Privacy Policy

Privacy Overview

At idapt, your privacy is of utmost importance to us. As a company based in Europe, we are committed to protecting your personal data in accordance with the General Data Protection Regulation (GDPR) and other applicable privacy laws. Transparency is at the heart of what we do, and we ensure your data is used only to provide the best possible service. Importantly, we make money exclusively from the subscriptions you pay, not by selling or monetizing your data in any other way.

1. Who We Are

The data controller for your personal data is idapt. If you have questions about this Privacy Policy or want to exercise your rights, you can contact us at support@idapt.ai.

2. What Data We Collect

We may collect and process the following categories of personal data to provide and improve our services:

User Data

This includes your conversations with AI, prompts, messages, chat history, documents you create or upload, and any attachments. This data is necessary to provide you with AI assistance and maintain your conversation history.

Account Data

Information like your name (or pseudonym), email address, and payment details (processed securely via our third-party payment provider, Stripe).

Security Data

Information related to usage logs, IP addresses, device information, and user agent strings for fraud prevention and security purposes.

Communication Data

Emails and support interactions to provide better customer service.

Usage Data

Analytics about how you use our services, including AI model usage (token counts, costs, performance metrics), feature usage, and interaction patterns. This helps us improve the service and monitor system performance.

3. How and Why We Use Your Data

The purposes for which we collect and use your data include:

  • Providing the Services you request: To deliver AI-based functionality, maintain your chat history, and support your account.
  • Improving our Services: For troubleshooting, technical improvements, security monitoring, and developing new features.
  • Communication: Sending updates about your account, billing, subscription changes, and product updates (you can opt out of non-essential communications).
  • Compliance: Meeting legal, regulatory, and compliance obligations.

We process your personal data on the following legal bases:

  • Performance of a contract: To provide the services you've subscribed to.
  • Consent: When you explicitly agree (e.g., for customer service requests or analytics).
  • Legitimate interests: To prevent abuse, operate our services, enhance security, and improve product functionality.
  • Legal compliance: To meet legal obligations, such as financial audits or fraud prevention.

4. How Long Do We Retain Your Data

We retain your personal data only for as long as it is necessary to fulfill the purposes for which it was collected or to comply with legal, regulatory, and contractual obligations. Below is a breakdown of our retention periods:

User Data (Chats, Messages, Documents)

  • Purpose: Retained for the display of past conversations in history and to provide user assistance.
  • Retention Period:
    • Active Users: Stored as long as your subscription is active.
    • Deleted Data: Once you delete your data, we might retain it for up to 30 rolling days for abuse detection (e.g., to monitor for spam or misuse). After this period, it is permanently deleted.

Account Data

  • Purpose: Required for managing your subscription and resolving disputes.
  • Retention Period:
    • Active Users: Stored for the duration of your registration.
    • After Account Termination: Retained for up to 1 year after the end of your subscription for evidentiary and legal compliance purposes, after which it is securely deleted.

Security Data

  • Purpose: Stored to monitor system integrity, detect fraud, and prevent unauthorized access.
  • Retention Period: Retained for up to 1 rolling year, then deleted automatically.

Payment Data

  • Purpose: Processed securely by our third-party payment provider (Stripe) for billing and fraud prevention.
  • Retention Period: Follows the retention period required by financial and tax regulations, usually 5 to 7 years, depending on your country of residence.

Communication Data

  • Purpose: Manage customer support inquiries and improve service delivery.
  • Retention Period: Retained for up to 2 years from the date of your last interaction, unless deletion is requested earlier.

Legal Obligations

If required by law, we may retain certain data beyond the retention periods outlined above, but only to the extent necessary to comply with applicable laws (e.g., tax regulations or court orders).

5. When and With Whom Do We Share Your Personal Data?

We may disclose your personal data to third parties to deliver you the promised services. Disclosures will only be made so that we can process your personal data for the purposes set out above. idapt may share your personal data with the following third parties:

Third-Party Service Providers

To operate and deliver our services, we use trusted providers. These providers are bound by contractual agreements to process your data only for the agreed purposes, in compliance with privacy laws:

Main Service Providers

Service ProviderActivityLocation
NeonDatabase HostingEU (Germany)
VercelApplication HostingUSA

Other Service Providers

Service ProviderActivityLocation
OpenAIAI Processing and GenerationUSA
AnthropicAI Processing and GenerationUSA
xAI (Grok)AI Processing and GenerationUSA
Google AIAI Processing and GenerationUSA
Vercel BlobFile StorageUSA
BrevoTransactional EmailsEU (France)
StripePayment ProcessingUSA
PostHogProduct AnalyticsEU

Compliance with Laws

We may disclose your data if required to do so by law, a court order, or other legal processes.

We do not sell or share your data for advertising purposes.

6. Data Security

We have robust measures in place to protect your personal data against unauthorized access, loss, destruction, or alteration. These include:

  • Encryption: Data in transit is encrypted using industry-standard protocols. We use PostgreSQL (via Neon) and secure cloud infrastructure (Vercel).
  • Access Control: Strict authentication and authorization controls ensure only authorized personnel can access data.
  • Regular Audits: We periodically review our systems and data-handling processes for vulnerabilities and ensure security updates are applied promptly.

7. International Data Transfers

As we are based in Europe, your personal data is primarily processed and stored within the European Economic Area (EEA). However, some of our service providers (such as AI model providers, hosting, and payment processors) are located outside the EEA, particularly in the United States.

When data must be transferred outside the EEA, we ensure that it is done under adequate safeguards, such as through Standard Contractual Clauses (SCCs) or equivalent mechanisms approved by the European Commission.

8. Your Rights

As a resident of the European Economic Area (and where applicable in other regions), you have the following rights under the GDPR and similar privacy regulations:

  • Right to Access: You have the right to request a copy of the personal data we hold about you.
  • Right to Rectification: You can request corrections or updates to your data if it's inaccurate or incomplete.
  • Right to Erasure (Right to Be Forgotten): You can request deletion of your data, subject to specific retention requirements under the law.
  • Right to Restrict Processing: You can request that we limit the processing of your data in certain situations.
  • Right to Objection: You can object to the processing of your data where we rely on legitimate interests as a legal basis.
  • Right to Data Portability: You have the right to request your data in a portable format for reuse elsewhere.
  • Right to Withdraw Consent: Where processing is based on consent, you can withdraw it at any time.

You can exercise any of these rights by contacting us at support@idapt.ai. If you feel we haven't adequately addressed your rights, you have the right to lodge a complaint with your local Data Protection Authority (DPA).

9. Cookies and Tracking

We use cookies and similar technologies to operate our services and provide you with a better experience.

Types of Cookies

  • Essential Cookies: Necessary for the operation of our services, including authentication, session management, and security. These cookies cannot be disabled.
  • Analytics Cookies: We use PostHog for product analytics to understand how users interact with our service and improve functionality. You can opt out of analytics tracking in your account settings.

10. Anonymous Users

idapt allows you to use the service as an anonymous user before creating an account. When you use the service anonymously:

  • Your conversations and data are stored locally and associated with a temporary identifier.
  • If you later create an account, your anonymous data will be automatically migrated to your registered account.
  • Anonymous user data is subject to the same privacy protections as registered user data.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, services, legal requirements, or industry standards. Notification of significant changes will be provided via email or within the service itself. Please check this page periodically for updates.

Last Updated: January 2025

12. Contact Us

For questions, concerns, or requests regarding this Privacy Policy, you can contact us at:

Email: support@idapt.ai

We aim to deliver exceptional AI services while prioritizing your privacy every step of the way. Thank you for trusting us with your data.

idapt is a commercial name of Richard Morel, operating as auto-entrepreneur, SIREN 889 019 717, 200 rue de la Croix Nivert, Paris, 75015, France.