Data Protection & Security

PJI Commercial collects and uses data to provide practical AI adoption tools, scorecards, dashboards, paid assessment reports and advisory services.

We aim to:

• collect only the data needed to provide the service
• explain clearly how data is used
• protect account and business information
• use trusted technology providers
• restrict access to sensitive information
• keep data only for as long as needed
• respect user rights

The data we protect may include:

• account details
• business profile information
• AI Scorecard answers and results
• assessment input snapshots
• report drafts and final reports
• payment metadata
• website usage data
• communication history
• support enquiries

Some of this information may be commercially sensitive. Users should avoid submitting unnecessary confidential, sensitive or third-party information.

PJI Commercial may use trusted third-party providers to operate the service, including:

• Vercel for hosting and deployment
• Supabase for authentication, database and storage
• Stripe for payments
• OpenAI or similar AI model providers for report generation
• email and analytics providers where used

These providers may process data on our behalf where needed to deliver the service.

Payments are handled by Stripe. PJI Commercial does not store full card details.

We may store payment metadata such as order status, amount paid, currency, checkout session ID, payment intent ID and purchase date.

Paid assessment reports may be generated or supported using AI tools.

Before report generation, the system may create a structured report input snapshot. This may include profile data, AI Scorecard data, website research, market research, competitor notes, source links and missing-data warnings.

This snapshot helps ensure that reports are based on a consistent set of information and can be reviewed or regenerated where needed.

We aim to restrict data access so that:

• users can only view their own account, scorecard and assessment information
• admin access is limited
• payment access is controlled through Stripe
• API keys are handled server-side
• report access is available only to the user who purchased the report

Security measures may include:

• authenticated user accounts
• protected dashboard routes
• row-level security where available
• secure database storage
• encrypted connections
• server-side API handling
• webhook verification for payments
• restricted admin access
• monitoring and error handling

Users should:

• keep login details secure
• use a strong password where applicable
• avoid sharing account access
• ensure submitted business information is accurate
• avoid submitting unnecessary personal, sensitive or confidential data
• contact us quickly if they believe account access has been compromised

Users may request access to, correction of or deletion of personal information by contacting:

hello@pjicommercial.com

Some information may need to be retained for legal, accounting, dispute handling or security reasons.

If we become aware of a data incident that affects personal information, we will take reasonable steps to investigate, contain and respond to it. Where required, we will notify affected users or the relevant regulator.

For questions about data protection and security, contact: