Privacy Policy

Revised: November 3, 2025

At the American Arbitration Association® (“AAA®,” “Company,” “we,” “us,” or “our”), we respect your privacy. This Privacy Policy explains how we collect, use, share and protect your Personal Information (defined below) when you use our website or any other AAA-owned, branded, or controlled website or application that links to this Policy (collectively, the “Portal”), and any services or additional functionality accessed via the Portal, including without limitation, AAA WebFile® (“WebFile”) and the AAA Digital Dispute Resolution Center (“DDRC”) (together “Online Services”).  This Privacy Policy also explains your choices for managing your information preferences, including opting out of certain uses of your Personal Information. This Privacy Policy applies to all users of the Portal and Online Services.

BY USING THE PORTAL OR ONLINE SERVICES, YOU ARE CONSENTING TO THIS PRIVACY POLICY. PLEASE READ IT CAREFULLY.

PERSONAL INFORMATION: WHAT WE COLLECT AND HOW WE USE IT 

CATEGORIES OF PERSONAL INFORMATION COLLECTED
Depending on your interactions with the Portal and Online Services, we may collect the following categories of “Personal Information”:

• Identity and contact information: name, title, organization, address, telephone number, and email;
• Other identifying information: IP address, AAA ID number, passwords and other security and account credentials for authentication and access;
• Professional details: role, practice area, affiliations;
• Other message content or submissions: identifying information or data you provide in chatbots, group forums, case submissions or other free text entries;
• Financial Information: credit card, debit card, bank account information and transaction information;
• Geolocation data;
• Commercial information: products and services purchased or viewed on the Portal;
• Internet and other electronic activity: your browsing and click history, including information about how you use and navigate within our Portal and Online Services, device and usage data such as IP address, browser type/version, operating system, language preferences, pages viewed, timestamps, referrer URL; and
• Consents, inferences and preferences derived from the categories above.

HOW WE USE PERSONAL INFORMATION

General Purposes: The AAA collects, maintains, and processes the Personal Information that you provide directly to us, as well as other information we collect passively through the Portal and Online Services, to provide you with the Portal and Online Services and for the additional purposes described more fully below.

Transactional Purposes: We may use your contact information, other identifying information, financial information, and commercial information to:

• Receive, process, confirm, and track your case or registration;
• Verify your eligibility for participation in a particular Online Service;
• Administer an arbitration, mediation, election, or other services; and
• Communicate with you about your election, case or registration.

Analytical Purposes: We may use your other identifying information, internet activity and browsing history, commercial information, and geolocation data to analyze preferences, trends, and statistics.

Marketing and Promotional Purposes: We may use your contact information, commercial information, internet or other electronic activity, geolocation data, and inferences to:

• Inform you of our new products, services and offers;
• Provide you with targeted advertising;
• Run contests, promotions, and sweepstakes; and
• Provide you with other information from and about AAA or our partners, including personalized marketing communications.

Maintenance and Improvement of the Portal and Online Services: We use your contact information, other identifying information, commercial information, and internet activity and browsing history to:

• Provide you with the Portal and Online Services, including to send you alerts about your account;
• Handle your customer services requests; and
• Help us diagnose technical and service problems and administer and improve the Portal and Online Services.

Security and Fraud Prevention: We use your contact information, other identifying information, commercial information, financial information, geolocation data, internet activity and browsing history, and inferences to protect the Portal and Online Services, AAA, and others and to prevent fraud, theft, and misconduct.

De-Identified and Aggregated Data:  We may de-identify or aggregate Personal Information and other data we collect so that it cannot reasonably be used to identify an individual. We may use or share such de-identified or aggregated information for any lawful business purpose, including, without limitation, to develop, improve, and train artificial intelligence models, tools, or features.

