Last updated: 17 June 2026.

Draft pending review. This notice is a working draft and has not yet been signed off by the founder or legal counsel. It is published for transparency and is not to be treated as cleared legal copy.

AI Business Architect is independent thought leadership — not affiliated with any employer. This notice explains, in plain terms, what personal data the site collects, why, and the rights you have over it. It is written to align with Vietnam's Personal Data Protection Law (PDPL) and the Vietnam AI Law 134/2025.

What personal data we collect

We collect only what is needed to deliver what you ask for. There are three points of collection:

  • Newsletter subscription — your email address, an optional first name, and your explicit consent to receive the briefing.
  • Lead-magnet download — your email address, your explicit consent, and a tag recording which playbook you requested.
  • Member account — your email address and a password. Passwords are never stored in plaintext; they are stored only as a one-way hash (argon2id) and are never written to logs.

We do not collect anything you do not actively provide. Operational logs reference an internal record id, never your email.

Our lawful basis for processing your personal data is your consent, given before any data is collected. Consent is not a checkbox we forget — every consent event is written to an append-only consent ledger, an immutable record that serves as proof of consent under PDPL. No consent record means no processing: if consent is not given, no subscriber, lead, or related record is created.

The ledger captures the moment consent was given, the version of this notice you were shown, and where on the site consent was captured.

How we use your data

  • Newsletter — to send you the weekly briefing you subscribed to.
  • Lead magnets — to deliver the specific playbook you requested.
  • Member accounts — to operate your account (sign-in, email verification, password reset).

We send transactional email only at this stage (subscription confirmation, the briefing you opted into, account and password emails). We do not sell, rent, or share your data, and there is no third-party ad tracking on this site.

Cookieless analytics — no consent banner

This site uses cookieless analytics. We set no tracking cookies and build no advertising profile, so there is no consent banner to dismiss. Because non-essential cookies are never set in the first place, there is nothing to withhold or withdraw.

How your data is protected

  • All auth and opt-in tokens are stored hashed — session tokens, email-verification tokens, and password-reset tokens are stored as hashes, never as usable credentials. A database compromise would not yield a working token or password.
  • Gated PDFs are served only via short-lived signed URLs, issued only after authentication and consent. There is no public, ungated download path for gated assets.
  • Personal data lives only in our database, never in the site's source, content files, or build artifacts.

Data retention and your right to deletion

We retain personal data only as long as needed to provide the service you consented to. You may withdraw consent or request deletion at any time.

On a verified deletion request we delete or anonymize your member, subscriber, or lead record and cascade-delete any associated sessions. Consent records are anonymized rather than deleted — this preserves a PDPL-compliant audit trail showing that consent once existed and was withdrawn, while removing the personal identifiers within it.

Compliance

This site is operated in alignment with:

  • Vietnam's Personal Data Protection Law (PDPL), and
  • Vietnam AI Law 134/2025.

Contacting us about your data

For any data request — access, correction, withdrawal of consent, or deletion — email info@aibusinessarchitect.ai. Please use the email address associated with your subscription or account so we can verify the request.