RESEARCH PROTOCOLS, PRIVACY & ETHICS

Effective Date: 19 February 2026 (version 3.0)

Jurisdiction: Italy / European Union

1. RESEARCH METHODOLOGY & AI USAGE DECLARATION

The "Human-Architect" Protocol The AI Praxis produces original economic theory. To ensure intellectual integrity in the age of generative agents, we adhere to a strict "Human-Architect / Machine-Analyst" methodology:

  • Human Origin: Paul F. Accornero is the sole intellectual architect of all frameworks, taxonomies (e.g., The Shopper Schism), and strategic insights. No core theoretical contribution is generated by AI.

  • Machine Assistance: We utilize Large Language Models (LLMs) strictly as "Exoskeletons for Thought"—specifically for semantic search, data synthesis, code generation (schema), and prose refinement.

  • Verification: All AI-assisted output is subject to rigorous human verification against primary sources. We do not publish "hallucinations."

The "Public Scholarship" Distinction The articles and white papers on this domain constitute "Public Scholarship"—translating complex phenomena for executive application.

  • Relation to Academic Work: This content runs parallel to, but is distinct from, the Principal’s formal doctoral research (PhD by Publication). While the core themes (Agentic Commerce) overlap, the academic working papers (available on SSRN) adhere to strict peer-review standards, distinct methodologies, and academic formatting.

2. PRIVACY POLICY (GDPR COMPLIANT)

2.1 The Data Controller (Titolare del Trattamento) In compliance with the General Data Protection Regulation (EU) 2016/679 ("GDPR"), the Data Controller for this Site is: Paul Ferrando Accornero (d/b/a The AI Praxis) P.IVA: 05595640268.Tax Residence: Italy Contact: paul.accornero@aipraxis.ai

Sede Legale: Riviera S. Margherita 24, 31100 Treviso (TV), Italy. The Data Controller has not appointed a Data Protection Officer (DPO) as the processing activities do not meet the thresholds requiring mandatory DPO appointment under Art. 37 GDPR. All data protection enquiries should be directed to the Data Controller at the above contact details.

2.2 Data Minimization Principle Consistent with our strategic philosophy, we practice radical data minimization. We do not use "pixel tracking" for advertising retargeting. We only collect:

  • Technical Data: Essential cookies required for site security and load balancing (Legitimate Interest).

  • Voluntary Data: Name, Role, and Email Address when you explicitly subscribe to the Intelligence Briefing or download a Framework (Consent).

2.2a Personal data collected through this website is processed for the following purposes:

(a) Website functionality and security — processing of technical data necessary for the operation, security, and performance of this website (Legal basis: Legitimate Interest, Art. 6(1)(f) GDPR).

(b) Newsletter and content delivery — processing of name, role, and email address for delivery of the Intelligence Briefing newsletter and downloadable content (Legal basis: Consent, Art. 6(1)(a) GDPR).

(c) Contact and enquiry management — processing of data submitted via contact forms or email for the purpose of responding to enquiries (Legal basis: Legitimate Interest, Art. 6(1)(f) GDPR, or pre-contractual measures, Art. 6(1)(b) GDPR).

(d) Academic research — processing of interview, survey, or roundtable data as described in Section 3 (Legal basis: Consent, Art. 6(1)(a) GDPR).

(e) Licensing and commercial enquiries — processing of data submitted in connection with IP licensing requests (Legal basis: pre-contractual measures, Art. 6(1)(b) GDPR).

(f) Diagnostic tool operation — processing of URLs, domain names, and publicly available digital data submitted by users of the Principal's diagnostic tools for the purpose of generating algorithmic readiness assessments (Legal basis: Contract performance, Art. 6(1)(b) GDPR for paid services; Consent, Art. 6(1)(a) GDPR for free diagnostic tools). Anonymised and aggregated data derived from tool usage may be retained and processed for the Principal's academic research programme (Legal basis: Legitimate Interest, Art. 6(1)(f) GDPR).

