Effective Date: 10/1/25

Privacy Policy

This Privacy Policy describes how Adapt.com, Inc., a Texas corporation ("Adapt," "we," "us," or "our") collects, uses, and protects information when you use our AI-powered business analysis and decision support services ("Services").

This Privacy Policy uses the terms “Personal Information” (as under U.S. state privacy laws) and “Personal Data” (as under GDPR). For clarity, these terms are used interchangeably and mean any information relating to an identified or identifiable individual.

For purposes of data protection laws, Adapt acts as a “data controller” (or “business” under U.S. laws) with respect to account information, communications, and related data, and as a “data processor” (or “service provider”) with respect to Customer Data that you submit to the Services.

1. Information we collect

1.1 Information You Provide

  • Account Information: Name, email address, company name, job title, and billing information when you create an account.
  • Customer Data: Business data, documents, files, and other content you upload, submit, or make available through the Services.
  • Communications: Information you provide when contacting us for support or feedback.
  • Payment Information: Billing details and payment method information (processed by third-party payment processors).
  • Personal Information: Information relating to an identified or identifiable individual, such as name, contact details, and other information you choose to provide.
  • Sensitive Personal Information: We do not intentionally collect or process sensitive categories of personal data (such as health, biometrics, racial or ethnic origin, religious beliefs, or sexual orientation). If you choose to include such data in Customer Data, you are responsible for obtaining all legally required consents. Where such data is inadvertently processed, we apply additional safeguards (including restricted access, encryption, and minimization) consistent with GDPR Article 9 requirements.

If we ever collect or use Sensitive Personal Information (as defined under the CPRA), California residents will have the right to direct us to limit its use to what is necessary for service provision. We will provide a clear and accessible method (“Limit the Use of My Sensitive Information”) to exercise this right.

1.2 Information We Collect Automatically 

  • Usage Analytics: Information about how you use the Services, including features accessed, time spent, and interaction patterns.
  • Technical Information: IP address, browser type, device information, operating system, and referring URLs.
  • Service Performance Data: Error logs, performance metrics, and diagnostic information.
  • Cookies and Tracking: We use cookies and similar technologies to enhance your experience and collect usage information.

1.3 Information from Third Parties 

We may collect information about you from third parties as follows:

  • Integration Data: Information from third-party services you connect to our platform (e.g., CRM, financial, or marketing analytics platforms).
  • Business Information: Publicly available business information to enhance our services and provide more accurate insights.

2. How we use information

2.1 Service Provision

We use the information we collect to:

  • Provide, operate, and maintain the Services
  • Process and analyze Customer Data to generate insights and support your business decisions
  • Authenticate users and maintain account security
  • Process payments and billing

2.2 Service Improvement

We use information to improve our Services and for research and development. Specifically, with respect to our AI models:

  • De-identified Data: We use aggregated and de-identified data, applying technical and organizational measures designed to prevent re-identification, to analyze usage patterns, conduct research, and train and improve our AI models.
  • No Identifiable Data for Training: We do not use your identifiable Customer Data to train or improve our AI models or third-party AI models without your explicit consent.

2.3 Communications

We use your information to:

  • Respond to support requests and communications
  • Send service-related notifications and updates
  • Provide customer support and technical assistance
  • Send you marketing communications about our products and services. You may opt out of these communications at any time. Even if you opt out of marketing communications, you may still receive transactional or service-related communications.

2.4 Legal and Business Purposes

  • Comply with legal obligations and regulatory requirements
  • Protect our rights and prevent fraud or abuse
  • Enforce our Terms of Service

2.5 Legal Bases for Processing (GDPR)

For users in the European Economic Area, we process Personal Data only where a lawful basis applies:

  • Contract: to provide the Services you request and fulfill our contractual obligations (Sections 2.1 and 2.2).
  • Consent: where you have provided consent (e.g., for optional marketing communications).
  • Legal obligation: to comply with applicable laws and regulations.
  • Legitimate interests: to improve our Services, secure our systems, and prevent fraud, provided these interests are not overridden by your rights.

3. How we Share information

3.1 Customer Data

We do not sell, rent, or lease Customer Data. We may share Customer Data only:

  • With your explicit consent
  • To provide the Services you requested
  • When required by law or legal process, such as in response to a court order, subpoena, or government request
  • To protect our rights or the safety of others

3.2 Service Providers

We may share information with trusted third-party service providers who assist us in:

  • Cloud hosting and infrastructure
  • Payment processing
  • Customer support tools
  • Analytics and monitoring
  • Security services

All service providers are contractually obligated to protect your information and use it only for specified purposes.

3.3 Business Transfers

In connection with any merger, acquisition, reorganization, or sale of assets, your information may be transferred. In such cases, we will ensure that the recipient continues to protect your information in accordance with this Privacy Policy and applicable data protection laws.

3.4 Aggregated Information

We may share aggregated, de-identified information that cannot reasonably identify you or your organization for business purposes.

3.5 Subprocessors

We may engage third-party subprocessors to assist with the provision of our Services (e.g., cloud hosting, analytics, support). A current list of subprocessors is available at [LINK]. We require all subprocessors to implement appropriate safeguards to protect your information and process it only for authorized purposes. We will notify customers of material changes to our list of subprocessors. Where required by law (such as under GDPR), customers may object to a new subprocessor by notifying us within 30 days of receiving notice.

