Privacy Policy

Who We Are

AskRajGPT is operated by BGAI Ventures LLC, a Florida limited liability company (“BGAI Ventures,” “AskRajGPT,” “we,” “us,” or “our”). BGAI Ventures LLC is the data controller for personal information collected through the Platform. For purposes of the GDPR, BGAI Ventures LLC is the controller.

This Privacy Policy explains how we collect, use, share, and protect personal information when you use the Platform at askrajgpt.com, including any associated applications, tools, programs, and services. It also describes your rights regarding your personal data.

What Data We Collect

We collect the following categories of personal information:

Identity and contact information

• Name (first name, as provided)
• Email address
• Phone number (when provided for SMS opt-in or the SMB Toolkit form)

Business and professional information

• Company role, job title, or business type (from application forms and the SMB flow)
• Business size, industry, and challenges (when provided)
• Quiz responses and AI readiness assessment results

Account and authentication data

• Firebase Authentication UID (a unique identifier tied to your email login)
• Magic link email authentication logs
• Account creation date and last activity

Purchase and entitlement data

• Purchase history and entitlements (which products you have access to)
• Payment metadata from Stripe (transaction ID, amount, currency, product purchased). We do not store your full card number, CVV, or bank account details; those are held exclusively by Stripe.

Platform activity and usage data

• Lessons started and completed, modules opened, prompts copied
• Outcomes and results you log, case studies you generate
• Tool usage and workflow interactions
• Progress through cohort companion content

Technical and device data

• IP address
• Browser type and version
• Device type and operating system
• Referring URL and page views
• Session duration and navigation patterns
• Session replay data (see Section 7 for full disclosure of our session recording practices)

Lead and consent data

• Information submitted through any lead capture form on the Platform, including cohort applications, tool waitlists, newsletter sign-ups, and the SMB Toolkit form
• Email marketing consent status and timestamp
• SMS consent status and timestamp
• Unsubscribe records

User-generated content

• Any content you voluntarily submit including testimonials, outcome descriptions, feedback, and application essays

How We Collect It

We collect personal information through:

• Directly from you: When you complete the AI Readiness Quiz, create an account, submit any form (application, waitlist, newsletter, SMB Toolkit, cohort application), make a purchase, or contact us.
• Automatically: When you use the Platform, we collect technical and usage data automatically through cookies, PostHog analytics (including session replay), and browser/device signals.
• From third-party processors: When you authenticate via Firebase or complete a purchase via Stripe, those providers return confirmation data to us (authentication status, payment confirmation).
• From local storage:The Platform stores certain preference and progress data in your browser's localStorage (e.g., readiness score, activity timeline) for performance and continuity. This data remains on your device.

How We Use Your Data

We use the personal information we collect to:

• Provide, operate, and maintain the Platform, including authenticating your account and delivering the content you are entitled to;
• Process payments, manage purchases, and maintain your entitlements and access rights;
• Personalize your experience, including your AI readiness roadmap and program recommendations;
• Send transactional emails (account confirmations, magic links, purchase receipts, program access instructions);
• Send marketing and educational emails where you have consented to receive them;
• Send SMS messages where you have opted in to receive them;
• Respond to your inquiries and provide customer support;
• Analyze usage patterns and product behavior to improve the Platform (including through PostHog analytics and session replay);
• Protect the security and integrity of the Platform, detect abuse, enforce rate limits, and prevent fraud;
• Comply with applicable legal obligations and enforce our Terms of Service;
• For high-ticket applications and cohort applications, evaluate your eligibility and notify our team;
• Display aggregated or anonymized testimonials and outcomes on the Platform and in marketing materials (see our Terms of Service, Section 16 for media release terms).

We do not sell your personal data to third parties.

Legal Bases for Processing

For users in the European Economic Area, United Kingdom, or other jurisdictions where the GDPR or equivalent laws apply, we rely on the following legal bases:

• Contractual necessity: Processing required to provide the Platform and fulfill your purchases (account creation, payment processing, entitlement management, transactional email).
• Legitimate interests: Product analytics, session replay, security and fraud prevention, customer support, and business operations, where those interests are not overridden by your rights. For US users, analytics and session replay operate under an opt-out model; see Section 7 for opt-out instructions.
• Consent: Marketing email communications and SMS marketing. You may withdraw consent at any time without affecting the lawfulness of prior processing. EEA and UK users may have additional rights regarding analytics and session replay under local law; contact us at legal@askrajgpt.com to exercise those rights.
• Legal obligation: Compliance with applicable laws, tax records, and legal process.

Data Processors and Sharing

We share personal data only with service providers that help us operate the Platform. Each processes data on our behalf and is subject to data processing agreements consistent with applicable privacy law. We do not sell your data or share it with third parties for their own independent marketing purposes.

