Our approach to trust
AIReadiness365 applies the SturdyCloud IT Ltd. trust framework to a focused readiness funnel. We aim to use practical safeguards that support the visitor experience without collecting unnecessary information.
- Design for human oversight and accountability.
- Treat privacy, security, consent, and accessibility as build requirements.
- Use demo or synthetic information for public examples.
- Adjust controls according to the risk and use case.
- Improve as systems, threats, and expectations evolve.
Security
- HTTPS and encryption in transit.
- Least-privilege access for administrative systems.
- Multi-factor authentication where supported and appropriate.
- Secure handling of credentials and environment secrets.
- Logging, monitoring, and incident awareness.
- Controlled third-party integrations and vendor review.
- No real client data in public demonstrations.
Privacy and consent
We collect only information reasonably needed to deliver a result, guide, and requested next step. Guide delivery, result follow-up, SMS, and optional marketing choices should be separated wherever practical. Consent language, source, time, and version may be recorded.
We do not sell personal information. Access, correction, deletion, and communication-preference requests are supported where applicable.
Responsible AI
- Readiness scoring is directional, not a certification.
- Material recommendations require human review.
- AI outputs are treated as drafts and may be wrong or incomplete.
- High-risk decisions are not delegated to the public quiz.
- Submitted data is not intended for public-model training.
- Scoring, prompts, routing, and provider changes should be reviewable.
Data handling and residency
Data is minimised, access is limited, and retention is tied to the business purpose or applicable obligations. Canadian data residency is preferred where feasible. Some supporting providers may process or store information outside Canada, subject to their safeguards and local laws.
Do not submit highly sensitive or regulated information through the public quiz.
Vendors and subprocessors
The funnel may rely on providers for hosting, quiz delivery, automation, email, file storage, scheduling, analytics, and security. We consider each provider’s security, privacy, reliability, retention, training, and residency practices before use.
A current provider list will be published or made available when the production stack is finalised.
Reliability and continuity
We aim to monitor critical integrations, test all result branches, maintain recoverable configuration, and provide clear fallbacks when guide delivery or scheduling fails. The free public funnel does not carry a guaranteed uptime or service level unless a written agreement states otherwise.
Accessibility
The site targets WCAG 2.2 AA. Our baseline includes semantic structure, keyboard access, visible focus, sufficient contrast, labelled forms, understandable errors, responsive zoom, reduced-motion support, and screen-reader review of the critical quiz path.
Report an accessibility barrier to contact@sturdycloud.ca so we can provide an alternative and investigate.
Incident response
When a security, privacy, AI, accessibility, or service issue is identified, we aim to assess scope, contain impact, restore operation, notify affected parties where required, and apply lessons learned. Contractual or legal notification requirements take precedence where they apply.
Standards and commitments
Our practices are informed by PIPEDA, CASL-aware communications, GDPR-aware international handling, WCAG 2.2 AA, responsible AI principles, and SOC 2 readiness concepts focused on security, availability, and confidentiality. These references describe our direction and do not claim certification unless expressly stated.
Contact
For security, privacy, AI governance, accessibility, or trust questions, contact contact@sturdycloud.ca.
Responsible entity: SturdyCloud IT Ltd., Ontario, Canada.