2.3 Data Sovereignty & International Transfers. Personal data is processed primarily within the European Economic Area (EEA). Where data is transferred outside the EEA by our third-party service providers, such transfers are made subject to appropriate safeguards under Chapter V of the GDPR:

  • Squarespace Inc. (website hosting) — United States — EU-US Data Privacy Framework.

  • Newsletter service provider — subject to Standard Contractual Clauses (SCCs) as adopted by the European Commission.

The Data Controller will not transfer personal data to any country or organisation outside the EEA without ensuring an adequate level of protection in accordance with GDPR requirements.

2.4 Data Retention. Personal data is retained only for as long as necessary for the purposes for which it was collected:

  • Newsletter subscription data — retained for the duration of your subscription plus 12 months after unsubscription.

  • Contact form enquiries — retained for 24 months from last communication.

  • Research participation data — retained for the duration of the doctoral candidacy plus 5 years following publication to ensure the integrity of the peer-review process.

  • Licensing and commercial enquiry data — retained for the duration of the business relationship plus the applicable Italian statutory limitation period (10 years for contractual matters under Art. 2946 Codice Civile).

  • Website analytics data — retained in anonymised form for 26 months.

  • Diagnostic tool input data (URLs, domain names) — retained in anonymised form for the duration of the research programme plus 5 years. Raw input data associated with identifiable users is deleted within 90 days of the assessment unless the user has consented to participation in a longitudinal research study.

Upon expiry of the applicable retention period, personal data will be permanently deleted or anonymised.

2.5 Your Rights Under GDPR. Under the General Data Protection Regulation and Italian data protection law (D.Lgs. 196/2003 as amended by D.Lgs. 101/2018), you have the following rights:

  • Access (Art. 15) — Request a copy of your personal data held by the Data Controller.

  • Rectification (Art. 16) — Request correction of inaccurate or incomplete personal data.

  • Erasure (Art. 17) — Request the deletion of your personal data ("Right to be Forgotten"), subject to applicable legal retention requirements.

  • Restriction (Art. 18) — Request restriction of processing in certain circumstances.

  • Portability (Art. 20) — Receive your personal data in a structured, commonly-used, machine-readable format and transmit it to another controller.

  • Objection (Art. 21) — Object to processing based on Legitimate Interest at any time, on grounds relating to your particular situation.

  • The Data Controller will cease processing unless there are compelling legitimate grounds that override your interests, rights, and freedoms.

  • Withdrawal of Consent (Art. 7(3)) — Where processing is based on consent, you may withdraw consent at any time without affecting the lawfulness of processing prior to withdrawal.

To exercise any of these rights, contact: paul.accornero@aipraxis.ai. The Data Controller will respond within 30 days. Right to Lodge a Complaint: If you believe your data protection rights have been violated, you have the right to lodge a complaint with the Italian Data Protection Authority: Garante per la Protezione dei Dati Personali, Piazza Venezia 11, 00187 Roma, Italy. Website: www.garanteprivacy.it. Email: protocollo@gpdp.it.

2.6 Cookie Policy. This website uses the following categories of cookies:

(a) Strictly Necessary Cookies — Required for the operation of the website, including session management, security, and load balancing. These cookies do not require consent under Art. 5(3) of the ePrivacy Directive.

(b) Analytics Cookies — Squarespace, the hosting platform, may deploy analytics cookies to collect anonymised usage data. These cookies are activated only with your consent via the cookie banner displayed on your first visit.

(c) Third-Party Cookies — Where embedded content (e.g., LinkedIn, YouTube, or Substack widgets) is displayed on this website, the respective third parties may set their own cookies, subject to their own privacy policies.

You may manage cookie preferences at any time via the cookie consent banner or by adjusting your browser settings. For more information on Squarespace cookies, see: https://www.squarespace.com/cookie-policy.

3. RESEARCH PARTICIPATION NOTICE

3.1 Context of Engagement If you participate in interviews, surveys, or roundtables conducted by The AI Praxis, you are contributing to a dual body of knowledge:

  1. Strategic Industry Frameworks: Practical guides for C-Suite leaders (Books/White Papers/Academic Journals).

  2. Formal Academic Contribution: Peer-reviewed journals supporting the Principal’s Doctoral candidacy.

3.2 Informed Consent & Anonymity Participation is strictly voluntary.

  • Chatham House Rule: Unless explicitly agreed otherwise in writing, all qualitative interviews are treated as "Background/Deep Background."

