Privacy Policy

1. Introduction

Adaptive Agentic Platform LLC ("Adaptive AI," "we," "our," or "us") provides an AI workforce platform that enables businesses to deploy AI Workers across voice, messaging, email, and digital channels. This Privacy Policy explains how we collect, use, disclose, and safeguard information in connection with our Platform and services.

This Privacy Policy is incorporated into and governed by the Adaptive AI Terms of Service v1.0 ("ToS"). In the event of a conflict between this Privacy Policy and the ToS, the ToS controls — except with respect to data protection obligations, where the Data Processing Agreement ("DPA") governs. All capitalized terms not defined herein have the meanings given in the ToS.

By using the Adaptive AI Platform, you acknowledge the practices described in this policy. If you do not agree, please discontinue use of our services.

2. Who This Policy Applies To

• Customers — businesses and organizations that contract with Adaptive AI to deploy AI Workers ("Customer" or "you")
• End Users — individuals who interact with AI Workers deployed by our Customers (e.g., callers, chat participants, email correspondents)
• Visitors — individuals who visit our website or marketing materials

Where Adaptive AI processes data on behalf of a Customer, the Customer's own privacy policy governs the relationship between the Customer and their End Users. Adaptive AI acts as a data processor in those contexts; the Customer is the data controller. This division of responsibility is addressed in detail in the DPA (DPA §2).

3. Customer Data Ownership

You own your data. Full stop.

Adaptive AI does not claim any ownership rights over conversation transcripts and recordings generated by your AI Workers; Customer business data, knowledge bases, and configurations uploaded to the Platform; End User data processed through your deployed Workers; or analytics and performance data generated by your Workers.

Your data is used solely to provide and improve the services you have contracted for. We do not sell Customer Data, use it to train AI models for other Customers, or share it with third parties except as described in Section 10 (ToS §§5.1–5.4; DPA §§4.3–4.4).

Data export and deletion. Upon termination or expiration of your agreement, you may request export of your data in a portable format. Export requests must be submitted within 30 days of termination. After this export window closes — or upon your earlier written request — Adaptive AI will permanently delete your data within 30 days, unless a longer retention period is required by applicable law. See ToS §10.5(d); DPA §11.

4. Single-Tenant Architecture

Adaptive AI deploys each Customer on a dedicated, isolated infrastructure instance ("single-tenant deployment"). This is a binding service specification, not a default setting or a feature that can be silently changed. It means:

• Your data is stored in a database instance not shared with any other Customer
• Your AI Workers run in compute environments isolated from other Customers' workloads
• Your configuration, knowledge base, and conversation data cannot be accessed by other Customers
• Security incidents or misconfigurations affecting one tenant cannot expose another tenant's data

Any change to this architectural model would constitute a material amendment to your agreement and is subject to the 30-day notice and opt-out rights described in ToS §13.3 (see also DPA §5.2).

5. Information We Collect

5.1 Information Customers Provide

• Account information: business name, billing address, contact names, email addresses, phone numbers
• Payment information: processed by our payment processor; Adaptive AI does not store raw card data
• Configuration data: AI Worker settings, knowledge base content, scripts, policies, and integration credentials (including BYOK API keys, which are encrypted at rest and never logged in plaintext)
• Support communications: messages, attachments, and context shared when contacting our support team

5.2 Information Generated Through Platform Use

• Conversation data: transcripts, audio recordings (where enabled), and interaction logs from deployed AI Workers
• Usage and telemetry: session timing, API call counts, model inference metrics, channel performance data
• System logs: error logs, security events, and infrastructure health data necessary to operate the Platform

5.3 Information About End Users

When End Users interact with AI Workers deployed by our Customers, we may process on the Customer's behalf: contact information provided during the interaction (name, phone number, email); conversation content and interaction history; and device and channel metadata (IP address, browser type, messaging platform identifiers).

