Adze All legal

Legal

Privacy Policy

Effective June 2, 2026

Adze is a software product operated by AltaCoda LLC (“AltaCoda,” “we,” “us,” or “our”). This Privacy Policy describes how AltaCoda collects, uses, discloses, and protects information in connection with the Adze platform and related services (collectively, the “Service”). Adze is an AI-powered marketing platform for small SaaS teams: it learns your business, monitors the public communities your customers participate in, and drafts content and replies for your review.

By accessing or using the Service, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use the Service.

1. Who We Are

AltaCoda LLC is the data controller for personal data collected in the course of operating the platform (such as your account information and how you use the Service). Where you use the Service to process information on behalf of your organization — including the business knowledge, content, and connected-account data you submit — we act as a data processor on your behalf. That relationship is governed by our Data Processing Addendum (DPA), available at adze.cloud/dpa.

Contact: AltaCoda LLC 1111 Broadway Oakland, CA 94607 Email: hello@altacoda.io

2. What the Service Does

Understanding how Adze works is essential to understanding what data we handle.

Adze learns your business. During onboarding and on an ongoing basis, the Service crawls your public website and processes the business information you provide to build a structured understanding of your product, positioning, tone, and customers (the “Business Understanding Engine”).

Adze monitors public communities. To surface marketing opportunities, the Service collects and analyzes publicly available posts and discussions from third-party platforms (such as Reddit, Hacker News, X/Twitter, and Stack Overflow) and search-engine and SEO data, using third-party data providers.

Adze generates content with AI. The Service uses large language models provided by our AI subprocessors to draft blog posts, replies, and other content based on your business knowledge. Community and social drafts are presented for your review before anything is published (“human-in-the-loop”); certain content (such as blog posts) may be published automatically where you configure the Service to do so.

Adze is chat-centric. You interact with the Service largely through a persistent conversation with an AI assistant. Chat messages are stored encrypted at rest.

3. Information We Collect

3.1 Information You Provide

  • Account information: Name, email address, and password when you register for an Account.
  • Organization information: Organization name, website, and details you provide during setup.
  • Business knowledge: The narrative descriptions, product details, competitor lists, tone preferences, examples, rules, and other information you submit or confirm to teach Adze about your business.
  • Chat content: Messages, instructions, and attachments you send to the in-product AI assistant.
  • Billing information: Payment method details (card number, billing address) are collected and processed by our payment processor, Stripe. We do not store full payment card numbers on our servers. We receive and store only a limited token, card brand, last four digits, and expiration date for display and billing management purposes.
  • Connected-account credentials: OAuth tokens or API keys you provide to connect third-party services (such as Google Search Console, Google Analytics, Google Drive, blog platforms, X/Twitter, and Slack). These are stored encrypted and used solely to operate the features you enable.
  • Support communications: Information you provide when contacting us for support, including email address, message content, and any attachments.

3.2 Information Collected Through Use of the Service

  • Generated content and feedback: Drafts the Service produces on your behalf, and the signals we derive from your interactions with them (accept, reject, edit, and the nature of your edits) to improve future output for your organization.
  • Connected-account data: Where you connect a third-party service, the Service reads data within the scope of the permissions you grant — for example, search and analytics metrics, or content you publish through the Service.
  • Usage data: Information about how you interact with the Service, including pages viewed, features used, actions taken, timestamps, session duration, and credit consumption.
  • Device and connection information: IP address, browser type and version, operating system, device identifiers, and referring URLs.

3.3 Information We Collect from Public and Third-Party Sources

  • Your website: Publicly accessible pages of the website(s) you provide, crawled to build and refresh your business profile.
  • Public community and social content: Publicly available posts, comments, and related metadata from third-party platforms (such as Reddit, Hacker News, X/Twitter, and Stack Overflow), and search-engine results and keyword/SEO data, obtained through third-party data providers. This content may include personal data that individuals have chosen to make public on those platforms.
  • Connected third-party services: Data from services you authorize, such as Google (authentication, Search Console, Analytics, Drive), blog platforms, and others.
  • Stripe: Transaction status, payment confirmation, and limited billing details.
  • Analytics and monitoring providers: We use third-party services (currently Mixpanel for product analytics and Sentry for error monitoring) to understand and maintain the Service. These providers may collect usage, device, and diagnostic data as described in their respective privacy policies.

