AI Governance & Compliance
IAMRI is built with safety, transparency, and legal compliance at every layer. These documents outline how we operate within U.S. federal and state AI regulations.
Compliance Checklist
Federal AI Requirements
Executive Order 14110 (Oct 2023) โ Safe, Secure, and Trustworthy AI
All AI is local (Ollama). No cloud model dependencies. Transparent reasoning via DEB system.
NIST AI Risk Management Framework (AI RMF 1.0)
Risk assessment documented below. Continuous monitoring via prompt shield and intrusion logging.
FTC Act Section 5 โ Unfair/Deceptive Practices
No hidden AI. Every DEB interaction is clearly labeled. Users know they are speaking with AI.
AI Disclosure โ Users must know when they're interacting with AI
All DEB interactions explicitly branded. Galaxy Quest, Chat, Ask-a-DEB all use clear AI framing.
Children's Online Privacy Protection Act (COPPA)
Age verification gate planned before launch. No data collected from users under 13.
Section 230 โ Content moderation safe harbor
Moderation policy active. Prompt shield blocks harmful content. See Moderation Policy tab.
State AI Laws (Priority States)
Colorado AI Act (SB 24-205) โ High-risk AI disclosures
IAMRI does not make consequential decisions (employment, lending, insurance). Low-risk entertainment/education.
Illinois AI Video Interview Act
IAMRI does not conduct employment interviews.
California CCPA/CPRA โ Consumer privacy rights
All user data stored locally (localStorage). No server-side PII collection. Users can delete any time.
Texas Data Privacy Act (HB 4)
Transparent data practices. No sale of personal data. User consent for all interactions.
Virginia CDPA โ Consumer data protection
Privacy-first architecture. No third-party data sharing.
New York City Local Law 144 โ Automated employment decisions
IAMRI does not make employment decisions.
Financial Regulations (Marketplace & Tokens)
Money Services Business (MSB) licensing โ FinCEN
IAMRI tokens are non-transferable store credits, not digital currency. No MSB license required.
State money transmitter licenses
Tokens have no cash-out value, cannot be sent to others. Same model as Apple Store credits, gift cards.
SEC โ Howey Test for securities
Tokens are utility-only store credit. No expectation of profit. Not pooled. Not an investment.
PCI-DSS โ Payment card security
PayPal handles all card processing. IAMRI never touches card numbers.
FTC โ Truth in advertising for marketplace
All marketplace listings require accurate descriptions. Clear pricing. 85/15 split disclosed.
Data Protection & Privacy
Privacy policy published and accessible
Published at /privacy-policy and linked from nav/footer.
Terms of Service published
Draft in progress. Required before public launch.
Data retention policy documented
All data in localStorage on user devices. Users control retention via browser.
Incident response plan
Intrusion detection active (prompt shield). Formal IR plan before launch.
No biometric data collection
IAMRI collects no biometric data of any kind.
Last reviewed: March 2026 ยท Contact: [email protected]