THIRD PARTIES WE MAY SHARE PERSONAL INFORMATION WITH

Service Providers
From time to time, we may establish a business relationship with other businesses whom we believe trustworthy and who have confirmed that their privacy practices are consistent with ours (“Service Providers”). For example, we may contract with Service Providers to provide certain services, such as hosting and maintenance, data storage and management, multifactor authentication, dispute resolution or education related services, and marketing and promotions. We only provide our Service Providers with the information necessary for them to perform or offer these services on our behalf. Each Service Provider must agree to use reasonable security procedures and practices, appropriate to the nature of the information involved, in order to protect your Personal Information from unauthorized access, use, or disclosure. Service Providers are prohibited from using Personal Information other than as specified by us.

Our Affiliates
We may share Personal Information with businesses controlling, controlled by, or under common control with our Company.

Corporate Transactions
If our Company is merged, acquired, or sold, or in the event of a transfer of some or all of our assets, we may disclose or transfer Personal Information in connection with such transaction. The AAA may also transfer such information to its subsidiaries and affiliates that are involved in the operation of the Portal and its Online Services. You will have the opportunity to opt out of any such transfer if, in our discretion, it will result in the handling of your Personal Information in a way that differs materially from this Privacy Policy.

Third Parties
We may share Personal Information with a third party if you specifically authorize it, or it is required in order to complete a transaction, service, or activity that you initiated or requested. For example:

• When you choose to engage with a third-party platform available through the Portal. For example, certain chatbots available in the Portal are operated by third parties.  Note: In such case, the collection and processing of your Personal Information will be subject to the privacy policy of such third party, and the AAA has no liability or responsibility for the privacy practices or actions of such third party.
• We may also, as needed for the administration of an arbitration, mediation, election, or other service, disclose certain Personal Information to AAA staff, designated neutrals, and the other parties to the arbitration or mediation.
• At your option, we may also make certain Personal Information available to other users of the Portal through online directories, search features, and/or group forums.

Advertising Partners for Cross Contextual Behavioral Advertising
We may share information with third parties in order to provide cross-contextual behavioral advertising. This may include the following categories of Personal Information: other identifying information, geolocation information, commercial information and internet and other electronic activity.

Compliance with Laws and Law Enforcement
We cooperate with government and law enforcement officials and private parties to enforce and comply with the law. We may disclose Personal Information and any other information about you to government or law enforcement officials or private parties if, in our discretion, we believe it is necessary or appropriate in order to respond to legal requests (including court orders and subpoenas), to protect the safety, property, or rights of our company or of any third party, to prevent or stop any illegal, unethical, or legally actionable activity, or to comply with the law.

COOKIES 
We use cookies (a small text file placed on your computer to identify your computer and web browser) and may use anonymous identifiers (a random string of characters that is used for the same purposes as a cookie). We use cookies and other similar technologies to analyze use of and improve the Portal and Online Services and as described in the “Advertising and Online Tracking” section of this Privacy Policy. Most web browsers are initially set up to accept cookies. You can manage which cookies we collect or opt out of certain cookies by adjusting your preferences in the cookie management tool, which can be found by clicking the cookie icon or the link entitled, “Cookies Preferences” on the Portal. You can also reset your web browser to refuse all cookies or to indicate when a cookie is being sent. Note that certain features of the Portal or Online Services may not work if you delete or disable cookies. Some of our Service Providers may use their own cookies, anonymous identifiers, or other tracking technology in connection with the services they perform on our behalf.

We use third-party data analytics tools to analyze how users use the Portal and Online Services. For example, we use Google Analytics on the Portal and Online Services to analyze how users use the Portal and Online Services. For more information about how to opt out of having your information used by Google Analytics, visit https://tools.google.com/dlpage/gaoptout/.  

Options you make are device-specific.

Session Replay Technology
We may use session replay technology on our Portal. Session replay technology, also referred to as session playback or user experience (UX) replay, collects information regarding, records, and tracks your interactions with a website or application. It then transforms those logged user events (such as mouse movements, clicks, page visits, scrolling, tapping, etc.) into a reproduction of what you actually did on the website or application. We may use session replays for quality control, customer service, fraud prevention and security, and marketing purposes. The information collected by this technology may be collected by, transferred to, and stored by a third-party service provider.

