Data Request Policy

How does Adaface handle requests from government and law enforcement?

Adaface is an online conversational assessments platform, as described in our Privacy policy and Terms of service. If we receive valid legal process from a government or law enforcement entity, we may have an obligation to produce user data in accordance with applicable laws.

Where should I send the legal process?

All requests by law enforcement and government entities (including international government and law enforcement entities) may be sent to deepti@adaface.com.

What information does Adaface need to process my request?

In addition to all requisite and applicable legal requirements, all legal process requests should include the following information: (a) the government entity or law enforcement agency, (b) the relevant criminal or civil matter and (c) identifying information about the Adaface account, including the relevant customer and user names, date range, the Adaface dashboard URL and the type of data sought. The request must also come from a government-issued email account and include full contact information for the requesting officer.

What happens when Adaface receives a law enforcement request?

We carefully review all requests for legal sufficiency, keeping user privacy in mind. Adaface may reject or challenge any requests that are unclear, overly broad or inappropriate.

How does Adaface protect data in motion and data at rest?

Adaface employs a range of technical and organisational measures to defeat efforts to intercept, surveil or otherwise access without authorisation data in transit. Adaface only utilises secure data transport via TLS over HTTPS. This feature is always enabled to limit any third-party efforts to tamper with or tap into the data transfers between the two end-points (Adaface and our customers).

Adaface offers additional safeguards by creating an immutable audit log so that the customer is notified every time its data is accessed.

Can the government and/or law enforcement obtain deleted data from Adaface?

Generally, no. Unless deleted data is retained by a customer pursuant to their retention settings, it is removed from Adaface’s systems immediately upon deletion. Once deleted, data may reside in our security backups for a limited period of time (up to 14 days, but often fewer). Once the backup period is over, Adaface hard-deletes all information from our production systems. Once fully deleted, Adaface cannot retrieve the data for any purpose, including for purposes of responding to government and law enforcement requests.

Do you give customers notice before producing data to a governmental or law enforcement entity?

Unless Adaface is prohibited from doing so or there is a clear indication of illegal conduct or risk of harm, Adaface will notify the customer, typically by emailing the primary owner, before disclosing data so that the customer may promptly seek legal remedies.

What about third-party or civil requests for data?

Third parties seeking data should contact the Adaface workspace owner directly. Wherever possible, we encourage parties to manage their requests without our involvement. Workspace owners should be able to run their own export in order to comply with an appropriate legal request. If you need assistance with those exports, the primary owner can contact us to see if they qualify for an export due to legal necessity.

Guiding principles

In addition to our commitment to trust and transparency, we also believe in the importance of fundamental privacy, protection of user data, constitutional guardrails and judicial oversight of government data collection and surveillance.

We abide by the following guiding principles:

• We are committed to maintaining Customer privacy and confidentiality.
• All legal process is carefully reviewed. Adaface rejects or challenges any requests that have no legal basis or are unclear, overbroad or otherwise inappropriate.
• Adaface construes legal process as narrowly as possible.
• Wherever possible, we encourage Customers and third parties to obtain relevant data without our intervention.