1. Scope

Adlapt is a business application that brings together CRM, product lifecycle, product data, and applicant-tracking workflows. It is currently used internally by ADAPT and the individuals ADAPT authorizes to access it (each, an “Authorized User”). ADAPT acts as the controller of the personal information processed inside Adlapt. If Adlapt is later made available to external customers, this Privacy Policy will be updated to describe the controller / processor relationship that applies in that scenario.

2. Information We Collect

2.1 Information you provide to us

• Account information: name, work email address, role, and password (stored hashed).
• Records you enter into Adlapt: business records such as company contacts, deals, products, parts, documents, job postings, candidate records, invoices, and related information that you or other Authorized Users add to the application.
• Communications: messages, support requests, and any other information you send to us about Adlapt.

2.2 Information collected automatically

• Usage and log data: IP address, browser type, device identifiers, pages accessed, timestamps, and similar telemetry needed to operate and secure the Service.
• Authentication tokens: session cookies and access tokens used to keep you signed in.

2.3 Information from third-party integrations

When an Authorized User connects a third-party system (such as QuickBooks Online), Adlapt receives information that the connected system shares with Adlapt under the authorization granted, such as company profiles, invoices, items, and related records. Adlapt does not request or store passwords for connected systems; it uses OAuth or equivalent secure mechanisms.

3. How We Use Information

We use the information described above to:

• provide, operate, secure, and support the Service for ADAPT and its Authorized Users;
• authenticate users and prevent fraud, abuse, and unauthorized access;
• process integrations with third-party systems an Authorized User connects (for example, pushing an invoice from Adlapt to QuickBooks at an admin’s direction);
• communicate with Authorized Users about the Service, including service notices and security alerts;
• respond to support requests and feedback;
• monitor performance, debug issues, and improve the Service; and
• comply with legal obligations and enforce our agreements.

ADAPT does not sell personal information and does not use information stored in Adlapt to train artificial-intelligence models for third parties.

4. Legal Bases for Processing (EEA / UK)

If you are located in the European Economic Area, the United Kingdom, or Switzerland, we rely on the following legal bases under the GDPR / UK GDPR:

• Legitimate interests — to operate, secure, and improve the Service, balanced against your rights;
• Performance of a contract — to provide the Service to Authorized Users;
• Legal obligation — to comply with applicable law; and
• Consent — where we ask for it and you provide it.

5. How We Share Information

We share information only as described below.

6. Third-Party Integrations (including QuickBooks)

Adlapt connects to QuickBooks Online (a service of Intuit Inc.) via OAuth so that Authorized Users can sync companies and invoices between the two systems. When an Authorized User connects a QuickBooks company:

• Adlapt receives a refresh token and access token from Intuit, which are stored encrypted at rest;
• Adlapt reads and writes only the QuickBooks records needed to support the features enabled (for example, invoices and customer records);
• Adlapt never receives the user’s QuickBooks password; and
• an admin can disconnect the integration at any time from the Adlapt admin settings, which revokes Adlapt’s access.

Information exchanged with Intuit through the integration is also governed by the Intuit Global Privacy Statement.

7. Cookies and Similar Technologies

Adlapt uses a small number of cookies and similar technologies that are strictly necessary to authenticate users, maintain sessions, and remember preferences. Adlapt does not currently use third-party analytics or advertising cookies. If that changes, this Privacy Policy will be updated and, where required by law, consent will be requested.

8. Data Retention

We retain information in Adlapt for as long as it is needed to operate the Service and meet our legal and business obligations. Background-job records associated with the recruiting (ATS) module are retained for thirty (30) days. Account and security logs are retained for as long as reasonably necessary for security and audit purposes. When data is no longer needed, we delete or de-identify it in accordance with our internal retention schedule.

9. Security

We use administrative, technical, and physical safeguards designed to protect information against unauthorized access, disclosure, alteration, and destruction. These include encryption in transit (TLS) and at rest for sensitive fields, role-based access controls, audit logging, vulnerability management, and least-privilege production access. We design our controls to align with the Cybersecurity Maturity Model Certification (CMMC) framework. No security program is perfect, however, and you are responsible for keeping your account credentials secure.

10. International Data Transfers

ADAPT is based in the United States, and our subprocessors may process information in the United States and other countries. Where required, we rely on appropriate safeguards (such as the European Commission’s Standard Contractual Clauses) for international transfers of personal information.

11. Your Privacy Rights

Depending on where you live, you may have the right to access, correct, delete, port, or restrict our processing of your personal information, to object to processing, and to withdraw consent. To exercise these rights, contact us using the information in Section 15. We will verify your request as required by law and respond within the timeframe required by applicable law. You have the right to lodge a complaint with a supervisory authority in your country of residence.

12. California Privacy Notice

If you are a California resident, the California Consumer Privacy Act (as amended by the CPRA) provides you with the rights described in Section 11, as well as the right not to receive discriminatory treatment for exercising those rights. ADAPT does not “sell” or “share” personal information for cross-context behavioral advertising as those terms are defined under California law. The categories of personal information we collect, the purposes for collection, and the categories of recipients are described in Sections 2, 3, and 5.

13. Children’s Privacy

The Service is not directed to, and we do not knowingly collect personal information from, children under 16. If you believe a child has provided us with personal information, please contact us and we will delete it.

14. Changes to this Policy

We may update this Privacy Policy from time to time. If we make a material change, we will provide reasonable notice (for example, by email or by posting a notice within the Service) before the change takes effect. The “Effective” date at the top of this Policy reflects the latest revision.

15. Contact

ADAPT Technology LLC
Auburn Hills, Michigan, United States
Privacy email: privacy@adapttechnology.com (or steve@adapttechnology.com)