4. How We Use Your Information

We use the information we collect for the following purposes:

  • Providing the Service: Operating, maintaining, and delivering the features and functionality of Adze, including building your business profile, discovering opportunities, generating content, and delivering notifications.
  • AI processing: Sending relevant business knowledge, prompts, and content to our AI subprocessors to generate and analyze content on your behalf. See Section 5.1.
  • Account management: Creating and managing your Account, authenticating your identity, and managing Authorized User access and roles.
  • Billing: Processing payments, managing subscriptions and credits, issuing invoices, and communicating about billing matters.
  • Communications: Sending you service-related notices (such as account verification, security alerts, maintenance notifications, digests, and changes to our terms or policies). These are transactional communications, not marketing.
  • Product improvement: Analyzing usage patterns and trends to improve, develop, and optimize the Service. This analysis uses aggregated or de-identified data wherever possible.
  • Learning loop: Using your feedback on generated content to improve the relevance and quality of future output for your organization. We do not use your business knowledge or content to train the underlying foundation models. See Section 5.1.
  • Security and fraud prevention: Detecting, investigating, and preventing unauthorized access, abuse, and other harmful activity.
  • Legal compliance: Complying with applicable laws, regulations, legal processes, or enforceable governmental requests.
  • Support: Responding to your inquiries, troubleshooting issues, and providing customer support.

5. How We Share Your Information

We do not sell your personal information. We share information only in the following circumstances:

5.1 AI Subprocessors and Model Training

To generate and analyze content, we transmit business knowledge, prompts, and related content to third-party large language model providers (currently Anthropic and OpenAI). These providers process the data solely to return a result to us and are contractually prohibited from using data submitted through their APIs to train their models. We do not use your business knowledge, chat content, or generated content to train foundation models. Our own learning features operate only within your organization’s own data.

5.2 Service Providers (Subprocessors)

We share information with third-party service providers (subprocessors) who process data on our behalf to provide the Service. A complete list of our current subprocessors, including their purposes and locations, is maintained at adze.cloud/subprocessors.

These providers are contractually obligated to use your information only as necessary to provide their services to us and in accordance with this Privacy Policy and applicable data protection laws.

5.3 Connected Third-Party Services

When you connect a third-party service, data flows between Adze and that service as necessary to operate the feature you enabled, using the permissions you grant. We do not write to or modify connected services unless you explicitly configure the Service to do so. Your use of those services is governed by your agreement with the relevant provider.

5.4 Publishing

Where you instruct the Service to publish content — automatically or after your approval — that content is transmitted to the destination you have connected (for example, your blog platform or social account) and becomes subject to that platform’s terms and visibility.

5.5 Within Your Organization

Account administrators and Authorized Users within your organization may have access to shared organizational data, business knowledge, opportunities, drafts, analytics, and configurations, as determined by your Account settings and the role-based access controls you configure.

We may disclose your information if required to do so by law, regulation, legal process, or governmental request, or if we believe in good faith that disclosure is necessary to protect the rights, property, or safety of AltaCoda, our users, or the public.

5.7 Business Transfers

In connection with a merger, acquisition, reorganization, bankruptcy, or sale of assets, your information may be transferred as part of the transaction. We will notify you of any such change in ownership or control of your personal information.

We may share your information in other circumstances with your explicit consent.

6. Public Community Data

To find marketing opportunities for you, the Service processes content that individuals have published on public third-party platforms. We process this content to assess its relevance to your business, to surface engagement opportunities, and to help you draft replies. We rely on our legitimate interests (and yours) in operating a marketing-intelligence service for this processing, and we limit it to publicly available content. Raw collected posts are retained only as long as needed for this purpose and are deleted or archived on a rolling basis (see Section 7). If you are an individual whose public posts have been processed and you wish to make a request regarding that data, contact us at hello@altacoda.io.

7. Data Retention

  • Account and business-knowledge data: Retained for as long as your Account is active. Upon account closure, your data enters a 30-day soft-delete grace period and is then permanently deleted, subject to any legal retention obligations.
  • Chat content: Retained (encrypted) for the life of the Account, unless you delete the relevant sessions earlier.
  • Raw collected community/website content: Retained on a short rolling basis (approximately 30 days) before deletion or archival, as it is only needed transiently for analysis.
  • Usage and analytics time-series: Retained for up to twelve (12) months, then automatically expired.
  • Billing records: Retained for as long as necessary to comply with tax, accounting, and legal obligations (typically up to 7 years).
  • Support communications: Retained for as long as necessary to resolve your inquiry and for a reasonable period thereafter.

8. Data Security

We implement commercially reasonable technical and organizational measures to protect your information, including:

  • Encryption of data in transit (TLS) and at rest.
  • Field-level encryption (AES-256-GCM) of sensitive data, including chat content, connected-account credentials, multi-factor authentication secrets, and stored IP/user-agent values.
  • Passwords stored only as salted bcrypt hashes; never in plaintext.
  • Role-based access controls and authentication (including optional multi-factor authentication) for Authorized Users.
  • Internal least-privilege access controls, audit logging, and monitoring.
  • Regular security reviews and patching.

