Privacy Policy

AICON360 LLC — KVSuite Platform
Last Updated: 2025
1. Introduction & Scope
Overview 1.1 Controller & Processor
2. Information We Collect
Data Categories 2.1 Sensitive Data 2.2 Automatic Collection 2.3 Third Parties
3. How We Use Your Info
Overview 3.1 Service Delivery 3.2 Operations & Security 3.3 AI Model Training 3.4 Compliance 3.5 Communications
4. Legal Bases for Processing
5. How We Share Your Info
Overview 5.1–5.5 Sharing Categories
6. Data Retention
Retention Periods Deletion & Destruction
7. Data Security 8. Cookies & Tracking
9. Your Rights & Choices
US State Laws Biometric & GDPR Rights How to Exercise
10. AI Disclosures
How AI Works Oversight & Limitations Bias & Training Data
11. Children’s Privacy 12. International Transfers 13. Changes to This Policy 14. Contact Us 15. Supplemental Notices

1. Introduction and Scope

AICON360 LLC (“AICON360,” “we,” “our,” or “us”) operates the KVSuite platform and the AICON360 artificial intelligence tool (collectively, the “Platform”). This Privacy Policy describes how we collect, use, disclose, retain, and protect personal information when you access or use the Platform.

This Privacy Policy applies to:

  • Individual End Users: Employees, workers, contractors, and other personnel of our client organizations (“Clients”) who access or are observed through the Platform;
  • Client Administrators and Coaches: Authorized personnel of Client organizations who administer, configure, or input data into the Platform;
  • Website Visitors: Individuals who visit our website at kvsuite.com or aicon360.com;
  • Prospective Clients: Individuals who engage with us for business development purposes.

By accessing or using the Platform, you acknowledge that you have read, understood, and agree to the practices described in this Privacy Policy. If you are an End User whose employer or contracting organization has engaged AICON360 through a Client agreement, your use of the Platform is also governed by the terms between AICON360 and your employer.

1.1 Our Role: Data Controller and Data Processor

AICON360 operates in a dual capacity with respect to personal information processed through the Platform:

  • As a Data Controller: AICON360 independently determines the types of data the Platform collects, the technical infrastructure and security measures applied, and the use of aggregated and anonymized data to improve our AI models and Platform functionality. For these processing activities, AICON360 is the controller and is directly responsible to individuals.
  • As a Data Processor: Clients configure which Platform modules they activate, determine which of their personnel use the Platform, define what content is uploaded (including video, audio, and observation data), and direct the specific purposes for which AI-generated insights are used within their organizations. For these processing activities, the Client is the controller and AICON360 processes data on the Client’s behalf pursuant to a Data Processing Addendum (“DPA”).

2. Information We Collect

We collect and process the following categories of personal information through the Platform:

Data Category Examples Purpose
Account & Identity Data Name, email, employee ID, role, job title, employer name, login credentials User authentication, access provisioning, account management
Training & LMS Data Course enrollments, progress, completion status, assessment scores, certificates Delivering and tracking training, compliance reporting
Safety Observation Data Field observation notes, coaching interaction logs, behavioral observations, incident data Human performance improvement, safety trend analysis
Video & Audio Recordings In-field coaching recordings, training session recordings, meeting recordings as uploaded by Clients AI-powered analysis, coaching feedback, performance evaluation
Biometric Data Voiceprints derived from audio recordings Identity verification, AI-driven performance analysis
Geolocation Data GPS coordinates from mobile devices, location of field observations, site check-in data Observation location verification, workforce deployment analytics
Device & Technical Data IP address, browser type, device identifiers, operating system, session logs, error reports Platform operation, security monitoring, troubleshooting
Usage & Analytics Data Feature usage patterns, navigation data, session duration, click paths Platform improvement, user experience optimization
AI-Generated Data AICON360 coaching insights, performance scores, risk assessments, behavioral pattern analyses Delivering AI-powered human performance improvement services
Cookies & Tracking Data Session cookies, analytics cookies, preference cookies Platform functionality, analytics, user preferences

2.1 Sensitive Data Categories

Certain categories of data we process are classified as “sensitive” under applicable law, including:

  • Biometric Information: We derive voiceprints from audio recordings for the purposes of identity verification and AI-driven performance analysis. Under the Illinois Biometric Information Privacy Act (“BIPA”), the Texas Capture or Use of Biometric Identifier Act, and similar state laws, this data is classified as biometric information or biometric identifiers and is subject to heightened protections.
  • Precise Geolocation Data: We collect GPS coordinates from mobile devices used to access the Platform in the field. This data is classified as precise geolocation under the California Consumer Privacy Act (“CCPA”) and other state privacy laws.
  • Audio/Visual Recordings: Video and audio recordings of workers may be subject to state wiretapping, eavesdropping, and electronic surveillance laws, including two-party consent requirements in states such as California, Florida, Illinois, Pennsylvania, and Washington.