Customers are responsible for ensuring they have appropriate legal bases to collect and process End User data, and for providing End Users with any required disclosures. See ToS §§3.1–3.2; DPA §3.

5.4 Information Collected Automatically (Website)

When you visit our website, we may collect browser type, operating system, pages viewed, time spent, IP address, and approximate geographic location. We use this information to operate and improve our website using privacy-respecting, first-party analytics. We do not sell this data or use it for cross-site behavioral advertising.

6. Legal Bases for Processing (European Users)

Where the GDPR or UK GDPR applies, we process personal data only where we have a valid legal basis under Article 6 of the GDPR.

Where we rely on legitimate interest, we have conducted balancing tests to ensure our interests do not override the fundamental rights and freedoms of data subjects. You may request a copy of our legitimate interest assessments by contacting [email protected].

7. How We Use Information

• Provide the Platform: deploy, operate, and maintain your AI Workers and associated infrastructure
• Support and troubleshoot: diagnose issues, respond to support requests, and resolve technical problems
• Improve reliability: monitor system performance, detect anomalies, and prevent outages
• Enforce terms: detect and prevent abuse, fraud, or violations of our Terms of Service
• Comply with law: meet legal obligations, respond to lawful government requests, and protect our legal rights
• Communicate with you: send service notices, invoices, security alerts, and (where you have opted in) product updates

We do not use Customer Data or End User conversation content to train foundation AI models or to improve AI capabilities made available to other Customers. This prohibition applies to identified and pseudonymized data alike. See ToS §§5.2 and 6.4; DPA §4.3.

Adaptive AI may use aggregate, de-identified, and anonymized data derived from Platform usage — which contains no Customer-identifiable information — for benchmarking, product improvement, research, and marketing purposes. This is not Customer Data and does not constitute training on Customer Data. See ToS §6.4.

8. Automated Decision-Making and AI Transparency

The Adaptive AI Platform deploys AI Workers that interact with End Users through voice, chat, email, and other channels. These interactions involve automated processing, including generating responses using large language models; routing conversations to appropriate AI Workers or Human Specialists; analyzing conversation content to determine escalation triggers; and applying Customer-defined policies and playbooks to guide conversation flow.

No solely automated decisions with legal or similarly significant effect. Adaptive AI's AI Workers do not make decisions that produce legal effects or similarly significant effects on End Users (such as credit determinations, employment decisions, or denial of essential services) without meaningful human oversight. Where a Customer deploys AI Workers in contexts that could produce such effects, the Customer is responsible for ensuring appropriate human review mechanisms are in place (ToS §3.4; DPA §7.3).

Right to human intervention. End Users interacting with AI Workers deployed on the Platform have the right to request to speak with a human agent at any time; obtain human review of any decision or outcome produced by an AI Worker; and receive an explanation of how automated processing contributed to any decision affecting them.

Customers are responsible for configuring their AI Workers to honor these rights and for informing End Users that they are interacting with an AI system, as required by applicable law (including the EU AI Act and GDPR Article 22). Adaptive AI provides technical capabilities (including the "Voice to Human" escalation feature) to support these obligations (ToS §3.4; DPA §7.3).

9. Data Retention

Adaptive AI retains data only as long as necessary to provide the Platform, meet legal obligations, or as configured by Customer. Customers may request shorter retention windows or automated deletion rules within their account settings, subject to applicable legal hold obligations.

For full retention schedules, configurable ranges, automated deletion details, and HIPAA-specific retention, see the Data Residency & Retention Policy.

Post-termination. Upon termination of your agreement, your data remains available for export for 30 days. After the export window closes, or upon earlier written request, Adaptive AI will delete Customer Data within 30 days. Account and billing records are exempt from this deletion obligation to the extent required by law. See ToS §10.5(d); DPA §11.

10. How We Share Information

Adaptive AI does not sell personal information. We share information only in the following circumstances.