We do not currently use advertising pixels or third-party ad trackers. If we add any such integrations in the future, we will update this policy before activating them.

We may disclose personal data if required by law, legal process, or a valid government request; to protect the rights, property, or safety of AskRajGPT, its users, or others; or in connection with a merger, acquisition, or sale of substantially all assets, in which case personal data may be transferred to the acquiring entity subject to the same or equivalent privacy protections.

Cookies, Analytics, and Session Recording

Cookies and local storage

The Platform uses cookies and browser local storage to maintain your session, remember your authentication state, store your activity timeline and readiness score locally, and provide a consistent experience. Essential cookies are required for the Platform to function. Blocking them may prevent login or break core features.

PostHog analytics

We use PostHog for product analytics, behavioral event tracking, in-product surveys, and session replay. PostHog receives a pseudonymous user identifier (your Firebase UID) and behavioral event data.

Custom event properties sent to PostHog are sanitized before transmission: your email address, name, phone number, and the text of any prompts or messages are explicitly redacted from all event properties and never sent to PostHog as structured data.

Session replay disclosure (important)

PostHog's session replay feature records your interactions on the Platform, including mouse movements, clicks, scrolling, keyboard activity, navigation between pages, and the content visible on your screen during your session. This is separate from event properties: even though event properties are sanitized, the session replay captures what is rendered on screen.

We configure PostHog with maskAllInputs: true, which masks all HTML form fields in session recordings so that text you type into any input (email, phone, name, payment fields, and other form elements) is replaced with placeholder characters and never transmitted in the recording. However, content displayed as page text (not inside form inputs) may still appear in recordings. You should be aware that session replay is active when using the Platform.

Session recordings are stored by PostHog and accessible only to AskRajGPT administrators. They are used exclusively to understand how users interact with the Platform, identify usability issues, and improve features, and are not used to share your behavior with third-party advertisers.

To opt out of PostHog analytics and session replay, you can block the PostHog script using a content blocker or privacy browser extension, or contact us at legal@askrajgpt.com to request opt-out. Note that opting out may affect analytics features within the Platform.

Advertising pixels

We do not currently use advertising pixels or third-party ad trackers (such as Google Tag Manager or Meta pixel). If we add them in the future, we will update this policy before activating them.

SMS Data and Carrier Handling

When you opt in to receive SMS messages from AskRajGPT, your phone number and opt-in consent data are transmitted to Atlas Industries via GoHighLevel's platform for message delivery through A2P 10DLC registered messaging.

Your phone number and SMS consent data are used solely to send you the text messages you have opted in to receive. Your mobile phone number and SMS consent information will not be sold or shared with any third party for their own independent marketing purposes.

SMS messages are transmitted via telecommunications carriers, which may have access to message content and delivery data as part of standard network operations. Carriers are not responsible for message delivery failures.

To stop receiving SMS messages, reply STOP at any time. You will receive a confirmation and no further marketing messages will be sent. You may also contact us at support@askrajgpt.com to request removal from our SMS list.

Email Marketing

We send marketing and educational emails only to those who have provided consent. Marketing emails are CAN-SPAM compliant and include our physical or registered address and an unsubscribe mechanism in every email.

You may unsubscribe from marketing emails at any time by clicking the “Unsubscribe” link in any email or by contacting us at support@askrajgpt.com. Unsubscribing from marketing email will not unsubscribe you from transactional emails (such as purchase receipts and account access instructions), which are necessary to operate your account.

All emails are sent via Resend. Your email address is not shared with any third party for their own marketing purposes.

Data Retention

We retain your personal data for as long as is necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by applicable law.

• Account and entitlement data is retained for the duration of your account plus a reasonable period thereafter to handle any support or legal inquiries;
• Purchase and transaction records are retained for at least seven (7) years to comply with tax and financial record-keeping requirements;
• Marketing consent records are retained for the life of the consent plus a reasonable period for legal compliance purposes;
• Session replay recordings are retained as configured in our analytics provider settings, with recordings retained for a limited period (currently up to approximately three (3) months) and subject to change;
• Lead capture records are retained as part of our CRM, and you may request deletion at any time (see Section 12).

When data is no longer needed for the purposes described here and no legal obligation requires its retention, we delete or anonymize it.

Security

We implement reasonable technical and organizational measures to protect your personal data against unauthorized access, loss, destruction, or alteration. These measures include: HTTPS encryption in transit; access controls and authentication for all administrative systems; use of reputable, security-certified service providers (Google Firebase, Supabase, Stripe); and server-side rate limiting and input validation on all data submission endpoints.

However, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security. In the event of a data breach that affects your rights or freedoms, we will notify affected users as required by applicable law.

Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data. To exercise any of these rights, contact us at legal@askrajgpt.com. We will respond within 30 days (or within the timeframe required by applicable law). We may need to verify your identity before processing your request.

• Right to access: Request a copy of the personal data we hold about you.
• Right to correction: Request that we correct inaccurate or incomplete personal data.
• Right to deletion: Request that we delete your personal data, subject to our legal retention obligations and contractual necessity.
• Right to data portability: Request that we provide your data in a structured, machine-readable format where technically feasible.
• Right to object: Object to processing based on our legitimate interests.
• Right to restrict processing: Request that we limit how we use your data in certain circumstances.
• Right to withdraw consent: Where processing is based on consent (e.g., marketing email, SMS), you may withdraw consent at any time without affecting the lawfulness of prior processing.
• Right to opt out of analytics: You may opt out of PostHog analytics and session replay at any time by blocking the PostHog script via a content blocker or by contacting us at legal@askrajgpt.com.
• Right to opt out of SMS: Reply STOP to any SMS message.
• Right to unsubscribe: Click Unsubscribe in any marketing email.

Deletion requests: If you request deletion of your account and data, we will delete or anonymize your personal data from our active systems, subject to our need to retain certain data for legal, tax, fraud prevention, or contractual purposes. Deletion may take up to 30 days to fully process across all systems.

Do Not Sell / Do Not Share (CCPA)

This section applies to California residents under the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA).

We do not sell your personal information to third parties in exchange for money. We do not share your personal information with third parties for cross-context behavioral advertising in a manner that would constitute a “sale” or “share” under the CCPA/CPRA. We do not currently use advertising pixels or third-party ad trackers.

California residents have the right to:

• Know what personal information we collect and how we use and disclose it;
• Request deletion of your personal information;
• Request correction of inaccurate personal information;
• Opt out of the sale or sharing of your personal information for cross-context behavioral advertising (we do not currently engage in such sharing);
• Non-discrimination for exercising any of your CCPA rights.

To exercise any CCPA right, contact us at legal@askrajgpt.com with the subject line “California Privacy Request.”

GDPR and International Users

AskRajGPT is based in the United States and its servers and service providers are primarily located in the United States. If you access the Platform from the European Economic Area (EEA), the United Kingdom, or Switzerland, please be aware that your personal data will be transferred to and processed in the United States, which may not provide the same level of data protection as your home jurisdiction.

For transfers of EEA personal data to the United States, we rely on Standard Contractual Clauses (SCCs) or other applicable transfer mechanisms to the extent required. Our sub-processors (Firebase/Google, Stripe, Supabase, Resend, PostHog) each have their own cross-border transfer mechanisms in place.

If you are in the EEA or UK and believe we have not addressed your complaint satisfactorily, you have the right to lodge a complaint with your local data protection authority (DPA).

EEA and UK residents may exercise the data subject rights listed in Section 12 by contacting us at legal@askrajgpt.com.

Note for counsel: This GDPR section is included conservatively for businesses with international visitors. If AskRajGPT regularly targets or processes data from EEA residents, a formal Data Processing Agreement with each processor and, potentially, a UK or EEA representative appointment may be required. Please advise on the appropriate cross-border transfer mechanism and whether a formal Article 27 representative is needed.

Children's Privacy

AskRajGPT is intended exclusively for adults 18 years of age or older, consistent with our Terms of Service eligibility requirement. The Platform is not directed to, and we do not knowingly collect personal data from, anyone under the age of 18.

If we become aware that we have collected personal data from someone under 18 without verified parental consent, we will take steps to delete that information promptly. Note for EEA users: the EEA digital consent age is 16 in most member states; users under 18 in those jurisdictions must have parental authorization to use the Platform in any case, as our minimum age for service is 18. If you believe we have inadvertently collected data from a minor, please contact us at legal@askrajgpt.com.

Third-Party Links

The Platform may contain links to third-party websites, tools, or resources. These links are provided for your convenience and do not constitute an endorsement by AskRajGPT of those third parties. We have no control over the content, privacy policies, or practices of third-party websites and are not responsible for your interactions with them.

We encourage you to review the privacy policy of every third-party site you visit.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will update the “Last updated” date at the top of this page and, where required or appropriate, notify you by email or via a notice on the Platform.

Your continued use of the Platform after we post changes constitutes your acceptance of those changes. If you do not agree to the revised Privacy Policy, you must stop using the Platform.

Contact and Data Requests

For all privacy-related inquiries, data subject requests, or questions about this Privacy Policy, contact us:

We will respond to all verifiable requests within 30 days (or sooner where required by applicable law). Where we are unable to fulfill a request, we will explain why.