Privacy Policy

BraveOn is a division of The Local Pond, LLC, a Texas limited liability company. We provide AI governance consulting services to organizations seeking to establish structured, defensible AI governance programs.

Our website collects information from visitors who complete our governance readiness assessment, request consultation services, or otherwise interact with our content. We are committed to handling that information responsibly, with transparency, and in compliance with applicable privacy laws, including the Texas Data Privacy and Security Act (TDPSA).

If you have questions about this policy or our data practices, please contact us at governance@braveon.net.

We use the information we collect for the following purposes:

• Deliver assessment results. Your assessment responses are processed to generate a governance readiness tier classification and gap analysis specific to your organization.
• Send the AI Governance Whitepaper. Upon completing the assessment, we send an automated email to the address you provide with our AI governance whitepaper attached as a PDF.
• Follow up on consultation requests. We use your contact information and stated scheduling preferences to reach out and arrange a governance consultation call.
• Internal lead management and CRM. Assessment submissions are recorded in our internal systems so that our team can manage client relationships effectively.
• Improve our services. Aggregated, anonymized analytics data helps us understand how visitors use our website and improve the assessment experience.
• Comply with legal obligations. We may use or retain information as required by applicable law, legal process, or to protect our legal rights.

We do not use your personal information for automated decision-making or profiling in ways that produce legal or similarly significant effects.

We process your personal information under the following legal bases:

• Consent. When you voluntarily submit our assessment form, you consent to our collection and use of your personal information for the purposes described in this policy. You may withdraw consent at any time by contacting us at governance@braveon.net.
• Legitimate interests. We process certain information based on our legitimate business interests, including delivering the services you requested, following up on consultation inquiries, maintaining records of business relationships, and improving our website through analytics. We balance these interests against your privacy rights.
• Legal obligation. We may process information where required to comply with applicable laws or respond to valid legal requests.

We do not sell, rent, or trade your personal information to any third party.

We share your information only with the following categories of service providers, solely as necessary to deliver our services:

• Amazon Web Services (AWS). AWS provides the cloud infrastructure (Lambda compute, DynamoDB database, API Gateway, Systems Manager) that processes and stores assessment submissions. AWS acts as a data processor under our direction.
• Microsoft Corporation. Microsoft provides our Microsoft 365 services (SharePoint Online and Exchange Online via Graph API), which store lead records and deliver email communications. Microsoft acts as a data processor under our direction.
• Google LLC. Google provides Google Analytics 4 (GA4), which collects and processes anonymized analytics data about website usage. Google processes this data in accordance with its own privacy policy. Analytics data does not include the personal information you submit in the assessment form.

Each of these service providers is contractually restricted to using your information only as necessary to perform services on our behalf. We do not allow them to use your information for their own marketing or other unrelated purposes.

We may also disclose your information if required by law, court order, or governmental authority, or if we believe disclosure is necessary to protect the rights, property, or safety of BraveOn, our clients, or the public.

We retain personal information for as long as necessary to fulfill the purposes for which it was collected, to maintain our business relationship with you or your organization, and to comply with applicable legal obligations.

• Assessment submission data (stored in DynamoDB and SharePoint) is retained for the duration of our active business relationship and as required by applicable legal and recordkeeping obligations.
• Email records are retained in accordance with our standard email retention practices and any applicable legal hold requirements.
• Analytics data collected via Google Analytics 4 is subject to Google's data retention settings. We configure GA4 data retention at 14 months, after which individual event data is deleted by Google.

If you request deletion of your personal information, we will delete or anonymize it from our systems within a reasonable timeframe, subject to any legal obligations requiring us to retain certain records.

Depending on your location and applicable law, you may have the following rights with respect to your personal information:

• Right of access. You may request a copy of the personal information we hold about you.
• Right to correction. You may request that we correct inaccurate or incomplete personal information we hold about you.
• Right to deletion. You may request that we delete your personal information, subject to any legal obligations requiring us to retain certain records.
• Right to withdraw consent. Where we process your information based on consent, you may withdraw that consent at any time. Withdrawing consent does not affect the lawfulness of processing that occurred before the withdrawal.
• Right to opt out. You may opt out of receiving marketing or promotional communications from us at any time.

To exercise any of these rights, please contact us at governance@braveon.net. We will respond to your request within 45 days. We may need to verify your identity before processing your request.

We will not discriminate against you for exercising any of your privacy rights.

Our website and services are directed to business professionals and organizations. They are not directed at, and we do not knowingly collect personal information from, children under the age of 13. If we become aware that we have inadvertently collected personal information from a child under 13, we will delete that information promptly.

If you believe we may have collected information from a child under 13, please contact us at governance@braveon.net.

The Local Pond, LLC is a Texas company. The Texas Data Privacy and Security Act (TDPSA), which took effect July 1, 2024, grants Texas residents certain rights with respect to their personal data.

If you are a Texas resident, you have the right to:

• Access. Confirm whether we are processing your personal data and, if so, obtain a copy of the personal data we hold about you in a portable, readily usable format where technically feasible.
• Correction. Correct inaccuracies in your personal data, taking into account the nature of the data and our purposes for processing it.
• Deletion. Delete personal data you have provided to us or that we have obtained about you, subject to certain exceptions.
• Opt out of data sales. Opt out of the sale of your personal data to third parties. We do not sell your personal data. This right is provided for completeness, but it does not apply because we do not engage in the sale of personal information.
• Opt out of targeted advertising. Opt out of the processing of your personal data for targeted advertising purposes. We do not conduct targeted advertising, so this right is similarly not applicable to our current practices.
• Non-discrimination. You have the right not to be discriminated against for exercising any of these rights. We will not deny services, charge different prices, or provide a different level of service based on your exercise of privacy rights.

To submit a TDPSA rights request, contact us at governance@braveon.net. We will respond to your authenticated request within 45 days. If we need additional time (up to 45 additional days), we will notify you within the initial 45-day period and explain the reason for the extension.

If we decline to take action on your request, we will notify you and explain our reasons. You may appeal our decision by submitting an appeal to the same email address, clearly marked as a TDPSA appeal. If you are dissatisfied with the outcome of your appeal, you may file a complaint with the Texas Attorney General.

We may update this Privacy Policy from time to time to reflect changes in our practices, applicable law, or our services. When we make changes, we will update the “Effective Date” at the top of this page.

For material changes, we will make reasonable efforts to notify affected individuals, which may include posting a prominent notice on our website. We encourage you to review this policy periodically to stay informed about how we handle your information.

Your continued use of our website or services after the effective date of any changes constitutes your acceptance of the updated policy.

If you have questions about this Privacy Policy, wish to exercise your privacy rights, or have concerns about our data practices, please contact us:

We will acknowledge your inquiry promptly and aim to resolve any concerns in a timely and transparent manner.