Last updated: April 23, 2026
40T Secure AI (“40T,” “we,” “us,” or “our”) operates the 40T Secure AI platform at 40tsecure.ai and related services. We provide AI-powered cookie and AI compliance risk intelligence for websites across global jurisdictions worldwide.
Contact: privacy@40tsecureai.com
When you create an account, we collect your name, email address, and organization name through our authentication provider (Clerk). If you subscribe to a paid plan, payment information is processed by Stripe — we never store credit card numbers.
When you scan a website, we collect the target URL, scan results (cookies detected, scripts found, AI trackers identified, compliance violations), and scan metadata (timestamp, duration, jurisdictions checked). Scan results are stored in your organization's account and are not shared with other users.
We collect standard usage data including pages visited within our platform, features used, API calls made, browser type, and IP address. This data is used to improve the service and is not sold to third parties.
When you use the free scanner on our landing page without an account, scan results are processed in real-time and are not stored. No personal data is collected for unauthenticated scans beyond standard server logs.
We use the information we collect to: provide, maintain, and improve the 40T platform; process your scans and generate compliance reports; manage your account and subscriptions; communicate with you about your account, service updates, and security alerts; comply with legal obligations; and detect and prevent fraud or abuse.
We do not sell your personal data. We share data only with: Clerk (authentication), Stripe (payment processing), Supabase (database hosting), and Vercel (application hosting). Each provider is bound by their own privacy policies and data processing agreements. We may also disclose information when required by law or to protect our rights.
Account data is retained while your account is active. Scan results are retained for the duration of your subscription. Free tier scan history is retained for 90 days. When you delete your account, all associated data is permanently deleted within 30 days. Server logs are retained for 90 days for security purposes.
We implement industry-standard security measures including: encryption in transit (TLS 1.3) and at rest (AES-256), row-level security (RLS) in our database ensuring organizational data isolation, SHA-256 evidence hashing for scan integrity, regular security audits, and role-based access controls (RBAC). Our platform is built by CISM, CISA, and CEH certified security professionals with 15+ years of experience.
Depending on your jurisdiction, you may have the following rights regarding your personal data:
Access: Request a copy of your personal data.
Correction: Request correction of inaccurate data.
Deletion: Request deletion of your data.
Portability: Request your data in a portable format.
Opt-Out: Opt out of marketing communications at any time.
Do Not Sell: We do not sell personal data. California residents may exercise CCPA rights by contacting us.
To exercise any of these rights, contact privacy@40tsecureai.com.
We practice what we preach. Our platform uses only essential cookies required for authentication and session management. We do not use marketing cookies, advertising trackers, or third-party analytics that track you across the web. We regularly scan our own platform using 40T to verify compliance — our current score is 100/100.
Our services are hosted in the United States. If you are accessing our platform from outside the US, your data will be transferred to and processed in the US. We ensure appropriate safeguards are in place for international data transfers in compliance with applicable data protection laws including GDPR, UK GDPR, and other relevant regulations.
Our platform is not directed to individuals under the age of 16. We do not knowingly collect personal data from children. If we become aware that a child has provided us with personal data, we will take steps to delete it.
We may update this privacy policy from time to time. We will notify you of material changes by posting the updated policy on our platform and, where appropriate, by email. Your continued use of the platform after changes constitutes acceptance.
If you have any questions about this privacy policy or our data practices, contact us at:
40T Secure AI
Email: privacy@40tsecureai.com
General: support@40tsecureai.com