Adoptify AI – Privacy Policy

1. Introduction & Scope

Adoptify AI (“Adoptify,” “we,” “us,” or “our”) is committed to protecting the privacy, confidentiality, and security of individuals and organizations that interact with our platform, services, and website.

This Privacy Policy applies to:

  • Visitors to adoptify.ai and associated web properties
  • Enterprise clients using Adoptify AI’s adoption services and AdaptOps™ framework
  • Individual users including employees, administrators, and program participants
  • Partners engaging through Adoptify AI’s ecosystem
  • Individuals submitting assessments, demo requests, or eligibility checks

Adoptify AI provides enterprise AI adoption services across multiple AI ecosystems, including Microsoft Copilot, Google Gemini, OpenAI, AWS Bedrock, Anthropic Claude, and custom enterprise AI models. This policy governs how we handle personal data across all engagements.

2. Who We Are

Legal Entity: Adoptify AI, DBA of Sarder Inc
Registered Address: 1460 Broadway, Fl 8, New York NY 10036
Primary Operations: United States

Privacy Contact:
privacy@adoptify.ai

Data Protection Officer (EU/UK, where required):
dpo@adoptify.ai

Grievance Officer (India – DPDP Act 2023):
grievance@adoptify.ai

3. Data Controller and Processor Roles

Adoptify acts:

  • As Data Controller for website visitors, marketing data, event registrations, and direct business inquiries.
  • As Data Processor when processing personal data on behalf of enterprise clients under a Master Services Agreement (MSA) and Data Processing Agreement (DPA).

When acting as a Data Processor, we process personal data strictly under client instructions and contractual safeguards.

4. Information We Collect

A. Information You Provide Directly

  • Name, work email, job title
  • Organization details
  • AI readiness assessment responses
  • Demo and consultation requests
  • ECIF eligibility data
  • Support communications
  • Event registrations

B. Information Collected Automatically

  • IP address
  • Browser/device information
  • Pages visited and engagement metrics
  • Referral sources
  • Cookie and tracking data

C. Enterprise Engagement Data

  • AI maturity metrics
  • Adoption and workflow analytics
  • Organizational technology stack data
  • ROI and program outcome tracking
  • Data submitted by authorized client administrators

Adoptify does not intentionally collect:

  • Protected Health Information (PHI) (unless under signed BAA)
  • Financial account numbers
  • Government-issued ID numbers

5. How We Use Information

We process personal data for:

Service Delivery

  • Deliver AI adoption programs
  • Provide readiness scoring and roadmaps
  • Manage enterprise engagements

Communication

  • Send assessment results and program updates
  • Provide client support
  • Share relevant resources (with consent where required)

Platform Improvement

  • Analyze aggregated usage trends
  • Improve performance and reliability

Legal & Compliance

  • Meet Microsoft partner program requirements
  • Maintain audit documentation
  • Enforce contractual obligations

Marketing (Consent-Based Where Required)

  • Email communications
  • Event invitations
  • Website retargeting (cookie-based consent)

6. Legal Basis for Processing (GDPR)

For EU/UK individuals:

PurposeLegal Basis
Service deliveryContractual necessity
Account managementContractual necessity
Platform analyticsLegitimate interest
Marketing emailsConsent
Cookie trackingConsent
Legal complianceLegal obligation
Security/fraud preventionLegitimate interest

You may withdraw consent at any time.

7. AI-Specific Data Practices

Adoptify maintains strict AI governance standards:

  • No Model Training: Client data is never used to train foundation or proprietary AI models.
  • Enterprise AI Agreements: Where AI infrastructure providers process data (e.g., Microsoft Azure OpenAI), such processing occurs under enterprise agreements and is not used for model training.
  • Human Oversight: AI-generated outputs are reviewed by specialists.
  • Explainability: Methodologies can be explained upon request.
  • Stack Neutrality: Data is not shared with AI vendors beyond contracted service delivery requirements.
  • Opt-Out: Clients may request human-only processing for specific engagements.

We align with global responsible AI principles including transparency, fairness, accountability, and security.

8. Regulated Industry Data

Healthcare (HIPAA)

  • No PHI collected unless a Business Associate Agreement (BAA) is executed.
  • HIPAA-eligible Azure infrastructure used when required.

Financial Services

  • Data handled consistent with applicable regulations (SOX, GLBA, FINRA where relevant).

Government/Public Sector

  • Data residency and sovereignty options available under contract.

9. Data Sharing & Sub-Processors

We do not sell personal data.

We may share data with:

Infrastructure Providers

  • Microsoft Azure (cloud hosting and infrastructure)

CRM & Communication Platforms

  • HubSpot (or equivalent CRM)
  • Email delivery providers

Analytics

  • Google Analytics (aggregated usage data)

Webinar & Event Platforms

All sub-processors are bound by Data Processing Agreements and security obligations.
A current sub-processor list is available upon request.
Clients are notified of material changes where contractually required.

10. International Data Transfers

Data may be processed in:

  • United States
  • European Union / United Kingdom
  • India
  • APAC / Middle East

Safeguards include:

  • Standard Contractual Clauses (SCCs)
  • EU-US Data Privacy Framework participation (where applicable)
  • Contractual DPDP compliance (India)
  • Sub-processor agreements

11. Data Retention

Data TypeRetention
Website analytics12 months
Form submissions24 months
Active client dataContract duration + 36 months
Marketing contactsUntil opt-out or 36 months
Legal/compliance records7 years
Anonymized analyticsIndefinitely

Deletion requests are processed within 30 days unless legal retention applies.

12. Your Privacy Rights

GDPR (EU/UK)

  • Access
  • Rectification
  • Erasure
  • Portability
  • Objection
  • Restriction
  • Withdraw consent

CCPA/CPRA (California)

  • Right to know
  • Right to delete
  • Right to opt-out of sale/share (we do not sell or share data)
  • Non-discrimination

India (DPDP Act 2023)

  • Access
  • Correction/erasure
  • Grievance redressal

Requests: privacy@adoptify.ai
Response timeframe: within 30 days.

13. Cookies & Tracking

We use:

  • Essential cookies (site function/security)
  • Analytics cookies (consent required in EU/UK)
  • Marketing cookies (consent required)
  • Preference cookies

Cookie preferences can be managed via website settings.

14. Data Security

We implement:

  • AES-256 encryption at rest
  • TLS 1.2+ encryption in transit
  • Role-based access control (RBAC)
  • Multi-factor authentication
  • Microsoft Azure infrastructure (ISO 27001, SOC 2 compliant)
  • Regular security assessments
  • Vendor security reviews
  • Documented internal security policies and periodic risk assessments

In the event of a data breach, we will notify affected clients and regulatory authorities as required by applicable law.

15. Automated Decision-Making

Adoptify does not use automated decision-making that produces legal or similarly significant effects without human oversight.

16. Children’s Privacy

Our services are intended for enterprise use.
We do not knowingly collect data from individuals under 13 (or 16 where applicable under local law).

17. Policy Updates

We review this policy annually or when:

  • Laws change
  • New services are introduced
  • Material data processing changes occur

Material changes will be communicated via email or website notice.

18. Contact & Regulatory Authorities

Privacy Inquiries:
privacy@adoptify.ai

EU/UK individuals may lodge complaints with their local data protection authority.