Privacy Policy

2.1 Account Information

When you create an account with Adverant, we collect:

• Full name and email address
• Company or organization name
• Job title and department
• Billing information (processed securely through our payment processors)
• Authentication credentials (passwords are encrypted and never stored in plain text)

2.2 Usage Data

We automatically collect information about how you interact with our Services:

• API calls, requests, and responses (excluding sensitive payload data)
• Feature usage patterns and frequency
• Performance metrics and error logs
• Session duration and interaction timestamps
• Analytics data for service improvement

2.3 Technical Data

We collect technical information to ensure service security and functionality:

• IP addresses and geographic location (city/country level)
• Browser type, version, and language preferences
• Device information (operating system, device type, screen resolution)
• Referring URLs and navigation paths
• Cookie identifiers and tracking pixels

2.4 Content Data

When you use our AI services, we process and store:

• Documents uploaded for processing (PDFs, Word files, spreadsheets, etc.)
• Video content submitted for analysis
• Knowledge graphs and semantic relationships created
• Chat histories and conversational data
• Custom models and training data (Enterprise customers only)

Important: Content data remains your property. We do not use your content to train our models without explicit consent, and Enterprise customers can opt for complete data isolation.

3.1 Provide and Maintain Services

• Operate and deliver the Adverant Nexus platform
• Process API requests and execute AI operations
• Manage user accounts and authentication
• Process billing and payment transactions
• Provide customer support and technical assistance

3.2 Improve Platform Performance

• Analyze usage patterns to optimize service performance
• Identify and fix technical issues and bugs
• Develop new features and enhance existing functionality
• Conduct research and development for AI improvements

3.3 Customer Support

• Respond to customer inquiries and support requests
• Provide technical documentation and guidance
• Send service announcements and updates
• Conduct customer satisfaction surveys

3.4 Security and Fraud Prevention

• Monitor for security threats and unauthorized access
• Detect and prevent fraudulent activities
• Enforce our Terms of Service and acceptable use policies
• Conduct security audits and vulnerability assessments

3.5 Legal Compliance

• Comply with applicable laws, regulations, and legal processes
• Respond to lawful requests from government authorities
• Enforce our legal rights and defend against legal claims
• Maintain records for audit and compliance purposes

4.1 Encryption

• At Rest: All data is encrypted using AES-256 encryption
• In Transit: TLS 1.3 encryption for all network communications
• Backups: Encrypted backups with separate encryption keys
• Key Management: AWS KMS and Azure Key Vault for secure key storage

4.2 Compliance and Certifications

• SOC 2 Type II: Annual audits by independent third parties
• GDPR Compliance: Full compliance with European data protection laws
• FedRAMP Ready: For government and military deployments
• HIPAA Compliant: Available for healthcare customers

4.3 Security Audits

• Quarterly penetration testing by certified security firms
• Continuous vulnerability scanning and monitoring
• Annual third-party security audits
• Bug bounty program for responsible disclosure

4.4 Data Retention

We retain your data only as long as necessary:

• Active Accounts: Data retained for duration of account activity
• Inactive Accounts: Data deleted after 2 years of inactivity
• Deleted Accounts: Complete deletion within 30 days of request
• Backups: Backup data purged after 90 days
• Logs: Access logs retained for 1 year for security purposes

4.5 Backup Procedures

• Real-time replication across multiple availability zones
• Daily encrypted backups stored in geographically diverse locations
• Point-in-time recovery capabilities
• Regular backup restoration testing

5.1 Third-Party Service Providers

We may share limited data with trusted service providers who help us operate our Services:

• Cloud Infrastructure: AWS, Azure for hosting and storage
• Payment Processing: Stripe for secure payment handling
• Analytics: Aggregated, anonymized usage data for service improvement
• Support Services: Customer support platforms (data encrypted)

All service providers are bound by strict confidentiality agreements and are prohibited from using your data for any purpose other than providing services to us.

5.2 Legal Requirements

We may disclose your information if required by law or in response to:

• Valid legal process (subpoenas, court orders, warrants)
• Government or regulatory investigations
• Protection of rights, property, or safety of Adverant, our users, or the public
• Enforcement of our Terms of Service

When legally permitted, we will notify you of such requests and challenge overly broad or inappropriate demands.

5.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity. We will notify you of any such change and inform you of your rights regarding your data.

6.1 Access Your Data

You have the right to request a copy of all personal data we hold about you. We will provide this information in a structured, commonly used, and machine-readable format within 30 days.

