Understanding how your data is processed, stored, and protected throughout the Adaptive platform, including what data is retained and your control over data handling.

Data Processing Architecture

Adaptive processes data across three services with different data handling characteristics:

Adaptive Backend

Go API Server
Routes requests with zero content storage

Adaptive Frontend

Next.js Web App
Stores conversations for chat users only

Adaptive AI

ML Service
In-memory classification with temporary caching

What Data We Store

Backend Service (Zero Content Storage)

What We Store

Metadata Only
  • Request timestamps and token counts
  • Provider and model selections
  • API usage statistics for billing
  • Response success/error status
  • Performance metrics (latency, throughput)

What We Never Store

No Content Storage
  • Actual prompt text or response content
  • Conversation messages or chat history
  • Personal information from requests
  • API request payloads or responses

Frontend Service (Chat Platform Only)

Chat vs API Usage: Conversations are only stored when using the web chat interface. API-only users have zero conversation data stored.
Conversation Storage
  • Chat messages and conversation history stored in PostgreSQL
  • User controls: delete individual messages or entire conversations
  • Soft deletion: 30-day recovery period before permanent deletion
  • Isolated per user - no cross-user data sharing
User Controls:
  • Delete conversations anytime through the web interface
  • Permanently delete with confirmation
  • Export conversation history in JSON format

AI Service (Temporary Processing)

In-Memory Processing

Classification Only
  • Prompts analyzed for task type and complexity
  • Results cached temporarily (default: 1 hour)
  • No persistent storage of prompt content
  • LRU cache with automatic eviction

Embedding Cache

Similarity Matching
  • Stores embeddings of classification results (not raw text)
  • Used for performance optimization
  • Configurable cache size (default: 1000 entries)
  • Thread-safe with automatic cleanup

Caching and Performance Storage

Semantic Caching (Optional)

Prompt Caching (Disabled by Default)

Data Flow and Security

Request Processing Flow

1

Request Received

Backend receives API request, extracts metadata (tokens, model, timestamp) only
2

AI Classification

AI service analyzes prompt complexity in-memory only - no storage of content
3

Provider Routing

Request forwarded to selected provider - Adaptive acts as secure proxy
4

Response Delivery

Response passed through without storage - only metadata logged

Logging Practices

What Gets Logged

Safe Metadata
  • Request/response token counts
  • Provider selection and routing decisions
  • Performance metrics (latency, success rate)
  • Error codes and status information
  • API key prefixes (not full keys)

Content Protection

Redacted Logging
  • Sensitive content automatically redacted from logs
  • Only message count and length logged, never content
  • API keys masked in all log outputs
  • Personal identifiers removed from analytics

Security Measures

1

Encryption at Rest

All stored data encrypted with AES-256 encryption in PostgreSQL and Redis
2

Encryption in Transit

TLS 1.3 for all communications between services and external providers
3

API Key Security

Keys are hashed and salted - only prefixes stored for identification
4

Access Controls

Role-based access with user isolation - no cross-user data access

User Data Controls

Conversation Management

Delete Messages

Individual Control
  • Delete specific messages from conversations
  • Soft delete with 30-day recovery period
  • Permanent deletion option available

Delete Conversations

Bulk Management
  • Delete entire conversation threads
  • Bulk deletion tools for multiple conversations
  • Automatic cleanup after user-defined periods

Account Deletion

Complete Removal
  • All user data permanently deleted
  • API keys immediately revoked
  • Process completed within 24 hours

API Key Management

Secure Generation
  • Cryptographically secure key generation
  • Only prefix identification stored (e.g., “ak_123…”)
  • Full keys shown once during creation only
  • Immediate revocation available
Key Controls:
  • Set expiration dates for automatic revocation
  • Monitor usage and set rate limits
  • Track last used timestamp
  • Bulk key management tools

Provider Data Handling

Underlying Provider Policies

When using Adaptive, your requests are forwarded to AI providers. Each provider has independent data policies that apply to your requests.