Chatbot Technology
We use AI-based chatbots on our Portal. A chatbot is a software application that mimics human conversations in text or voice interactions. The chatbots on the Portal are designed to work without the assistance of a human operator. They respond to questions posed to them in natural language using a combination of pre-programmed scripts and machine learning algorithms. When asked a question, the chatbot will answer using the knowledge database that is currently available to it. If you use one of our chatbots, we will collect any Personal Information you provide to us. However, unless otherwise disclosed for a particular chatbot, the chatbots available on the Portal are not intended to collect Personal Information and we strongly recommend that you DO NOT PROVIDE ANY PERSONAL INFORMATION TO A CHATBOT. We may also create and store a transcript of your chat interaction with us which may be shared with and stored by our third-party service provider. We use these transcripts and the information you provide for quality control, customer service, fraud prevention and security. As noted above, some of our chatbots are operated by third parties, in which case any information you provide will also be subject to the privacy policy of such third party.

SMS Two-Factor Authentication
When you enable SMS-based two-factor authentication (2FA), we may collect and store your mobile phone number. We use your phone number solely to send you one-time security verification codes to authenticate your identity when accessing your account. We do not use your phone number for marketing purposes. By enabling SMS 2FA, you consent to receive automated text messages containing security codes from AAA or our service providers. Message frequency varies based on your account activity. Standard message and data rates from your mobile carrier may apply.
We use Auth0/Okta and Twilio as our telecommunications service providers to deliver SMS messages. Your phone number may be shared with these providers solely for the purpose of delivering authentication codes. We retain your phone number for 2FA purposes for as long as SMS 2FA is enabled on your account. You may remove your phone number at any time by disabling SMS 2FA in your account settings. You may opt out of SMS 2FA at any time by: Disabling SMS authentication in your account security settings or by replying STOP to any authentication SMS message. Note: Opting out of SMS 2FA may require you to configure an alternative authentication method to maintain account security. SMS delivery and costs may vary by country. International message and data rates may apply.

Advertising and Online Tracking
We may place advertisements and allow third-party companies to serve ads and collect certain information when you visit the Portal and Online Services. These companies may use certain information (e.g., click stream information, web browser type, time and date, subject of advertisements clicked or scrolled over) during your visits to the Portal and other websites in order to provide advertisements about goods and services likely to be of interest to you. These companies typically use a cookie to collect this information. Our systems may not recognize browser “Do Not Track” signals, but several of our Service Providers who utilize these cookies on our Portal enable you to opt out of targeted advertising practices. To learn more about these advertising practices or to opt out of this type of advertising, you can visit www.networkadvertising.org or www.aboutads.info/choices/.  We also provide you with additional tools to opt out of marketing from us. You can learn about this in the “Managing Your Information Preferences” section of this Privacy Policy.

Options you make are device-specific.

MANAGING YOUR INFORMATION PREFERENCES
You can review, correct, update, or change your Personal Information or opt out of receiving certain e-mails by changing the relevant settings in your account or by e-mailing us at websitemail@adr.org. You can also opt out of receiving marketing e-mails by following the link provided at the bottom of all marketing e-mails you receive from us. While you are able to opt out of receiving marketing e-mails from us, you cannot opt out of receiving all communications from us, such as communications about the status of your case or account. If you have questions or concerns regarding this Privacy Policy, please e-mail us at that same address.

You can also review or update your Registration Information for Online Services in the following ways: 

• If you are registered as a WebFile user, you may review and update your Registration Information by logging into WebFile with your unique credentials and clicking on Profile Update.  
• If you are registered as a DDRC user, you may review and update your Registration Information by logging into the DDRC with your unique credentials and clicking on Account Settings.
• If you are registered as a Panelist, you may review and update your Registration Information by logging into Panelist eCenter® with your unique credentials and clicking on “My Profile.”
• For all other Online Services, you can update or change your Registration Information by emailing the AAA Data Controller at websitemail@adr.org.

