humanITLoop operates in alignment with the following regulatory frameworks:

• POPIA (Protection of Personal Information Act, South Africa) — We process personal information lawfully, minimally, and with consent where required. South African users have the right to access, correct, and request deletion of their data. See our POPIA Compliance Statement.
• GDPR (General Data Protection Regulation, EU) — For users accessing our platform from the European Union or EEA, we apply GDPR-aligned data protection principles including data minimisation, purpose limitation, and the right to erasure.
• EU AI Act — Our tools are designed with transparency, human oversight, and accountability in mind — consistent with the EU AI Act’s requirements for high-risk and limited-risk AI systems.
• NIST AI Risk Management Framework (USA) — Our AI Strategy Tool and Ethics Module are informed by NIST AI RMF principles: Govern, Map, Measure, Manage.
• ISO/IEC 42001:2023 — We align our internal AI governance practices with ISO 42001 where applicable, including responsible AI use, risk assessment, and continual improvement.
• AU AI Policy (African Union) — humanITLoop supports Africa-wide AI readiness and aligns with the Continental AI Strategy’s emphasis on inclusive, human-centred AI development.

The tools available on humanITLoop — including the AI Ethics Module, People & Change Strategy Tool, and 5-Step AI Strategy Tool — are educational and decision-support tools. They are intended to help individuals and organisations think through AI adoption in a structured way.

• Not professional advice: Outputs generated by our tools do not constitute legal, financial, HR, or technical advice. Always consult a qualified professional before making material decisions based on tool outputs.
• No guarantee of accuracy: AI-generated content and tool recommendations are based on best-available frameworks and training data. They may not reflect the most current regulatory changes or apply precisely to your jurisdiction.
• Human review required: All tool outputs should be reviewed by a human decision-maker before being acted upon. This is consistent with our core Human-in-the-Loop (HITL) philosophy.
• Contextual limitations: Our tools do not have access to your internal systems, data, or organisational context unless you explicitly provide it within the tool interface.

What we collect: We collect basic account information (name, email, organisation) when you register, and usage data (tool progress, session activity) to provide dashboard functionality and improve the platform.

How it is used:

• To authenticate your account and manage your membership
• To save your progress within tools
• To communicate service updates and relevant resources (you may opt out at any time)
• To analyse aggregate usage and improve the platform

What we do NOT do:

• We do not sell your personal data to third parties
• We do not use your individual tool inputs to train AI models without your explicit consent
• We do not use automated decision-making that produces legal or similarly significant effects without human review

Third-party tools: Our platform may use third-party services (e.g., payment processing, email delivery). Each provider is selected for data protection compliance. See our Privacy Policy for details.

Data retention: Account data is retained for as long as your account is active, plus a reasonable period thereafter for legal and operational purposes. You may request deletion at any time by contacting us.

humanITLoop uses cookies to provide core platform functionality and to understand how users interact with our tools and content.

Types of cookies we use:

• Strictly necessary cookies: Required for login sessions, membership verification, and saving tool progress. These cannot be disabled without breaking core functionality.
• Functional cookies: Remember your preferences and tool state across sessions.
• Analytics cookies: Help us understand page visits and tool usage in aggregate (no personally identifiable information). We use privacy-respecting analytics where possible.

No advertising cookies: We do not use advertising or tracking cookies for retargeting or third-party advertising purposes.

By continuing to use humanITLoop after this notice, you consent to our use of strictly necessary and functional cookies. You may manage analytics cookies through your browser settings.

Depending on your jurisdiction, you may have the following rights regarding your personal information:

• Right to access — Request a copy of the personal data we hold about you
• Right to correction — Ask us to correct inaccurate or incomplete data
• Right to deletion — Request that we delete your personal data (subject to legal retention requirements)
• Right to object — Object to processing of your data for certain purposes, including marketing
• Right to data portability — Receive your data in a structured, machine-readable format (where applicable)
• Right to lodge a complaint — If you are in South Africa, you may lodge a complaint with the Information Regulator (www.justice.gov.za/inforeg). EU users may contact their local Data Protection Authority.

To exercise any of these rights, contact us at hello@humanitloop.com with the subject line “Data Rights Request”.

We take compliance concerns seriously. If you believe humanITLoop has handled your data improperly, or if you have observed content or tool behaviour that raises ethical or legal concerns, please contact us directly:

• General compliance & data concerns: hello@humanitloop.com
• Subject line: “Compliance Concern” or “Data Protection Request”
• Response time: We aim to acknowledge all compliance queries within 5 business days

For South African users: You may also report concerns directly to the Information Regulator of South Africa if you believe your POPIA rights have been violated.