  • Anonymization: Direct quotes used in academic papers or the book The Algorithmic Shopper will be anonymized (e.g., "Chief Strategy Officer, Global Retailer") to protect your commercial confidentiality.

  • Withdrawal: You may withdraw your data from the study at any point prior to publication.

3.3 Legal Basis: The legal basis for processing research data is Informed Consent (Art. 6(1)(a) GDPR) for participation and Legitimate Interest (Art. 6(1)(f) GDPR) for the advancement of academic scholarship.

3A. DIAGNOSTIC TOOL DATA & RESEARCH USE

3A.1 Context. In addition to the qualitative research activities described in Section 3, the Principal operates proprietary diagnostic tools (including the Algorithmic Readiness™ Audit and related instruments) that generate quantitative and analytical data about the digital presence of businesses. These tools analyse exclusively publicly available, machine-readable information.

3A.2 Data Collected. The diagnostic tools process the following categories of data:

  • URLs and domain names submitted by the user;

  • Publicly available website content, structured data markup (Schema.org, JSON-LD), and page metadata accessible via the submitted URL;

  • Publicly available information from third-party sources (e.g., public company registries, public review platforms, publicly available traffic estimates);

  • The diagnostic scores, assessments, and analytical outputs generated by the tools.

The tools do NOT collect or process: passwords, login credentials, internal business data, financial information, customer databases, employment data, or any information that is not publicly accessible via the open internet.

3A.3 Research Use of Diagnostic Data. By using the diagnostic tools, the user consents to the following:

(a) All data, scores, findings, and analytical outputs generated by the diagnostic tools may be retained by the Principal and used — in anonymised and/or aggregated form — for academic research, publications, presentations, teaching materials, sector benchmarking, and related scholarly activities.

(b) The Principal may publish anonymised case studies, sector-level findings, aggregated benchmarks, and statistical analyses derived from diagnostic tool data in academic journals, books, SSRN working papers, conference presentations, university lectures, newsletters, blog posts, and other formats.

(c) No individual company will be identified by name in any publication without the express written consent of that company's authorised representative.

(d) The user may request deletion of their diagnostic data by contacting the Principal at paul.accornero@aipraxis.ai. Deletion requests will be honoured within 30 days, except where the data has already been incorporated into published research in anonymised form (in which case the anonymised data will be retained as part of the published record).

3A.4 Legal Basis. The legal basis for processing diagnostic tool data is:

  • For paid diagnostic services: Contract performance (Art. 6(1)(b) GDPR);

  • For free diagnostic tools: Consent (Art. 6(1)(a) GDPR), obtained via the consent mechanism at the point of use;

  • For anonymised research use of diagnostic data: Legitimate Interest (Art. 6(1)(f) GDPR) in advancing academic scholarship, balanced against the minimal privacy impact given that only publicly available data is analysed and all outputs are anonymised prior to publication.

3A.5 Data Retention. Diagnostic tool data is retained as follows:

  • Raw input data (URLs, domain names) associated with identifiable users: deleted within 90 days of the assessment, unless the user has consented to participation in a longitudinal research study;

  • Anonymised diagnostic scores and analytical outputs: retained for the duration of the Principal's research programme plus 5 years following final publication;

  • Aggregated sector benchmarks derived from multiple assessments: retained indefinitely in anonymised form.

4. CONTACT & GOVERNANCE

For all inquiries regarding Privacy, IP Rights, or Research Ethics:

The Office of the Principal The AI Praxis Email: research@aipraxis.ai

PEC: paul.accornero@pec.it

Correspondence: Riviera S. Margherita 24, 31100 Treviso (TV), Italy.

By proceeding with your participation, you acknowledge that you have read and understood the information above and voluntarily agree to take part in the research.