Last Reviewed: March 3, 2026

This Privacy Policy describes how Adaly, Inc. (“Adaly,” “we,” “us,” or “our”) collects, uses, retains, discloses, and disposes of personal information through our federated data orchestration platform and related services. This policy is designed to satisfy the Privacy Trust Services Criteria established by the American Institute of Certified Public Accountants (AICPA) within the SOC 2 framework, as well as applicable privacy laws including the California Consumer Privacy Act (CCPA), the General Data Protection Regulation (GDPR), and other relevant data protection regulations.

 

 

 

1. Notice

Adaly is committed to transparency about our data practices. This Privacy Policy serves as our formal privacy notice and describes the types of personal information we collect, the purposes for which we collect and use it, the parties with whom we may share it, and the choices available to you regarding your personal information.

We provide this notice at or before the point of personal information collection. If we make material changes to this policy, we will notify affected individuals through email, in-product notifications, or a prominent notice on our website prior to the changes taking effect. We will also update the “Last Reviewed” date at the top of this policy.

 

 

1.1 Scope of This Policy

This policy applies to all personal information processed by Adaly in connection with our platform, website (adaly.io), marketing activities, customer support operations, and business relationships. It covers personal information collected from:

• • Users of the Adaly platform and related services

• • Visitors to our website

• • Prospective and current customers and partners

• • Job applicants and employees

• • Any individual whose personal information passes through or is accessible via the Adaly platform

 

 

1.2 Definitions

• • Personal Information: Any information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked to a particular individual or household.

• • Processing: Any operation performed on personal information, including collection, recording, organization, storage, adaptation, retrieval, consultation, use, disclosure, combination, restriction, erasure, or destruction.

• • Data Subject: An identified or identifiable individual to whom personal information relates.

• • Data Controller: The entity that determines the purposes and means of processing personal information.

• • Data Processor: The entity that processes personal information on behalf of a Data Controller.

 

 

2. Choice and Consent

Adaly respects your right to make informed decisions about your personal information. We describe the choices available to you and obtain appropriate consent before or at the time of collection.

 

 

 

2.1 Types of Consent

• • Explicit Consent: For sensitive personal information or uses beyond the original purpose of collection, we obtain your affirmative, informed consent through clear opt-in mechanisms.

• • Implied Consent: For personal information collected in the normal course of providing our services (such as account creation and platform usage), your continued use of our services after receiving this notice constitutes implied consent.

 

 

2.2 Withdrawal of Consent

You may withdraw your consent at any time by contacting us at privacy@adaly.io. Withdrawal of consent will not affect the lawfulness of processing performed prior to the withdrawal. If withdrawal of consent prevents us from delivering our services, we will inform you of the consequences before processing your request.

 

 

2.3 Opt-Out Rights

You may opt out of:

• • Marketing communications by using the unsubscribe link in emails or contacting us directly

• • Non-essential cookies and tracking technologies through our cookie preference settings

• • The sale or sharing of your personal information (as defined under the CCPA) by submitting a request to privacy@adaly.io

 

 

3. Collection

Adaly collects personal information only for the purposes identified in this notice and only to the extent necessary to fulfill those purposes. We collect information from lawful and reliable sources, and we make reasonable efforts to ensure the information is accurate and complete.

 

 

3.1 Categories of Personal Information Collected

• • Account and Identity Information: Name, email address, phone number, job title, company name, and account credentials.

• • Usage and Platform Data: Log data, device information, IP addresses, browser type, pages viewed, features used, and interaction data related to the Adaly platform.

• • Transaction and Billing Information: Payment details (processed through third-party payment processors), billing addresses, purchase history, and invoicing records.

• • Communications Data: Records of communications with our support team, feedback, survey responses, and correspondence.

• • Technical and Connector Data: Configuration data, API credentials (encrypted), connector settings, and metadata associated with data orchestration activities. Note: Adaly’s federated architecture means we facilitate real-time access to customer data sources without copying or storing the underlying business data in a centralized warehouse.

• • Employment-Related Information: Resumes, application materials, references, and background check results for job applicants and employees.

 

 

3.2 Methods of Collection

• • Directly from you when you create an account, contact us, or use our services

• • Automatically through cookies, log files, and similar technologies when you interact with our website or platform

• • From third parties such as business partners, referral sources, and publicly available databases

3.3 Data Minimization

We limit our collection of personal information to what is reasonably necessary for the identified purposes. We periodically review our data collection practices to confirm that we are not collecting information beyond what is needed.

