Privacy Policy

1. Who We Are

AdaptiveImport LLC is a U.S. company based in Arizona providing software-as-a-service for document intake, AI-powered extraction, validation, and export of customs entry data to downstream systems.

2. Scope

This Policy applies to information we process about visitors, account holders, and end users whose data is uploaded to or generated by the Service. Your organization’s own privacy and data retention obligations may also apply.

3. Information We Collect

• Account and Contact Data: name, email address, organization, role, billing contacts, support communications.
• Authentication Data: login identifiers, multi-factor signals, session tokens, audit trails.
• Customer Documents and Content: files and data you upload or connect, including invoices, packing lists, POAs/LOIs, pre-alerts, and other brokerage materials; extracted structured fields; validation status; export artifacts (e.g., XML/JSON).
• Payment and Billing Data: plan, invoices, status, last 4 of card, and related metadata processed by our payments provider.
• Technical and Usage Data: device identifiers, IP address, timestamps, pages and features used, error and performance logs, and configuration settings.
• Derivative Data: AI prompts and outputs, extraction confidence scores, model selection, rule-engine decisions, and system-generated metadata.

4. Notice at Collection (California)

We collect the categories of personal information described in this Policy for the purposes listed in “How We Use Information.” We do not sell or share personal information for cross-context behavioral advertising. California residents can exercise their rights by emailing privacy@AdaptiveImport.com.

5. Roles: Controller/Processor; Service Provider

For customers subject to GDPR or similar laws, your organization is the Controller of Customer Data and AdaptiveImport is the Processor, acting on your documented instructions. For CCPA/CPRA, AdaptiveImport acts as a Service Provider and processes personal information solely to provide and support the Service.

6. How We Use Information

• Provide, maintain, secure, and improve the Service.
• Process documents via AI and rule engines to extract and validate data you request.
• Generate exports (e.g., CargoWise-compatible XML/JSON) and deliver to destinations you configure.
• Authenticate users, enforce access controls, and maintain audit logs.
• Provide support, notifications about changes, and service-related communications.
• Detect, investigate, and prevent security incidents, fraud, and abuse.
• Comply with legal obligations and enforce agreements.
• With your consent or as permitted by law, conduct analytics and product research using de-identified or aggregated data.

7. AI Processing

The Service uses third-party AI models via API to transform user-submitted content into structured data. We implement request-level safeguards including data minimization and role-based access. Prompts and outputs may be logged for troubleshooting and auditability.

• Model Providers: We currently integrate with OpenAI’s API for inference. Processing is governed by their terms and data processing addenda (DPAs).
• Training: We do not permit the use of customer content to train public foundation models. We may request your opt-in to anonymized, aggregated improvement of our internal templates and rules; this is off by default and can be changed in admin settings or by contacting us.
• Outputs: AI outputs may be inaccurate or incomplete; apply human review and compliance procedures before relying on outputs operationally.

8. Sensitive Personal Information

If Customer Documents contain sensitive identifiers (for example, government IDs appearing on trade documents), we use such information only as reasonably necessary to provide and secure the Service or comply with law. California residents may request to limit use of Sensitive Personal Information to these purposes.

9. Sub-Processors and DPAs

We rely on vetted service providers to operate the Service. Their processing is limited to the activities we instruct and is subject to contractual safeguards, including DPAs where applicable. Primary sub-processors include:

• OpenAI, L.L.C. (AI inference APIs)
• Google Cloud / Firebase (Auth, Firestore/Database, Storage, serverless functions, logs)
• Stripe, Inc. (payments, invoicing, billing)
• Vercel Inc. (hosting, edge/network delivery, serverless runtime)
• Email and support tooling necessary to communicate with you

We maintain a current list of sub-processors and will provide advance notice of material changes where required. You may request DPAs or subscribe to update notifications by contacting us.

10. Cookies and Similar Technologies

We use essential cookies for authentication and session continuity and may use analytics or performance technologies to understand feature usage. You can control cookies through browser settings; disabling certain cookies may limit functionality.

11. Data Retention

We retain personal data for as long as your account is active or as needed to provide the Service, comply with legal obligations, resolve disputes, and enforce agreements. Customer Documents are retained until you delete them or your account ends. System logs, security/audit records, and billing records may be retained for a reasonable period consistent with legal, tax, and security requirements.

12. Security and Incident Response

We use administrative, technical, and physical safeguards including encryption in transit, access controls, MFA for privileged users, role-based permissions, and audit logging. No method of transmission or storage is completely secure. In the event of a security incident affecting personal information, we will notify impacted customers without undue delay, consistent with applicable law and our contracts.

13. International Transfers

We primarily process data in the United States. Where international transfers occur through our sub-processors, we rely on appropriate safeguards such as standard contractual clauses and provider DPAs, subject to applicable law.

14. Your Privacy Choices and Rights

• Access, correct, or delete your personal information.
• Download export artifacts you generated in the Service.
• Opt out of marketing communications.
• Opt in or out of anonymized product analytics where offered.

Residents of certain jurisdictions (e.g., California and the European Economic Area) may have additional rights regarding access, portability, correction, deletion, and restriction. If we deny your request, you may appeal by replying to our decision email or contacting privacy@AdaptiveImport.com with “Appeal” in the subject line.

15. Children’s Privacy

The Service is for business users 18+ and is not directed to children under 13. We do not knowingly collect information from children. If you believe a child provided us information, contact us for deletion.

16. Do Not Sell or Share

We do not sell personal information. We do not share personal information for cross-context behavioral advertising as defined under certain state privacy laws.

17. Payments

Payments are processed by Stripe. AdaptiveImport does not store full payment card numbers. Stripe’s processing of personal information is subject to its privacy policy and DPA.

18. Changes to This Policy

We may update this Policy from time to time. Material changes will be posted to the Service with an updated effective date and, where required, we will provide additional notice.

19. Contact

Email: privacy@AdaptiveImport.com
Support: support@AdaptiveImport.com
Address: 906 N Miller Rd, Tempe, AZ 85288