6.2 Delete Your Data

You can request deletion of your account and associated data at any time. Data will be permanently deleted within 30 days, except where retention is required by law.

6.3 Export Your Data

You can export your data in standard formats (JSON, CSV) at any time through your account settings or by contacting support.

6.4 Correct Inaccurate Data

You can update your account information at any time. If you believe we have inaccurate data about you, please contact us to have it corrected.

6.5 Opt-Out of Marketing

You can unsubscribe from marketing communications at any time by clicking the unsubscribe link in our emails or adjusting your communication preferences in your account settings.

6.6 Object to Processing

You have the right to object to certain types of data processing. Contact us at privacy@adverant.ai to exercise this right.

8.1 Types of Cookies We Use

• Strictly Necessary Cookies: Required for authentication, security (CSRF protection), and basic functionality. These cannot be disabled.
• Analytics Cookies: Help us understand how visitors interact with our website by collecting anonymous usage data. Requires your consent.
• Functional Cookies: Remember your preferences such as theme and language settings. Requires your consent.
• Marketing Cookies: Used to deliver relevant advertisements and track campaign effectiveness. Requires your consent.

8.2 Analytics Services

With your consent, we use the following analytics services:

• Google Analytics (GA4): We use anonymized IP addresses and have disabled data sharing with Google for advertising purposes.
• Mixpanel: For product analytics to understand feature usage.
• Sentry: For error tracking and performance monitoring.

8.3 Managing Your Cookie Preferences

You have several options for managing cookies:

• Cookie Banner: Use our cookie consent banner on your first visit to accept or reject non-essential cookies.
• Cookie Settings: Click "Cookie Settings" in the footer at any time to change your preferences.
• Browser Settings: Configure your browser to refuse or delete cookies. Note that this may affect website functionality.
• Do Not Track: We honor browser "Do Not Track" signals.

8.4 Cookie Retention

• Session Cookies: Deleted when you close your browser.
• Consent Preferences: Stored in your browser for 1 year or until you change them.
• Analytics Cookies: Google Analytics cookies expire after 14 months.

12.1 Your California Privacy Rights

• Right to Know: You can request disclosure of the personal information we collected, used, disclosed, or sold about you in the past 12 months.
• Right to Delete: You can request deletion of your personal information, subject to certain legal exceptions.
• Right to Correct: You can request correction of inaccurate personal information we maintain about you.
• Right to Opt-Out of Sale/Sharing: You can opt-out of the sale or sharing of your personal information for cross-context behavioral advertising.
• Right to Limit Use of Sensitive Personal Information: You can limit our use of sensitive personal information to purposes necessary to perform our services.
• Right to Non-Discrimination: We will not discriminate against you for exercising any of your privacy rights.

12.2 Categories of Personal Information

In the past 12 months, we may have collected the following categories of personal information:

• Identifiers (name, email address, IP address)
• Commercial information (subscription history, usage records)
• Internet activity (browsing history, interaction with our Services)
• Professional information (company name, job title)
• Inferences drawn from the above to create a profile

12.3 How to Exercise Your Rights

To exercise your California privacy rights, you may:

• Email us at privacy@adverant.ai
• Use the "Do Not Sell My Info" link in our website footer
• Submit a request through your account settings on the dashboard

We will verify your identity before processing your request and respond within 45 days. You may designate an authorized agent to make requests on your behalf.

13.1 Japan (APPI)

For users in Japan, we comply with the Act on the Protection of Personal Information (APPI) and the Telecommunications Business Act:

• We obtain explicit consent before using cookies that track user behavior
• You can withdraw consent for tracking cookies at any time via our cookie settings
• We provide clear disclosure about the types of cookies used and their purposes
• Personal information is handled in accordance with APPI requirements

13.2 South Korea (PIPA)

For users in South Korea, we comply with the Personal Information Protection Act (PIPA):

• Consent for data processing is obtained separately from other agreements
• We provide separate consent options for different processing purposes
• You have the right to access, correct, and delete your personal information
• Cross-border data transfers are disclosed and conducted in compliance with PIPA
• From March 2025, you have the right to data portability

13.3 Thailand (PDPA)

For users in Thailand, we comply with the Personal Data Protection Act (PDPA):

• We obtain explicit consent before processing your personal data
• Consent requests are clearly distinguishable and presented separately
• You have the right to withdraw consent at any time through cookie settings or by contacting us
• We provide data subjects with access, correction, deletion, and portability rights
• Data processing activities are documented and auditable