4. Use, Retention, and Disposal

4.1 Purposes of Use

We use personal information exclusively for the purposes identified at the time of collection, or for purposes compatible with those original purposes. Specifically, Adaly uses personal information to:

• • Provide, maintain, and improve the Adaly platform and services

• • Process transactions and send related information such as confirmations and invoices

• • Respond to customer inquiries, requests, and support needs

• • Send administrative and service-related communications

• • Send marketing and promotional communications (with your consent or where permitted by law)

• • Monitor and analyze usage trends to improve user experience

• • Detect, investigate, and prevent fraudulent or unauthorized activity

• • Comply with legal obligations and enforce our terms of service

• • Conduct internal research, analytics, and product development

4.2 Retention

Adaly retains personal information only for as long as necessary to fulfill the purposes for which it was collected, to comply with legal obligations, to resolve disputes, and to enforce our agreements. Our standard retention periods are:

• • Active Account Data: Retained for the duration of the customer relationship plus 12 months following account closure.

• • Transaction and Billing Records: Retained for 7 years following the transaction date, in compliance with tax and financial reporting requirements.

• • Usage Logs and Analytics: Retained in identifiable form for up to 24 months, after which data is aggregated or anonymized.

• • Marketing Consent Records: Retained for the duration of the consent plus 3 years.

• • Employment Records: Retained in accordance with applicable labor laws and internal HR policies.

• • Support Communications: Retained for 3 years following resolution.

4.3 Disposal

When personal information is no longer needed for the purposes identified above and no legal obligation requires its retention, we dispose of it securely using methods appropriate to the sensitivity of the information. Disposal methods include:

• • Secure deletion of electronic records using industry-standard data sanitization techniques

• • Physical destruction (shredding or incineration) of paper records

• • Anonymization or de-identification where complete destruction is not practical

We maintain documented disposal procedures and verify that disposal has been completed in accordance with our policies.

5. Access

Adaly provides individuals with reasonable access to the personal information we hold about them, as well as the ability to review, correct, and update that information.

5.1 Your Access Rights

Subject to applicable law, you have the right to:

• • Request confirmation of whether we process your personal information

• • Obtain a copy of your personal information in a commonly used, machine-readable format

• • Request correction or update of inaccurate or incomplete personal information

• • Request deletion of your personal information, subject to legal exceptions

• • Request restriction of processing under certain circumstances

• • Request portability of your personal information to another service provider

• • Object to processing of your personal information for certain purposes, including direct marketing

5.2 Submitting Requests

To exercise any of the rights described above, please submit a request to privacy@adaly.io or through the privacy request form on our website. We will verify your identity before processing your request and respond within 30 days (or within the timeframe required by applicable law). If we need additional time, we will inform you of the reason and the expected response date.

5.3 Exceptions

We may deny or limit access requests where permitted or required by law, including where the request is unreasonable or repetitive, where providing access would compromise the privacy of others, or where the information is subject to legal privilege or an ongoing investigation.

6. Disclosure to Third Parties

Adaly discloses personal information to third parties only for the purposes identified in this notice and only with appropriate safeguards. We do not sell your personal information.

6.1 Categories of Recipients

• • Service Providers: We engage trusted third-party service providers to perform functions on our behalf, such as cloud hosting, payment processing, analytics, customer support, and email delivery. These providers are bound by contractual obligations to protect personal information and to use it only for the purposes specified by Adaly.

• • Business Partners: With your consent or as necessary to provide our services, we may share information with integration partners and technology providers whose products or services work alongside the Adaly platform.

• • Legal and Regulatory Authorities: We may disclose personal information when required by law, regulation, legal process, or government request, or when disclosure is necessary to protect the rights, property, or safety of Adaly, our customers, or the public.

• • Corporate Transactions: In the event of a merger, acquisition, reorganization, or sale of assets, personal information may be transferred as part of the transaction. We will provide notice of any such transfer and any changes to this privacy policy.

6.2 Data Transfer Agreements

Where personal information is transferred to third parties, including across international borders, we ensure that appropriate data transfer agreements are in place. These agreements require recipients to handle personal information consistently with this privacy policy and applicable law, and to maintain adequate security safeguards.

6.3 International Transfers

Adaly operates in the United States. If you are located outside the United States, please be aware that your personal information may be transferred to and processed in the United States. We implement appropriate safeguards for international data transfers, including Standard Contractual Clauses approved by the European Commission where required.