BE CAREFUL WHEN YOU SHARE INFORMATION WITH OTHERS
Please be aware that whenever you share information on any public area of the Portal or Online Services (e.g., group forums or directories), that information may be accessed by others. In addition, please remember that whenever you share information in any other communications with third parties, that information may be passed along or made public by others. This means that anyone with access to such information can potentially use it for any purpose, including sending unsolicited communications.

SECURITY
We maintain physical, electronic, and procedural safeguards to protect the confidentiality and security of information transmitted to us. However, no data transmission over the Internet or other network can be guaranteed to be 100% secure. As a result, while we strive to protect information transmitted on or through the Portal or Online Services, we cannot and do not guarantee the security of any information you transmit on or through the Portal or Online Services, and you do so at your own risk.

LINKED SITES AND THIRD-PARTY SITES
The Portal and Online Services may contain links to other websites or allow others to send you such links. A link to a third party’s website does not mean that we endorse it or that we are affiliated with it. We do not exercise control over third-party websites and are not responsible for their practices. You access such third-party websites or content at your own risk. You should always read the privacy policy of a third-party website before providing any information to the website.

Additionally, the Portal or Online Services may contain or link (via API or otherwise) content provided by third party sites, platforms or providers (collectively, “Third Party Platforms”). For example, certain chatbots provided on the Portal are provided by third parties. When you interact with such Third Party Platform(s), including by interacting with third party content made available on the Portal or through the Online Services, the associated collection and processing of your Personal Information will be subject to the privacy policy of such Third Party Platform(s). You should review the privacy policies of these Third Party Platforms before interacting with them.

CHILDREN’S PRIVACY
The Portal and Online Services are intended for users who are 16 years old or older. The Portal should not be used by children under age 16, and we do not knowingly collect Personal Information from children under 16. If we learn that a child under the age of 16 has provided Personal Information to us, we will use reasonable efforts to promptly remove such information. California users under the age of 18 may request the removal of their content or information publicly posted on the Portal or Online Services by e-mailing us at websitemail@adr.org. 

PROCESSING IN THE UNITED STATES AND DATA TRANSFERS
Please be aware that your Personal Information and communications may be transferred to and maintained on servers or databases located outside your state, province, or country. Please be advised that we store all information in the United States. Although we will make all reasonable efforts to ensure your Personal Information is protected in accordance with our obligations, the laws in the United States may not be as protective of your privacy as those in your location. Personal Information processed and stored in another country may be subject to disclosure or access requests by the governments, courts or law enforcement or regulatory agencies in that country according to its laws. By using the Portal or Online Services, you are agreeing to the collection, use, transfer, and disclosure of your Personal Information and communications will be governed by the applicable laws in the United States. If you have any questions regarding international data transfers, you may contact us using the contact information we provide below.

CALIFORNIA SHINE THE LIGHT 
The California Shine the Light law (Cal. Civ. Code § 1798.83) permits residents of California to request certain details about how their information is shared with third parties for the third parties’ direct marketing purposes. If you are a California resident and would like to make such a request, please contact us at websitemail@adr.org and include “California Shine The Light” in the subject line of your email.

NOTICE TO NEVADA RESIDENTS/YOUR NEVADA PRIVACY RIGHTS
If you are a Nevada resident, please note that we do not sell for monetary consideration the Personal Information of Nevada consumers for the purpose of resale to other entities.