Zero Retention Providers

Providers with Zero Data Retention:
  • Groq: Zero retention policy
  • Fireworks: No data storage
  • Together AI: Zero retention
  • Several others (check provider documentation)

Standard Providers

Providers with Limited Retention:
  • OpenAI: 30 days for safety monitoring
  • Anthropic: 30 days for safety purposes
  • Google AI: Limited retention for safety
  • Most retain for safety/abuse prevention only

Provider Selection for Privacy

const completion = await openai.chat.completions.create({
  model: "",  // Enable intelligent routing
  messages: [{ role: "user", content: "Sensitive data analysis" }],
  model_router: {
    // Prefer providers with better privacy policies
    models: [
      { provider: "groq" },      // Zero retention
      { provider: "fireworks" }, // Zero retention
      { provider: "together" }   // Zero retention
    ]
  }
});

Compliance and Transparency

Current Compliance Status

Data Minimization

By Design
  • Only essential data collected
  • Automatic data expiration
  • User-controlled data retention
  • Zero content storage by default

User Rights

Full Control
  • Access to all stored data
  • Deletion rights exercised immediately
  • Data portability through exports
  • Consent-based data processing

Transparency

Open Policies
  • Clear retention policies documented
  • Provider policy transparency
  • Usage metadata accessible to users
  • Regular policy updates communicated
Contractual Necessity
  • Processing required to provide API routing services
  • Usage metadata needed for billing and service delivery
  • Performance monitoring for service quality
  • No consent required - processing is contractually necessary

Implementation Details

Database Schema Privacy Features

Based on actual Prisma schema: 
-- Conversations support soft deletion
model Conversation {
  id        Int       @id @default(autoincrement())
  title     String
  createdAt DateTime  @default(now())
  updatedAt DateTime  @updatedAt
  deletedAt DateTime? -- Soft deletion support
  userId    String    -- User isolation

  messages Message[]
  @@index([deletedAt]) -- Efficient deletion queries
}

-- Messages also support soft deletion  
model Message {
  id        String    @id @default(cuid())
  role      String
  parts     Json      -- Message content
  createdAt DateTime  @default(now())
  deletedAt DateTime? -- Soft deletion support
  
  @@index([deletedAt])
}

Cache Implementation Details

# From classification_result_embedding_cache.py
class EmbeddingCache:
    def __init__(self, max_size: int = 1000):
        self.vectorstore = InMemoryVectorStore()  # In-memory only
        self.max_size = max_size
        self._cached_size = 0
    
    def add_to_cache(self, classification_result, orchestrator_response):
        # Only stores classification results, not raw prompts
        json_string = self._classification_result_to_json_string(classification_result)
        # Automatic LRU eviction when max_size reached

Data Deletion and User Rights

Self-Service Data Management

1

Conversation Deletion

Users can delete conversations through the web interface - implements soft deletion with 30-day recovery
2

Message Deletion

Individual messages can be deleted with immediate effect in the user interface
3

API Key Revocation

API keys can be revoked immediately, stopping all associated data collection
4

Account Closure

Complete account deletion removes all associated data within 24 hours

Data Export

Available Exports

Current Features:
  • Usage statistics and analytics data
  • API key usage history and metrics
  • Account and billing information
  • Organization and project data

Export Format

Technical Details:
  • JSON format for structured data
  • CSV available for usage analytics
  • Real-time export generation
  • No third-party processing required

Best Practices for Privacy

API Users

Maximum Privacy

Recommendations:
  • Use API-only integration (no web chat)
  • Implement client-side data filtering
  • Choose zero-retention providers when possible
  • Rotate API keys regularly

Monitoring

Security Practices:
  • Monitor API key usage patterns
  • Review provider selection policies
  • Check usage statistics regularly
  • Set up billing alerts for unusual activity

Chat Platform Users

Conversation Management

Privacy Controls:
  • Regularly review and delete old conversations
  • Use temporary conversations for sensitive topics
  • Monitor conversation storage in dashboard
  • Set personal data retention policies

Account Security

Security Measures:
  • Enable two-factor authentication
  • Review login activity regularly
  • Use strong, unique passwords
  • Monitor account access patterns

Contact and Support

Data Privacy Questions

General Inquiries

Support Team
  • Email: info@llmadaptive.uk
  • Response time: Within 24 hours
  • Available for privacy policy questions

Privacy Requests

Data Requests
  • Email: privacy@llmadaptive.uk
  • Data export, deletion, or access requests
  • Response time: Within 30 days per GDPR

Emergency Contact

For security incidents or data breaches:

Next Steps

Dashboard Settings

Review your account settings and data controls

Provider Comparison

Compare providers and their data policies