Privacy Policy

1. Who we are

Adaptive Exchange is a private community platform operated by the Adaptive Foundation (“we”, “us”). We are the data controller for the personal information described in this policy. Contact: privacy@adaptivefoundation.org.

2. What we collect

We collect only what is necessary to operate a member-only community:

• Account identifiers — your name, work email, profile photo, and (when you sign in with Google) your Google account ID. We never see or store your Google password.
• Profile content — the company, role, universities, “how I can help” and “what I’m looking for” fields you choose to share with the community.
• Activity — posts, reactions, comments, deal-room messages, and intro responses. Deal-room messages are visible to other room participants and to platform administrators (see §5).
• Calendar metadata — when you connect Google Calendar, we request only thecalendar.app.created scope and read free/busy windows for the calendars you authorize. We never read or write events outside calendars Adaptive Exchange itself creates.
• Operational logs — IP address, user agent, and event timestamps for security, abuse prevention, and debugging. Retained 90 days unless required for an open investigation.

3. Why we use it

• To match members with relevant introductions.
• To deliver notifications you have opted into.
• To show you content from communities you belong to.
• To keep the platform safe — detecting abuse, spam, and policy violations.
• To comply with legal obligations (e.g., tax records for donation receipts, lawful subpoenas).

We do not sell personal information. We do not use your activity for behavioral advertising. We do not share your data with third-party advertisers.

4. Who can see what

• Other members — see your profile, your posts, your reactions, and any deal rooms or communities you share with them.
• Invitees — see only the single deal room they were invited to, and the participants of that room.
• Non-members — see public-tier content but cannot post in the marketplace.
• Administrators — can read deal-room messages, moderate posts, and review match outcomes. This is how we enforce community trust and how the introduction model works. Messages are encrypted at rest but not end-to-end.

5. Sub-processors we use

We self-host most infrastructure on a single VPS in the European Union. The following third parties process limited data on our behalf:

• Google LLC — OAuth authentication and Calendar free/busy lookup, only for members who connect Google.
• Cloudflare, Inc. — edge proxy, DDoS protection, and WAF. Cloudflare sees IP addresses and request metadata.
• Groq, Inc. and OpenAI, OpCo LLC — language-model inference for match reasoning. We send a redacted member summary; we do not send raw deal-room messages, contact details, or calendar data. Both providers are contractually bound not to train on our traffic.
• Google Workspace SMTP — transactional email delivery for magic links and notifications.

6. Data retention

• Profile and content data is kept for as long as your account is active.
• When you delete your account, profile fields are erased within 30 days. Deal-room messages you posted are retained for the other participants’ record but attributed to “Former member”.
• Operational logs: 90 days.
• Tax records (where applicable): 7 years, per US/EU law.

7. Your rights

Depending on where you live, you have rights to access, correct, export, delete, or restrict the use of your personal data. Email privacy@adaptivefoundation.org and we will respond within 30 days. If you are in the EU/UK, you also have the right to lodge a complaint with your local data protection authority.

8. Security

All connections to the platform use TLS 1.3. Database backups are encrypted at rest. We follow the principle of least privilege for staff access; only the on-call administrator can read raw messages, and every such read is logged.

9. Children

Adaptive Exchange is not directed at people under 18. We do not knowingly collect personal data from children.

10. Changes

We will email registered members at least 14 days before any material change to this policy takes effect. The current version and a changelog are always available at this URL.