10.1 Service Providers

We work with a limited set of third-party vendors (infrastructure providers, payment processors, security services) who process data on our behalf under binding data processing agreements. A current list is maintained at legal.adaptive.ai/subprocessors. These vendors are not permitted to use your data for their own purposes (DPA §6).

Subprocessor changes. Adaptive AI will notify Customer account administrators via email at least 30 days before adding any new subprocessor. If you reasonably object to a new subprocessor on data protection grounds, contact [email protected]. See ToS §5.6; DPA §6.4.

10.2 AI Model Providers

When AI Workers process conversations, inference requests are sent to large language model (LLM) providers. We configure these providers to prohibit training on submitted data. Customers may bring their own API keys ("BYOK") to route inference through their own provider agreements, giving you direct contractual control. BYOK credentials are encrypted at rest and never logged in plaintext. See Data Residency & Retention Policy §1.5 for data residency implications of inference routing.

10.3 Legal Requirements

We may disclose information when required by law, subpoena, or court order, or to protect the safety, rights, or property of Adaptive AI, our Customers, or the public. Where legally permitted, we will provide prompt written notice to the affected Customer.

10.4 Business Transfers

In the event of a merger, acquisition, or sale of substantially all of our assets, Customer Data may be transferred to the successor entity. We will provide at least 30 days' notice before any such transfer occurs and before Customer Data becomes subject to a materially different privacy policy. See ToS §13.4.

10.5 With Your Consent

We may share information for other purposes with your explicit prior written consent.

11. Data Security

• Encryption in transit: all data transmitted between clients, AI Workers, and Adaptive AI infrastructure uses TLS 1.2 or higher
• Encryption at rest: Customer databases and file storage are encrypted using AES-256
• Access controls: access to Customer Data is restricted to Adaptive AI personnel on a strict need-to-know basis; all access is logged and auditable
• Tenant isolation: single-tenant deployment architecture prevents cross-customer data exposure
• Vulnerability management: regular security assessments, penetration testing, and dependency scanning
• Incident response: documented procedures for detecting, containing, and remediating security incidents

For a comprehensive description of technical and organizational measures, see DPA Annex B.

Security breach notification. In the event of a confirmed security breach affecting your Customer Data, Adaptive AI will notify you within 72 hours of confirmation — consistent with ToS §5.7 and GDPR Article 33. Notification will include the nature of the breach, categories and approximate volume of data affected, likely consequences, and measures taken or proposed. We will cooperate with you in any required notifications to End Users or regulatory authorities (DPA §8).

12. International Data Transfers

Adaptive AI is headquartered in Newark, Delaware, United States. If you access our services from outside the United States, your information may be transferred to and processed in the United States or other countries where our service providers operate.

Where required by applicable law (including the GDPR), we rely on appropriate legal mechanisms for international data transfers, including Standard Contractual Clauses (SCCs) approved by the European Commission. Customers subject to GDPR who require SCCs should execute our DPA (DPA §9; DPA Annex C).

Transfer Impact Assessments. Adaptive AI has conducted Transfer Impact Assessments (TIAs) for data transfers from the European Economic Area and the United Kingdom to the United States. Customers may request a summary of our TIA findings by contacting [email protected] (DPA §9.3).

Data residency options. Customers who require data residency within the EEA or UK may request EU-resident deployment. See the Data Residency & Retention Policy for details.

13. Your Rights

• Access: request a copy of personal data we hold (GDPR Art. 15)
• Correction: request correction of inaccurate or incomplete data (GDPR Art. 16)
• Deletion: request deletion of personal data, subject to legal retention obligations (GDPR Art. 17)
• Portability: receive personal data in a structured, machine-readable format (GDPR Art. 20)
• Objection / restriction: object to or request restriction of certain processing activities (GDPR Arts. 18, 21)
• Withdrawal of consent: where processing is based on consent, withdraw that consent at any time without affecting the lawfulness of prior processing (GDPR Art. 7(3))
• Automated decision-making: request human intervention, express your point of view, and contest decisions made solely by automated means that produce legal or similarly significant effects (GDPR Art. 22). See Section 8 for details.

