LEGAL DOSSIER / PRIVACY
Privacy PolicyHow Adola handles account, request, and usage data.
Effective July 10, 2026. This policy explains what Adola collects, why we collect it, how we use processors, and how account deletion works.
Information we collect
- Account information: your email address, name if provided, authentication method, workspace name, organization ID, project IDs, and session cookies.
- Product information: API-key metadata, request timing, receipts, token counts, latency, billing plan, and dashboard usage needed to run the workspace.
- Request information: chat messages, model name, gateway options, and output produced when you use the hosted API or dashboard.
- Site information: Adola stores a random first-party visitor ID in localStorage under adola_visitor_id and a per-tab session ID in sessionStorage. The server stores salted hashes of those IDs with page views, page paths and navigation, page titles, referrers, campaign attribution, clicks, form starts and submissions, scroll depth, engagement duration, browser metadata, demo metadata, and client error categories used to understand product usage and abuse.
- Analytics does not collect passwords, API keys, payment details, prompts, or form-field contents. Analytics records are retained for up to 180 days, then deleted or reduced to detached aggregate statistics.
How we use information
- To provide inference, return receipts, validate project-scoped API keys, enforce usage limits, and keep the dashboard accurate.
- To secure the service, debug incidents, prevent abuse, investigate failed requests, and maintain reliable production infrastructure.
- To operate billing, usage metering, checkout, billing portals, customer support, and product analytics.
- To improve Adola based on aggregate usage patterns and product feedback.
Request data
- Do not submit secrets, credentials, regulated data, private customer records, or anything you are not allowed to process through a hosted service.
- Production workflows should use a signed-in workspace and project-scoped API key. Your downstream model-provider keys are not required by Adola.
- Adola sends the request content needed to serve your call to AI infrastructure service providers. Those providers may process or retain data under their contracts, settings, and legal obligations.
- We may retain request metadata and receipts for metering, debugging, billing, and abuse prevention. We do not sell personal information or share it for cross-context behavioral advertising.
Sharing and processors
- Microsoft Azure hosts Adola's application and database in Canada Central. Google OAuth provides authentication, and Stripe provides card setup, payment processing, invoices, and the billing portal.
- AI infrastructure service providers process request content as needed to return model output. Their systems may process or retain data under their contracts, settings, and legal obligations.
- We may disclose information if required by law, to protect the service, or to investigate security and abuse issues.
Retention and deletion
- You can delete your account from Dashboard Settings after resolving any invoice or accrued balance at or above $5.00. Adola waives smaller uninvoiced balances at deletion. Deletion removes your user account, owned workspace, projects, API keys, usage events, and local billing account record from the Adola application database.
- After deletion, Adola clears the active session. Analytics events are detached from your user and organization identifiers. Aggregate analytics records may remain without pointing back to the deleted account.
- Some records may remain outside the application database where retention is required or controlled by third-party processors, such as payment invoices, bank records, backups, security logs, and legally required audit records.
International processing
- Adola and its hosting, payment, analytics, authentication, and AI infrastructure service providers may process information in Canada, the United States, and other countries where they operate.
- Privacy and data-protection laws can differ between countries. Where required, we use contractual or other recognized safeguards for international transfers.
- Contact privacy@adola.app before sending regulated data or if your organization needs a data-processing agreement or specific residency commitment.
Security
- Adola uses HTTPS in production, Google OAuth for account access, HTTP-only session cookies, bearer API keys, scoped project access, rate limits, and operational logging.
- No internet service is perfectly secure. Keep API keys server-side, rotate keys if they may have leaked, and avoid submitting secrets to hosted services.
Your privacy rights
- Depending on where you live, you may have rights to access, correct, delete, or export personal information, and to object to or restrict certain processing.
- You can sign out, revoke API keys, delete your account, or contact us about a privacy request. We may need to verify your identity and authority before acting on a request.
- If we deny a request, you may appeal by replying to our decision. You may also contact the privacy or data-protection regulator where you live.
- You can block cookies in your browser, but account sessions and some product features may stop working.
- For privacy questions, contact privacy@adola.app from the email associated with your workspace when possible.
Children
- Adola is a business and developer service not directed to children. You must be at least 18 years old to create an account or enable billing.
- We do not knowingly collect personal information from children. Contact privacy@adola.app if you believe a child submitted personal information to Adola.
Policy changes
- We may update this policy as the service or legal requirements change. We will post the revised effective date here and provide additional notice for material changes when required.
- Questions about this policy or Adola's privacy practices can be sent to privacy@adola.app.