No method of transmission over the Internet or electronic storage is completely secure. While we strive to protect your information, we cannot guarantee absolute security.

9. Your Rights and Choices

9.1 Account Information

You may access, update, or correct your account and business-knowledge information at any time through the Service or by contacting us at hello@altacoda.io.

9.2 Account Deletion

You may request deletion of your Account and associated data by using the account closure feature in the Service or by contacting us at hello@altacoda.io. Deletion is subject to the 30-day grace period and retention obligations described in Section 7.

9.3 Communications Preferences

You may manage your notification preferences through the Service. Note that you cannot opt out of transactional communications necessary for the operation of your Account (such as security alerts and billing notices).

9.4 Cookies and Tracking

The Service uses cookies and similar technologies for session management, authentication, and analytics. You can manage cookie preferences through your browser settings. Disabling certain cookies may affect the functionality of the Service.

10. Rights for EEA, UK, and Swiss Individuals

If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, you have additional rights under applicable data protection laws, including the General Data Protection Regulation (GDPR) and the UK GDPR.

We process your personal data on the following legal bases:

  • Contract performance: Processing necessary to provide the Service and fulfill our contractual obligations to you (Article 6(1)(b) GDPR).
  • Legitimate interests: Processing necessary for our legitimate interests, such as improving the Service, monitoring public community content to provide marketing intelligence, ensuring security, and preventing fraud, where those interests are not overridden by your rights (Article 6(1)(f) GDPR).
  • Legal obligation: Processing necessary to comply with applicable laws (Article 6(1)(c) GDPR).
  • Consent: Where you have given explicit consent for a specific purpose, such as optional marketing communications (Article 6(1)(a) GDPR). You may withdraw consent at any time.

10.2 Your GDPR Rights

You have the right to:

  • Access your personal data and obtain a copy.
  • Rectify inaccurate or incomplete personal data.
  • Erase your personal data (subject to legal retention requirements).
  • Restrict processing of your personal data in certain circumstances.
  • Data portability — receive your personal data in a structured, commonly used, machine-readable format.
  • Object to processing based on legitimate interests.
  • Withdraw consent at any time where processing is based on consent.
  • Lodge a complaint with your local data protection authority.

To exercise these rights, contact us at hello@altacoda.io. We will respond within 30 days (or such shorter period as required by applicable law).

10.3 International Transfers

Your personal data may be transferred to and processed in the United States. When we transfer personal data out of the EEA, UK, or Switzerland, we rely on appropriate safeguards as described in our DPA, which may include Standard Contractual Clauses approved by the European Commission.

11. Rights for California Residents

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA).

11.1 Categories of Personal Information

In the preceding 12 months, we may have collected the following categories of personal information: identifiers (name, email, IP address), commercial information (billing records, subscription and credit history), internet or electronic network activity (usage data, device information), and professional information (organization name, role).

11.2 Your CCPA/CPRA Rights

You have the right to:

  • Know what personal information we collect, use, and disclose.
  • Delete your personal information (subject to exceptions).
  • Correct inaccurate personal information.
  • Opt out of the sale or sharing of personal information. We do not sell or share your personal information as defined by the CCPA/CPRA.
  • Non-discrimination for exercising your rights.

To exercise these rights, contact us at hello@altacoda.io. We will verify your identity before processing your request.

11.3 Authorized Agents

You may designate an authorized agent to make requests on your behalf. We may require you to verify your identity directly and confirm the agent’s authority.

12. Children’s Privacy

The Service is not directed to individuals under the age of 16, and we do not knowingly collect personal information from children. If we learn that we have collected personal information from a child under 16, we will take steps to delete that information promptly. If you believe a child has provided us with personal information, please contact us at hello@altacoda.io.

The Service may contain links to, and integrations with, third-party websites or services (such as community platforms, blog platforms, Google, or Stripe). This Privacy Policy does not apply to those third-party services. We encourage you to review the privacy policies of any third-party services you access or connect.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or through the Service at least thirty (30) days before the changes take effect. The “Effective Date” at the top of this page indicates when the policy was last revised. Your continued use of the Service after the effective date of any changes constitutes your acceptance of the revised Privacy Policy.

15. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

AltaCoda LLC 1111 Broadway Oakland, CA 94607 Email: hello@altacoda.io

For GDPR-related inquiries, you may also contact us at the address above. If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority.

Last updated: June 2, 2026