4. Data Security

4.1 Security Measures 

We implement reasonable and appropriate safeguards, which include:

  • Encryption in transit and at rest
  • Access controls and authentication
  • Regular security assessments and monitoring
  • Employee security training
  • Practices aligned with recognized security frameworks such as SOC 2

Disclaimer: No method of transmission over the internet or electronic storage is completely secure, and we cannot guarantee absolute security of your information.

4.2 Data Location

Customer Data is stored and processed in secure facilities within the United States.

4.3 Incident Response

We maintain incident response procedures and will notify you of any security breaches affecting your data as required by law.

5. Data Retention

5.1 Customer Data

We retain Customer Data for as long as necessary to provide the Services and as required under law. Retention is based on the following grounds:

  • Contractual necessity: retention while your account is active.
  • Legal obligation: extended retention where required by tax, accounting, or regulatory requirements.
  • Legitimate interests: limited retention to maintain business continuity and security (e.g., encrypted backups for 180 days).

We delete or anonymize data once these bases no longer apply.

You may request deletion of your Customer Data at any time. Any aggregated and de-identified data that may have been used for AI model training is retained indefinitely for service improvement purposes, but it cannot be used to re-identify you or your organization.

5.2 Account Information

We retain account information for legitimate business purposes, including compliance with legal obligations.

5.3 Usage Analytics

We may retain aggregated, de-identified usage analytics indefinitely for service improvement purposes.

6. Your rights and Choices

6.1 Access and Control

 You may:

  • Access and update your account information
  • Export your Customer Data
  • Request deletion of your data
  • Opt out of marketing communications
  • Withdraw consent to processing (where applicable)
  • Designate an authorized agent to exercise your rights, subject to verification. 

We will verify your request consistent with applicable law, which may include confirming your identity or authority before fulfilling such requests.

6.2 Cookies and Tracking

You can control cookie settings through your browser, though this may affect service functionality.

6.3 Data Portability

You can export your Customer Data in standard formats upon request.

7. Compliance with privacy laws

7.1 European Users (GDPR)

If you are in the European Economic Area, you have additional rights including:

  • Right to access, rectify, or erase personal data
  • Right to restrict or object to processing
  • Right to data portability
  • Right to lodge complaints with supervisory authorities
  • Right to withdraw consent at any time

7.2 California Users (CCPA/CPRA)

California residents have specific rights regarding their Personal Information, which includes information that identifies, relates to, or could reasonably be linked with a particular consumer or household. These rights include:

  • The right to know what personal information is collected about them
  • The right to request the correction of inaccurate personal information
  • The right to request the deletion of personal information, subject to certain exceptions.
  • The right to opt out of the sale or sharing of personal information (we do not sell personal information)
  • The right to not be discriminated against for exercising privacy rights

You can exercise these rights by contacting us as outlined in Section 12. We also provide a “Notice at Collection” at or before the point of collection, describing:

  • Categories of personal information collected
  • Purposes of collection and use
  • Whether information may be shared with service providers or contractors

This notice is available at [LINK].

7.3 Other Jurisdictions

We comply with the applicable privacy laws of U.S. states where we operate, including the Virginia Consumer Data Protection Act (VCDPA), the Colorado Privacy Act (CPA), the Connecticut Data Privacy Act (CTDPA), and the Utah Consumer Privacy Act (UCPA). We will comply with applicable privacy laws in any jurisdiction where we operate, and this section will be updated as new laws come into effect.

8. International transfers

When transferring Personal Data internationally, we implement appropriate safeguards required by applicable law, which may include:

  • Standard contractual clauses approved by relevant authorities
  • Adequacy decisions
  • Other legally recognized transfer mechanisms

Customer Data is primarily stored and processed in secure facilities within the United States. If Personal Data is transferred internationally (for example, for support purposes), we implement appropriate safeguards required by applicable law.

Where Personal Data is transferred outside the EEA, UK, or Switzerland, we rely on:

  • Adequacy decisions issued by the European Commission (e.g., transfers to countries deemed adequate).
  • Standard Contractual Clauses (SCCs) for transfers to the United States and other non-adequate countries.
  • Supplementary measures such as encryption and access controls to ensure equivalent protection.

Copies of relevant transfer mechanisms are available upon request.

9. Children’s Privacy

Our Services are not directed to individuals under the age of 16 in the European Economic Area and under the age of 13 in the United States. We do not knowingly collect personal information from children below these ages. If we become aware that we have collected such information, we will take steps to delete it. If you believe we may have inadvertently collected information from a child, please contact us so we can delete it promptly.

10. Third-Party Links

Our Services may contain links to third-party websites or services. This Privacy Policy does not apply to such third parties, and we encourage you to review their privacy policies.

11. Changes to this policy

We may update this Privacy Policy periodically. We will notify you of material changes by:

  • Posting the updated policy on our website
  • Sending email notifications to registered users
  • Providing notice through the Services

The date of the most recent update will be posted at the top of this Privacy Policy.

12. Contact us

12.1 Privacy Questions

For privacy-related questions or to exercise your rights, contact us at:

12.2 Data Protection Officer

For GDPR-related inquiries, contact our Data Protection Officer at: hello@adapt.com

12.3 Response Time

We will respond to privacy rights requests within 30 days under GDPR and within 45 days under CCPA/CPRA. Where permitted by law, we may extend response time by an additional 45 days and will notify you if such an extension applies.

Privacy Policy — The AI brain for your business