2.2 Information Collected Automatically

When you access the Platform, we automatically collect certain technical and usage data through cookies, log files, and similar technologies. This includes device identifiers, IP addresses, browser and operating system information, session duration, pages viewed, and feature usage patterns. For more information about our use of cookies and similar technologies, see Section 8 below.

2.3 Information from Third Parties

We may receive information about you from your employer or contracting organization when they provision your account, from single sign-on (SSO) identity providers when you authenticate, and from our third-party analytics and AI service providers in connection with their processing of data on our behalf.

3. How We Use Your Information

We use personal information collected through the Platform for the following purposes:

3.1 Service Delivery

  • Providing access to the KVSuite platform and its activated modules (LMS, observation system, AICON360 AI tool)
  • Delivering training content, tracking progress, and issuing certifications
  • Recording and analyzing field safety observations and coaching interactions
  • Generating AI-powered coaching insights, risk assessments, and performance analytics through the AICON360 tool
  • Enabling Client administrators and coaches to manage their workforce within the Platform

3.2 Platform Operations and Security

  • Authenticating users and managing account access
  • Monitoring for unauthorized access, security incidents, and platform abuse
  • Maintaining system logs for troubleshooting and technical support
  • Ensuring platform stability and performance

3.3 Platform Improvement and AI Model Training

We use aggregated and anonymized data derived from Platform usage to improve our AI models, algorithms, and Platform functionality. This processing involves the removal of all direct and indirect personal identifiers such that the resulting data cannot reasonably be used to identify any individual. We do not use identifiable personal information to train or improve our AI models.

Anonymization Standard

AICON360 applies industry-standard anonymization techniques including generalization, k-anonymity, and statistical noise injection. Data is considered anonymized only when the risk of re-identification is negligibly small and the data cannot reasonably be linked back to an identified or identifiable individual under applicable law. Anonymized data is not considered personal information under this Privacy Policy.

3.4 Compliance and Legal Obligations

  • Responding to lawful requests from government authorities
  • Complying with applicable laws, regulations, and legal process
  • Enforcing our Terms of Service and Acceptable Use Policy
  • Protecting the rights, safety, and property of AICON360, our Clients, and their personnel

3.5 Communications

We may use contact information to send service-related notifications, security alerts, and administrative messages necessary for the operation of the Platform. We do not use End User personal information for marketing purposes without explicit consent.

4. Legal Bases for Processing

The legal basis for our processing of your personal information depends on the data category, the purpose of processing, and the applicable jurisdiction.

4.1 United States

In the United States, our processing is based on:

  • Contractual Necessity: Processing necessary to perform the services under our agreement with the Client and to provide the Platform to authorized users.
  • Consent: Where required by law, including for the collection and processing of biometric information under BIPA and similar state laws, and for audio/video recording in two-party consent jurisdictions.
  • Legitimate Business Interests: Processing for platform security, fraud prevention, and platform improvement using anonymized data, where such interests are not overridden by the individual’s rights.
  • Legal Obligation: Processing required to comply with applicable laws and regulations.

4.2 European Economic Area, United Kingdom, and Switzerland

For individuals located in the EEA, UK, or Switzerland whose data is processed through the Platform, our processing is based on:

  • Article 6(1)(b) GDPR: Processing necessary for the performance of a contract to which the data subject is party.
  • Article 6(1)(f) GDPR: Processing necessary for our legitimate interests or those of a third party, except where overridden by the data subject’s interests or fundamental rights.
  • Article 6(1)(a) GDPR: Consent, where required (particularly for biometric data processing under Article 9(2)(a)).
  • Article 6(1)(c) GDPR: Processing necessary for compliance with a legal obligation.