NOTICE TO RESIDENTS OF THE EUROPEAN ECONOMIC AREA, THE UNITED KINGDOM AND SWITZERLAND
We use the Personal Information we collect about you to pursue the purposes described above in this Privacy Policy. We rely on our legitimate interests as a business to provide, market, test, develop, and improve the Portal and Online Services you request, as well as to protect the Portal and Online Services from security threats, fraud, and abuse. We never rely on our legitimate interests when such reliance is overridden by the rights and freedoms of a data subject. Much of processing is necessary for the performance of a contract with our clients to provide the Portal and Online Services. In limited circumstances we may also rely on your consent to, for example, market our Services to you, collect information on our Portal via cookies or other tracking technology, communicate with you about products, events, sweepstakes, promotions, etc.

In order to comply with our legal obligations, we may also use some of your Personal Information to detect and prevent illegal uses, abuse, spam, fraud, security incidents and other harmful activity, or to respond to law enforcement requests and as required by applicable law, governmental regulations or court orders.

You may have certain rights under the European Union, United Kingdom or Swiss data protection legislation (collectively, “European Privacy Laws”) with respect to your Personal Information, such as the right to:

• request access to and be provided with information on the processing of your Personal Information;
• request corrections of your Personal Information if such Personal Information proves inaccurate or incomplete;
• request your Personal Information to be deleted (i) if it is no longer necessary for the purposes described in this Privacy Policy, (ii) should you decide to withdraw your consent where you gave it, (iii) should you object to its processing for direct marketing purposes, (iv) should you identify that it would have been unlawfully processed, (v) should we be under a legal obligation to erase it to comply with European Privacy Laws and always provided we are not under a legal obligation to keep it;
• restrict the processing of your Personal Information (i) if you contest its accuracy; (ii) if the processing is unlawful and you oppose the erasure; (iii) if it is no longer needed for the purposes set out in this Privacy Policy but is required to be maintained by us for the establishment, exercise or defense of a legal claim, (iv) if you object to profiling;
• object to the processing of your Personal Information for direct marketing purposes or to any processing which we would have based on our legitimate interest (e.g., profiling);
• receive Personal Information which you provided to us in a structured, commonly used and machine-readable format and to transmit it to another provider provided it is processed based on your consent or our contract;
• object to the use of automated decision making or profiling; and
• withdraw consent for the processing of your Personal Information. You may withdraw your consent at any time. If you withdraw your consent, our use of your Personal Information before you withdrew it is still lawful.

How to Exercise these Rights
If you would like to access, rectify, erase, restrict, transfer, or object to the processing of your personal data, please contact us at:

websitemail@adr.org; or 

Attn: Legal Department 
120 Broadway, 21st Floor
New York, NY 10271
(212) 716-5800

We will attempt to expeditiously respond to any such request. We may require you to verify your identity before sending our response.

You also have a right to make a complaint to a data protection supervisory authority, in the member state or country where you work, normally live, or where any alleged infringement of data protection laws occurred. The UK supervisory authority is the Information Commissioner's Office (ICO). You can visit their website at www.ico.org.uk. If you are in the EU, you can find your local data protection authority here. If you are in Switzerland, you can find your local data protection authority here.

The principle that we apply is that your Personal Information will be deleted, aggregated, or anonymized when it is no longer necessary for the purpose for which it was collected, unless a longer retention period is needed to:

• Respond to any questions, complaints or claims made by you or on your behalf;
• Comply with a legal obligation or regulatory requirement; or
• Establish, exercise, or defend legal claims or other complaints.

We will not retain your Personal Information for longer than necessary for the purposes set out in this Privacy Policy

UPDATES TO THE PRIVACY POLICY 
We may update this Privacy Policy from time to time. If we decide to change this Privacy Policy, we will inform you by posting the revised Privacy Policy on the Portal. Those changes will go into effect on the “Revised” date shown in the revised Privacy Policy. By continuing to use the Portal or Online Services, you are consenting to the revised Privacy Policy.

CONTACT; QUESTIONS & CONCERNS 
If you have any questions, comments, or concerns about this Policy, please contact us at websitemail@adr.org. 

Please print a copy of this Privacy Policy for your records and PLEASE check the Portal frequently for any changes.