To exercise these rights, contact [email protected]. We will respond without undue delay and in any event within one calendar month of receiving your request, as required by GDPR Article 12(3). We may need to verify your identity before processing requests (DPA §7).

Right to lodge a complaint. If you believe that our processing of your personal data infringes applicable data protection law, you have the right to lodge a complaint with a supervisory authority in the EU/EEA Member State of your habitual residence, place of work, or place of the alleged infringement.

California residents (CCPA). California residents have the right to know, delete, correct, and opt out of the sale or sharing of personal information. Adaptive AI does not sell personal information. To exercise rights, contact [email protected]. We will not discriminate against you for exercising your privacy rights.

14. EU Representative

Adaptive AI is headquartered in the United States and does not maintain a physical establishment in the European Economic Area or the United Kingdom. In accordance with GDPR Article 27 and UK GDPR Article 27, Adaptive AI has appointed the following representative for data protection matters:

EU Representative: [To be appointed — name and contact details will be published here upon appointment]

UK Representative: [To be appointed — name and contact details will be published here upon appointment]

Until formal appointments are made, data subjects in the EU and UK may direct inquiries to [email protected], and Adaptive AI will respond within the timeframes required by applicable law.

15. Children's Privacy

Our Platform is not directed to individuals under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have inadvertently collected such data, we will take steps to delete it promptly. Customers must not deploy AI Workers in contexts where individuals under 16 are the primary interacting population without appropriate safeguards and Adaptive AI's prior written consent.

16. Cookies and Tracking Technologies

• Strictly necessary cookies: maintain session state, authentication, and security. These cookies are essential for the website to function and cannot be disabled.
• Analytics cookies: analyze website traffic using privacy-respecting, first-party analytics to help us improve our services.
• Preference cookies: remember your settings and preferences across visits.

We do not use cookies for cross-site behavioral advertising.

Cookie consent (European users). In compliance with the ePrivacy Directive and GDPR, non-essential cookies are placed only after you provide affirmative consent through our cookie consent banner. You may withdraw your consent at any time by contacting us at [email protected]. Strictly necessary cookies do not require consent.

17. Data Processing Agreement (DPA)

Customers who process personal data subject to the GDPR, CCPA, UK GDPR, or other applicable data protection legislation should execute Adaptive AI's Data Processing Agreement. The DPA establishes Adaptive AI's obligations as a data processor, Standard Contractual Clauses for international transfers (DPA §9; DPA Annex C), technical and organizational measures (DPA §5; DPA Annex B), and sub-processor management and audit rights (DPA §§6, 10).

To execute a DPA, contact [email protected]. In the event of conflict between the DPA and this Privacy Policy, the DPA governs with respect to data protection obligations.

18. Data Protection Officer

Adaptive AI has designated a Data Protection Officer (DPO) who is responsible for overseeing our data protection strategy and ensuring compliance with applicable data protection laws. The DPO can be contacted at [email protected].

The DPO is available to address questions from Customers, End Users, and supervisory authorities regarding our processing of personal data.

19. Changes to This Policy

We may update this Privacy Policy periodically. When we make material changes, we will post the updated policy at adaptiveap.com/privacy with a new "Last updated" date; notify Customer account administrators via email at least 30 days before material changes take effect; and for changes that materially restrict Customer's rights, treat this as a material amendment under ToS §13.3, entitling Customer to terminate with a pro-rata refund if objected to within the notice period.

Continued use of the Platform after the effective date of changes constitutes acceptance of the updated policy, to the extent permitted by applicable law.

20. Contact Us

Adaptive Agentic Platform LLC · Version 1.1 · Paired with Terms of Service v1.0. The most current version of this policy will always be available at adaptiveap.com/privacy.