5. How We Share Your Information

We do not sell personal information. We share personal information only in the following circumstances:

5.1 With Your Employer / Client Organization

We share your personal information with the Client organization that provisioned your account, including training records, observation data, AI-generated coaching insights, and performance analytics. The Client, as your employer or contracting organization, determines how this information is used within their organization.

5.2 With Service Providers and Subprocessors

We engage third-party service providers who process personal information on our behalf to support Platform operations. These include:

  • Cloud Infrastructure Providers: US-based cloud hosting services (e.g., Amazon Web Services, Microsoft Azure, or Google Cloud Platform) for data storage and computing.
  • Third-Party AI/ML Services: Specialized artificial intelligence and machine learning service providers that assist in processing video, audio, and behavioral data for the AICON360 tool.
  • Analytics Providers: Third-party analytics tools for understanding Platform usage patterns and improving the user experience.
  • IT and Security Vendors: Providers of security monitoring, logging, and incident response services.

All service providers and subprocessors are contractually obligated to process personal information only as directed by AICON360, to maintain appropriate security measures, and to comply with applicable data protection laws. We maintain a list of current subprocessors, which is available upon request.

5.3 For Legal and Compliance Purposes

We may disclose personal information when required by law, regulation, legal process, or enforceable governmental request; to enforce our Terms of Service; to protect the rights, safety, or property of AICON360, our Clients, or the public; or in connection with an investigation of suspected or actual illegal activity.

5.4 Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, or other business transfer, personal information may be transferred as part of the transaction. We will provide notice of any such transfer and any changes to this Privacy Policy.

5.5 With Consent

We may share personal information for other purposes with your explicit consent or at the direction of the Client organization.

6. Data Retention

We retain personal information only for as long as necessary to fulfill the purposes for which it was collected, comply with legal obligations, resolve disputes, and enforce our agreements.

6.1 Retention Periods

  • Account and Identity Data: Retained for the duration of the Client’s active subscription, plus 90 days following contract termination to facilitate data export and transition.
  • Training and LMS Data: Retained for the duration of the Client’s active subscription, plus 1 year for compliance record-keeping purposes, unless a longer retention period is required by applicable law.
  • Safety Observation Data: Retained for the duration of the Client’s active subscription, plus 3 years for safety trend analysis and regulatory compliance.
  • Video and Audio Recordings: Retained for a maximum of 12 months from the date of collection, unless the Client requests earlier deletion or a longer retention period is required by applicable law.
  • Biometric Data: Retained only for the period necessary to fulfill the purpose for which it was collected. In all cases, biometric data will be permanently destroyed within 3 years of the individual’s last interaction with the Platform, or within 1 year of the Client’s contract termination, whichever occurs first.
  • Geolocation Data: Retained for a maximum of 12 months from the date of collection.
  • AI-Generated Data and Insights: Retained for the duration of the Client’s active subscription. AI-generated insights derived from identifiable data are deleted upon contract termination or upon request.
  • Anonymized and Aggregated Data: Because anonymized data is not personal information, it may be retained indefinitely for AI model improvement, research, and Platform development purposes.
  • Technical and Usage Logs: Retained for 12 months for security and troubleshooting purposes.

6.2 Deletion and Destruction

Upon expiration of the applicable retention period, or upon a verified deletion request, AICON360 will permanently delete or irreversibly anonymize the personal information using industry-standard methods. For biometric data, destruction will be by means consistent with BIPA requirements and will be documented.

7. Data Security

AICON360 implements and maintains commercially reasonable administrative, technical, and organizational security measures designed to protect personal information against unauthorized access, alteration, disclosure, or destruction. These measures include, but are not limited to:

  • Encryption: Data encrypted in transit (TLS 1.2 or higher) and at rest (AES-256 or equivalent).
  • Access Controls: Role-based access controls (RBAC), multi-factor authentication (MFA) for administrative access, and principle of least privilege.
  • Network Security: Firewalls, intrusion detection and prevention systems, and regular vulnerability scanning.
  • Monitoring and Logging: Continuous security monitoring, audit logging, and anomaly detection.
  • Incident Response: Documented incident response procedures, including breach notification protocols as required by applicable law.
  • Vendor Security: Due diligence and contractual security requirements for all third-party service providers and subprocessors.
  • Employee Training: Regular security awareness training for all AICON360 personnel with access to personal information.

