Privacy Policy

Last Updated: March 2025

1. Introduction

At Stillwater Insights, we aim to set the standard in privacy, security, and ethical AI usage. This policy outlines how we incorporate AI into our consulting work while maintaining strict data protection and confidentiality standards.

2. AI Usage in Consulting

We use AI-powered tools, including LLMs, to enhance research, analysis, and reporting.

AI is used strictly as an analytical assistant, and all final decisions, reports, audit preparation and policy recommendations are conducted by human experts.

3. Data Privacy & Client Confidentiality

To ensure data security and client privacy, we adhere to the following principles:

3.1 No Proprietary Client Data is Entered into AI Systems

  • We do not input client names, company names, or sensitive business information into AI tools.

  • If discussing a case study or use case, data is anonymized before processing.

3.2 Data Anonymization & Masking

When analyzing privacy posture, regulatory needs, or security gaps, we use:

  • Generalized descriptions (e.g., "A mid-sized SaaS company processing EU user data…")

  • Coded identifiers (e.g., "Client A" instead of company names)

  • Obfuscation of sensitive details

3.3 No Retention or Training on Client Data

  • AI tools used at Stillwater Insights do not retain or train on any data entered.

  • We do not use AI models that process or store client information beyond the active session.

4. Security Measures

To protect client data, we implement:

  • Dedicated work devices: All consulting work is conducted on a dedicated, encrypted computer.

  • Zero-trust security model: Strict access controls, encrypted file storage, and MFA-protected accounts.

  • Encrypted communications: Secure email, encrypted file sharing, and VPN usage.

  • Regular data purging: Unnecessary client files and analysis notes are routinely destroyed.

5. AI Governance & Compliance Alignment

To the best of our ability, Stillwater Insights ensures AI usage aligns with:

  • GDPR, CCPA, and emerging AI regulations

  • ISO 27701 & SOC 2 data security best practices

  • Responsible AI principles (transparency, accountability, and fairness)

If AI-driven insights impact compliance recommendations, human review ensures accuracy and regulatory alignment.

6. Transparency & Client Choice

Clients can:

  • Request AI-free consulting engagements if preferred.

  • Receive explanations of AI-generated insights in reports.

7. Contact & Questions

For any questions about our AI usage or data privacy practices, please contact: info@stillwaterinsights.io