collect personal information from children under 16. If you believe a child has provided us with personal information, contact us at [email protected] and we will promptly delete it.
11. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated to registered users via email. Continued use of the Site after changes constitutes acceptance. The "last updated" date at the top of this page reflects the most recent revision.
12. Contact
For privacy-related questions or requests, contact us at: [email protected]
AI Laws by State LLC, 1309 Coffeen Avenue STE 1200, Sheridan, Wyoming 82801