While we implement rigorous security measures, no system is completely secure. We cannot guarantee absolute security of your personal information, and you use the Platform at your own risk.

8. Cookies and Tracking Technologies

The Platform uses cookies, pixels, and similar tracking technologies to operate, secure, and improve the Platform.

8.1 Types of Cookies We Use

  • Strictly Necessary Cookies: Required for Platform functionality, including authentication, session management, and security. These cookies cannot be disabled.
  • Analytics and Performance Cookies: Used to understand how users interact with the Platform, identify usage patterns, and improve functionality.
  • Preference Cookies: Used to remember user preferences and settings across sessions.

8.2 Third-Party Analytics

We use third-party analytics services that may set their own cookies and collect information about your use of the Platform. These services operate under their own privacy policies. We encourage you to review the privacy policies of these third-party providers.

8.3 Your Cookie Choices

You can manage cookie preferences through your browser settings. Disabling certain cookies may affect Platform functionality. Where required by applicable law, we will obtain your consent before placing non-essential cookies on your device.

9. Your Rights and Choices

9.1 Rights Under US State Privacy Laws

Depending on your state of residence, you may have the following rights with respect to your personal information:

  • Right to Know/Access: You may request information about the categories and specific pieces of personal information we have collected about you, the sources of collection, the purposes of processing, and the categories of third parties with whom we share your information.
  • Right to Delete: You may request the deletion of personal information we have collected about you, subject to certain legal exceptions.
  • Right to Correct: You may request correction of inaccurate personal information.
  • Right to Opt-Out of Sale or Sharing: AICON360 does not sell personal information. If this practice changes, we will provide a clear opt-out mechanism.
  • Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.
  • Right to Opt-Out of Automated Decision-Making: Where AI-generated insights are used in connection with decisions that produce legal or similarly significant effects, you may have the right to opt out of such automated processing under applicable law.

9.2 Biometric Data Rights

If your biometric information is collected through the Platform, you have the right, under applicable law, to:

  • Receive written notice of the specific purpose and duration for which your biometric data is being collected, stored, and used before collection begins;
  • Provide informed, written consent (or have your employer obtain such consent on behalf of AICON360) before your biometric data is collected;
  • Request information about whether your biometric data is being stored and, if so, the purpose for which it is stored;
  • Request permanent destruction of your biometric data, subject to applicable retention requirements.

9.3 Rights Under GDPR (When Applicable)

If you are located in the European Economic Area, United Kingdom, or Switzerland and your data is processed through the Platform, you may also have the right to:

  • Request data portability (receive your data in a structured, commonly used, machine-readable format);
  • Object to processing based on legitimate interests;
  • Withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal;
  • Lodge a complaint with a supervisory authority in your jurisdiction.

9.4 How to Exercise Your Rights

To exercise any of the rights described above, you may submit a request by contacting us at:

Email: privacy@aicon360.com

Mail: AICON360 LLC, Attn: Privacy Officer, 4225 Rollins Place Rd, Zachary, LA 70791

We will verify your identity before processing your request. If you are an End User whose account was provisioned by a Client organization, we may direct your request to the applicable Client or coordinate with them to fulfill your request. We will respond to verified requests within the timeframes required by applicable law (typically 45 days under CCPA, 30 days under GDPR).

9.5 Authorized Agents

You may designate an authorized agent to submit a privacy rights request on your behalf. We may require written authorization from you and verification of the agent’s identity before processing such a request.

10. AI-Specific Disclosures

The AICON360 tool uses artificial intelligence and machine learning to process data collected through the Platform and generate coaching insights, performance analytics, and risk assessments. The following disclosures are provided to ensure transparency about our AI practices:

10.1 How the AI Works

The AICON360 tool analyzes data inputs — including safety observation records, training data, and, where activated by the Client, video recordings, audio recordings, and geolocation data — to identify behavioral patterns, generate coaching recommendations, and produce performance insights. AI-generated outputs are designed to supplement, not replace, human judgment.

10.2 Human Oversight

AICON360 is designed as a decision-support tool. AI-generated insights are provided to Client-designated coaches and administrators for their review and independent judgment. AICON360 does not make autonomous decisions regarding employment, discipline, compensation, or any other action that produces legal or similarly significant effects on individuals. Responsibility for all personnel decisions remains with the Client organization.

