[ Legal ]

Privacy Policy

Last updated: April 29, 2026

1. Introduction

Headways (“we,” “us,” or “our”) is operated by Headways, Inc. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website (headways.ai), use our AI Readiness Diagnostic, or engage with our platform and services.

By accessing or using our services, you agree to this Privacy Policy. If you do not agree, please do not use our services.

2. Information We Collect

2.1 Information You Provide

  • Contact information: Name, email address, company name, and job title when you request a diagnostic report or pilot engagement.
  • Diagnostic responses: Answers you provide during the AI Readiness Diagnostic questionnaire. These are used to generate your personalized report and are not stored after your session ends.
  • Pilot engagement data: Information shared during diagnostic pilot engagements, including organizational AI usage patterns, workflow data, and assessment results.

2.2 Information Collected Automatically

  • Usage data: Pages visited, time spent, click patterns, and referral sources via Google Analytics.
  • Device information: Browser type, operating system, screen resolution, and IP address.
  • Cookies: We use essential cookies for site functionality and analytics cookies for understanding usage patterns. See Section 7 for details.

2.3 Enterprise Platform Data

For organizations using the Headways platform, we process additional data as described in your enterprise agreement:

  • Permissioned tool integrations: AI tool usage data collected through opt-in, transparent, white-listed proxies and OpenTelemetry hooks. Every integration is approved by your organization and visible to employees.
  • User interview data: Responses from voluntary employee interviews conducted as part of AI readiness assessments.
  • Workflow data: Champion-authored workflows, adoption metrics, and judgment scoring data.

Headways is not surveillance. Every data collection method is permissioned, transparent, and scoped. We publish exactly what each integration collects. Employees can see what is being measured and why.

3. How We Use Your Information

We use collected information to:

  • Generate your AI Readiness Diagnostic report and recommendations
  • Communicate with you about pilot engagements and services
  • Provide and improve the Headways platform for enterprise clients
  • Produce anonymized, aggregated benchmarks (never individual-level data)
  • Analyze website usage to improve our content and user experience
  • Comply with legal obligations

4. How We Share Your Information

We do not sell your personal information. We may share information with:

  • Service providers: Cloud hosting (Vercel), analytics (Google Analytics), AI processing (Anthropic), and email services that help us operate our platform.
  • Your organization: For enterprise clients, aggregated team-level insights are shared with authorized administrators as defined in your enterprise agreement. Individual employee data is never shared without consent.
  • Legal requirements: When required by law, regulation, or legal process.

5. Data Security

We implement industry-standard security measures including encryption in transit (TLS 1.3), encryption at rest, access controls, and regular security audits. Enterprise platform data is isolated per organization with row-level security policies.

No method of transmission or storage is 100% secure. If you become aware of a security vulnerability, please contact us at security@headways.ai.

6. Data Retention

  • Diagnostic responses: Not stored beyond your browser session (client-side only).
  • Contact information: Retained for the duration of our business relationship plus 2 years.
  • Enterprise platform data: Retained per your enterprise agreement, typically for the contract term plus 90 days. You may request deletion at any time.
  • Analytics data: Aggregated and anonymized; retained for up to 26 months.

7. Cookies

We use the following types of cookies:

  • Essential cookies: Required for site functionality (theme preferences, session management).
  • Analytics cookies: Google Analytics (GA4) to understand how visitors use our site. You can opt out via your browser settings or Google's opt-out tool.

We do not use advertising or tracking cookies.

8. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access, correct, or delete your personal information
  • Object to or restrict certain processing
  • Data portability
  • Withdraw consent at any time
  • Lodge a complaint with a supervisory authority

To exercise these rights, contact us at privacy@headways.ai. We will respond within 30 days.

9. International Data Transfers

Your information may be transferred to and processed in the United States. We use standard contractual clauses and other appropriate safeguards for international transfers where required.

10. Children's Privacy

Our services are designed for business use and are not directed to individuals under 18. We do not knowingly collect personal information from children.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by updating the “Last updated” date and, for enterprise clients, via email to your designated contact.

12. Contact Us

For questions about this Privacy Policy or our data practices:

  • Email: privacy@headways.ai
  • Headways, Inc.