Privacy Policy

• Account Information: Email address, full name, company name
• NetSuite Integration Credentials: RESTlet URL, OAuth 2.0 Client ID, Client Secret (encrypted), Certificate ID (optional), NetSuite Account ID
• Billing Information: Collected and processed by Stripe (we do not store payment card data)
• Communication Data: Email correspondence, support requests

What We Collect (By Default):

• Script metadata (names, types, owners, descriptions)
• Workflow metadata (names, record types, statuses - NOT execution data)
• Saved search metadata (titles, types, owners - NOT search results)
• Custom field metadata (field IDs, types - NOT field values)
• Custom record type metadata (names, structures - NOT records)
• Role metadata (role names - NOT permissions or user assignments)
• Integration metadata (RESTlet/Suitelet names, statuses - NOT API keys or tokens)

What We DO NOT Collect:

• ❌ Customer or client data
• ❌ Transactional data (sales orders, invoices, etc.)
• ❌ Financial records (accounting entries, payments, etc.)
• ❌ Personally Identifiable Information (PII) from your NetSuite
• ❌ Payment or credit card information
• ❌ Employee personal data (salaries, benefits, etc.)
• ❌ Proprietary business data (contracts, pricing, etc.)
• ❌ Email message contents
• ❌ File contents or uploaded documents

• Usage Data: IP addresses, browser type, pages visited, time stamps
• Cookies: Session cookies for authentication (required for Service functionality)

• In Transit: All data transmitted using SSL/TLS encryption
• At Rest: OAuth credentials encrypted using AES-256-CBC encryption
• Database: PostgreSQL with encryption at rest (Supabase)

• Row Level Security (RLS): Database policies ensure you can only access your organization's data
• OAuth 2.0: Secure authentication for NetSuite integration
• Multi-Tenant Isolation: Complete data separation between organizations

• Right to Access: Request a copy of your personal data
• Right to Rectification: Correct inaccurate data
• Right to Erasure: Delete your data ("right to be forgotten")
• Right to Portability: Export your data in machine-readable format
• Right to Object: Object to certain data processing
• Right to Restrict Processing: Limit how we use your data

• Right to Know: Disclosure of data collection and sharing practices
• Right to Delete: Request deletion of your personal information
• Right to Opt-Out: We do NOT sell personal information (opt-out not applicable)
• Non-Discrimination: No discrimination for exercising your rights

To exercise any of these rights, contact us at:

• Email: privacy@adaptivesuitesolutions.com
• Subject Line: "Data Rights Request"

We will respond within 30 days.

When you connect your NetSuite account, we see:

• ✅ Names of your scripts, workflows, and customizations
• ✅ Configuration settings and metadata
• ✅ User IDs and role names (NOT detailed permissions)

We NEVER see (unless you explicitly enable optional features):

• ❌ Your customer names, emails, or contact information
• ❌ Sales orders, invoices, or transaction details
• ❌ Financial data, accounting entries, or payments
• ❌ Script source code (unless you enable optional Script Source Review)
• ❌ Data stored in your custom fields or records

We use Anthropic Claude (a large language model) to analyze your NetSuite metadata and generate recommendations. The metadata sent to Anthropic includes:

• Script names and descriptions
• Workflow configurations
• Customization structures

Anthropic's privacy commitment: Enterprise data is not used to train models.