10.3 Limitations and Accuracy

AI-generated outputs are probabilistic in nature and may contain errors, biases, or inaccuracies. AICON360 does not warrant the accuracy, completeness, or reliability of AI-generated insights. Clients and their designated users are responsible for evaluating AI outputs critically and exercising independent judgment.

10.4 Bias and Fairness

AICON360 is committed to identifying and mitigating bias in its AI models. We conduct periodic internal reviews of model outputs for disparate impact. However, the Client organization bears responsibility for conducting any legally required bias audits, algorithmic impact assessments, or disparate impact analyses with respect to their use of AI-generated insights in employment-related decisions. AICON360 will cooperate with Client-initiated audits, subject to reasonable protection of trade secrets and proprietary information.

10.5 Data Used for AI Training

As described in Section 3.3, we use aggregated and anonymized data to improve our AI models. We do not use identifiable personal information for AI model training. Clients may opt out of having their anonymized data included in model improvement by contacting us in writing; however, opting out may limit the effectiveness of AI features.

11. Children’s Privacy

The Platform is not directed to individuals under the age of eighteen (18). We do not knowingly collect personal information from children. If we become aware that we have inadvertently collected personal information from a child under 18, we will take steps to delete such information promptly. If you believe a child’s information has been collected through the Platform, please contact us at the address provided in Section 14.

12. International Data Transfers

The Platform is hosted on US-based cloud infrastructure and personal information is primarily stored and processed in the United States. If you are accessing the Platform from outside the United States, please be aware that your personal information will be transferred to, stored in, and processed in the United States, where data protection laws may differ from those in your jurisdiction.

When AICON360 processes personal information of individuals located in the European Economic Area, United Kingdom, or Switzerland, we will implement appropriate data transfer mechanisms as required by applicable law, which may include Standard Contractual Clauses (SCCs) approved by the European Commission, reliance on the EU-US Data Privacy Framework (where applicable), or other legally recognized transfer mechanisms.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or Platform functionality. When we make material changes, we will provide notice through the Platform, by email to Client administrators, or by other appropriate means. The “Last Updated” date at the top of this Privacy Policy indicates when it was most recently revised.

Your continued use of the Platform after the effective date of any updated Privacy Policy constitutes your acceptance of the revised terms. If you do not agree with the changes, you should discontinue use of the Platform and contact your employer regarding your account.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

AICON360 LLC

Attn: Privacy Officer

4225 Rollins Place Rd

Zachary, LA 70791

Email: techadmin@aicon360.ai

Phone: 225-305-0957

15. Supplemental Notices

15.1 California Residents — CCPA/CPRA Notice

This supplemental notice applies to California residents and supplements the information in this Privacy Policy. Under the California Consumer Privacy Act, as amended by the California Privacy Rights Act (“CCPA”), California residents have specific rights regarding their personal information, including the right to know, delete, correct, and opt out of the sale or sharing of personal information. AICON360 does not sell personal information and does not share personal information for cross-context behavioral advertising. For purposes of CCPA, the categories of personal information we collect and the purposes for which they are used are described in Sections 2 and 3 of this Privacy Policy. To exercise your rights, please contact us as described in Section 9.4.

15.2 Illinois Residents — Biometric Information

If you are an Illinois resident and your biometric information is collected through the Platform, the following additional terms apply pursuant to the Illinois Biometric Information Privacy Act (740 ILCS 14):

  • AICON360 derives voiceprints from audio recordings for the purposes described in Section 2.1.
  • Biometric data will be permanently destroyed when the initial purpose has been satisfied or within 3 years of the individual’s last interaction with the Platform, whichever occurs first, unless a valid written consent specifies a longer retention period.
  • AICON360 will not sell, lease, trade, or otherwise profit from biometric information.
  • Biometric data is stored, transmitted, and protected using commercially reasonable security measures, including encryption equivalent to or exceeding industry standards.
  • A written release signed by the individual (or the individual’s legally authorized representative) is required before collection of biometric information.

15.3 Other State-Specific Notices

Residents of Colorado, Connecticut, Virginia, Utah, Texas, Montana, Oregon, Iowa, Tennessee, Indiana, and other states with comprehensive privacy laws may have additional rights as described in Section 9. We comply with all applicable state privacy laws. If you believe your state provides additional rights not addressed in this Privacy Policy, please contact us at the address provided in Section 14.

© 2026 AICON360 LLC. All Rights Reserved.