Privacy Policy
Last Updated: February 18, 2026
Adequate Data AI ("Adequate Data," "we," "us," or "our") operates adequatedata.com (the "Service"). This Privacy Policy explains what information we collect, how we use it, and what rights you have. We've tried to keep it readable — no 50-page legal maze.
1. Information We Collect
Account Information
When you request access or create an account, we collect your email address, name, and profile image (if you authenticate via Google or GitHub OAuth). If you use email/password authentication, we store a securely hashed version of your password — never the plaintext.
Database Credentials
When you connect a supported source such as Snowflake, BigQuery, Redshift, or CSV workflows, we store your connection credentials. These are encrypted at rest using AES-256-CBC and are only decrypted in-memory at the moment we execute a query on your behalf. We never log or expose credentials in plaintext.
Uploaded Files
CSV and Excel files you upload are stored on Amazon Web Services (AWS) S3 in encrypted buckets. Files are associated with your account and are not accessible to other users.
Queries & Usage Data
We store the business data questions you ask, the calculations we generate, proof metadata, and basic usage analytics (pages visited, features used, timestamps). This helps us improve the product and debug issues.
2. How We Use Your Information
- To provide and operate the Service - checking data, generating evidence summaries, exporting proof, and storing your data.
- To authenticate you and manage your account.
- To send transactional emails (password resets, billing receipts, critical security notices).
- To improve the Service through aggregated, anonymized usage analytics.
- To respond to support requests.
- To comply with legal obligations.
3. AI Processing & Third-Party Data Sharing
When you ask a business data question, we may send relevant context - including source metadata, table and field names, your question, and result context needed for the explanation - to the Anthropic API (Claude) to generate calculations and evidence summaries. We minimize the data sent where practical.
Anthropic's commercial data usage terms apply to data processed through their service. As of this writing, Anthropic does not train its models on API inputs or outputs by default. We recommend reviewing Anthropic's commercial terms for the latest details. If we ever change AI providers, we will update this policy before doing so.
We do not sell, rent, or trade your personal information to anyone. Period.
4. Data Storage & Security
- Application data is stored in Neon PostgreSQL, hosted in the United States.
- Uploaded files are stored in AWS S3 with server-side encryption.
- Database credentials are encrypted with AES-256-CBC before storage.
- All connections to our Service use TLS/HTTPS.
While we take reasonable measures to protect your data, no system is 100% secure. If we discover a breach that affects your personal information, we will notify you in accordance with applicable law.
5. Cookies
We use session cookies (via NextAuth) to keep you logged in. These are essential for the Service to function and are not used for tracking or advertising. We do not use third-party advertising cookies. If we add analytics cookies in the future, we will update this policy and provide an opt-out mechanism.
6. Data Retention
We retain your data for as long as your account is active. If you delete your account:
- Your personal information, saved queries, and visualizations are deleted within 30 days.
- Uploaded files are removed from AWS S3 within 30 days.
- Encrypted database credentials are deleted immediately.
- Anonymized, aggregated analytics data may be retained indefinitely (this data cannot identify you).
We may retain certain data longer if required by law (e.g., billing records for tax purposes).
7. Your Rights
All Users
- Access: You can view and export your data from your account settings at any time.
- Deletion: You can delete your account and all associated data from your account settings, or by emailing us.
- Correction: You can update your profile information at any time.
EU/EEA Users (GDPR)
If you are in the European Union or European Economic Area, you have additional rights under the GDPR:
- Right to erasure — request deletion of all your personal data.
- Data portability — receive a machine-readable export of your data.
- Restriction of processing — ask us to limit how we use your data.
- Object to processing — opt out of certain uses of your data.
- Lodge a complaint with your local data protection authority.
Our legal basis for processing your data is:
- Contract performance — to provide the Service you signed up for.
- Legitimate interest — to improve our product and prevent abuse.
- Consent — where applicable (e.g., optional marketing emails).
California Users (CCPA)
If you are a California resident, you have the right to:
- Know what personal information we collect and how it is used.
- Request deletion of your personal information.
- Opt out of the sale of personal information — though we do not sell your data.
- Non-discrimination for exercising your privacy rights.
8. Data Ownership
You own your data. We do not claim any ownership over the files you upload, the databases you connect, or the content within them. We access your data solely to provide the Service. When you delete your account, your data is removed as described in Section 6.
9. Children's Privacy
The Service is not intended for anyone under 16 years of age. We do not knowingly collect personal information from children. If we learn that we have, we will delete it promptly.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by email or by posting a notice on the Service. Your continued use of the Service after changes take effect constitutes acceptance.
11. Contact Us
Questions or concerns about this Privacy Policy? Reach us at [email protected].