7. Security for Privacy

Adaly implements and maintains robust technical and organizational security measures designed to protect personal information against unauthorized access, destruction, use, modification, or disclosure. Our security program is aligned with SOC 2 Trust Services Criteria and includes the following controls:

7.1 Technical Safeguards

• • Encryption of personal information in transit (TLS 1.2 or higher) and at rest (AES-256)

• • Multi-factor authentication for platform access

• • Role-based access controls limiting access to personal information on a need-to-know basis

• • Continuous monitoring and logging of access to systems containing personal information

• • Regular vulnerability assessments and penetration testing

• • Intrusion detection and prevention systems

• • Automated security alerting and incident response workflows

7.2 Organizational Safeguards

• • Documented information security policies and procedures

• • Mandatory security awareness training for all employees and contractors

• • Background checks for personnel with access to personal information

• • Non-disclosure agreements with all employees and contractors

• • Incident response plan with defined roles, responsibilities, and escalation procedures

• • Periodic internal and external security assessments

7.3 Federated Architecture Advantage

A core aspect of Adaly’s platform design provides an inherent privacy advantage: our federated data orchestration architecture connects directly to customer data sources in real time without copying or warehousing underlying data. This approach minimizes the volume of personal information that Adaly stores, reducing risk exposure and aligning with data minimization principles.

8. Quality

Adaly takes reasonable steps to ensure that the personal information we maintain is accurate, complete, and relevant for the purposes for which it is used.

• • We collect personal information from reliable and lawful sources

• • We provide mechanisms for individuals to review and correct their personal information

• • We periodically review personal information for accuracy and relevance

• • We encourage users to promptly update their account information when changes occur

If we become aware that personal information under our control is inaccurate or outdated, we will take reasonable steps to correct or delete it.

9. Monitoring and Enforcement

9.1 Compliance Monitoring

Adaly monitors compliance with this privacy policy and our internal privacy procedures through:

• • Regular internal audits of data processing activities

• • Periodic reviews and updates to this privacy policy

• • Ongoing assessment of third-party service provider compliance

• • Employee training and awareness programs

• • Annual SOC 2 examinations conducted by an independent third-party auditor

9.2 Inquiries, Complaints, and Disputes

If you have questions, concerns, or complaints regarding our privacy practices or this policy, please contact us at:

Adaly, Inc. Attn: Privacy Officer Email: privacy@adaly.io

We will acknowledge receipt of your inquiry within 5 business days and will investigate and respond within 30 days. If you are not satisfied with our response, you may escalate your complaint to the relevant data protection authority in your jurisdiction.

9.3 Breach Notification

In the event of a security breach involving personal information, Adaly will:

• • Promptly investigate the scope and impact of the breach

• • Notify affected individuals without unreasonable delay, and in any case within the timeframes required by applicable law

• • Notify relevant regulatory authorities as required

• • Take appropriate remedial actions to mitigate harm and prevent recurrence

• • Document the breach and response actions for audit and compliance purposes

10. Cookies and Tracking Technologies

Our website and platform use cookies and similar tracking technologies to enhance your experience, analyze usage, and support our marketing efforts. The categories of technologies we use include:

• • Strictly Necessary Cookies: Required for the website and platform to function properly. These cannot be disabled.

• • Performance and Analytics Cookies: Help us understand how visitors interact with our website and platform so we can improve functionality and user experience.

• • Marketing Cookies: Used to deliver relevant advertising and measure the effectiveness of our marketing campaigns.

You can manage your cookie preferences through the cookie settings on our website. Note that disabling certain cookies may affect the functionality of our services.

11. Children’s Privacy

Adaly’s platform and services are designed for business use and are not directed at individuals under the age of 16 (or the applicable age of consent in your jurisdiction). We do not knowingly collect personal information from children. If we learn that we have inadvertently collected personal information from a child, we will take steps to delete it promptly. If you believe a child has provided us with personal information, please contact us at privacy@adaly.io.

12. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), including:

• • The right to know what personal information we collect, use, disclose, and sell

• • The right to delete personal information we have collected from you

• • The right to opt out of the sale or sharing of your personal information

• • The right to correct inaccurate personal information

• • The right to limit the use of sensitive personal information

• • The right to non-discrimination for exercising your privacy rights

To exercise these rights, please contact us at privacy@adaly.io. We will verify your identity and process your request in accordance with applicable law.

13. European Data Subject Rights (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have rights under the General Data Protection Regulation (GDPR) and related legislation, including the rights to access, rectification, erasure, restriction of processing, data portability, and objection. You also have the right to lodge a complaint with your local data protection authority.

Where we rely on consent as the legal basis for processing, you have the right to withdraw consent at any time. Where we rely on legitimate interests, you have the right to object, and we will cease processing unless we demonstrate compelling legitimate grounds that override your interests.

14. Changes to This Policy

Adaly reserves the right to update or modify this Privacy Policy at any time. When we make material changes, we will notify you by updating the effective date, posting a notice on our website, or sending direct communication to affected individuals. We encourage you to review this policy periodically.

Material changes will not be applied retroactively to personal information collected under a prior version of this policy without your consent.

15. Contact Information

For questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact:

Adaly, Inc. Attn: Privacy Officer Email: contact@adaly.ai Website: https://www.adaly.ai

For SOC 2 audit-related inquiries, please contact contact@adaly.ai.