Skip to content
ATDbbeta

Privacy Policy

Effective Date: May 24, 2026

ATDb (“The AdTech Database,” “we,” “us,” or “our”) is operated by Jon Holm as a personal project. This Privacy Policy describes how we collect, use, and share information when you use theatdb.com (the “Service”).

Information We Collect

Account Information. When you create an account, we collect your email address and any display name you provide. You may use a pseudonym. Accounts are managed through Supabase Auth.

Contribution Data. If you submit edits or additions to the database, we store your contribution history, including the content of each edit, timestamps, edit summaries, and source URLs you provide. Your display name is associated with your contributions and may be visible to other users in edit histories. We also track your trust level, which is based on the quantity and quality of your approved contributions.

Community Submission Data (no account required). Anyone may submit a company or person to our discovery queue at /submit without creating an account. We store the submitted entity name, website, category, description, optional notes for our review team, IP address (used only for rate limiting), and your email address if you choose to provide one. The email address is optional; if provided, we use it solely to send you a one-time confirmation that your submission was received and to follow up only if our editors have a clarifying question. Submitter email addresses are not used for marketing, are never shared, and may be removed by emailing admin@theatdb.com along with the entity name you submitted.

Accuracy Voting Data. If you vote on the accuracy of entity profile sections, we store your vote (accurate, unsure, or inaccurate), any optional note you provide explaining your assessment, the section and entity you voted on, and a timestamp. If an admin resolves a flagged section, your vote is archived (not deleted) to maintain a historical record of community feedback. Your total number of sections rated is displayed on your public contributor profile.

Usage Data. We automatically collect information about how you interact with the Service, including pages visited, features used, and referring URLs.

Activity Logging. We maintain an audit log of account-related actions such as edits submitted, votes cast, settings changed, and administrative actions taken on your account. This log is used for security, abuse prevention, and service integrity.

Analytics. We use Google Analytics 4 (via Google Tag Manager) and PostHog for analytics. Google Analytics collects aggregated usage data such as pages visited, session duration, device type, browser, approximate geographic location, and referring sources. PostHog provides product analytics and session replay, recording anonymized browsing sessions to help us understand navigation patterns. Both services use consent-based activation— analytics cookies are only set after you grant consent via our cookie banner. If you decline, no analytics cookies are placed on your device.

Cookies.We use essential cookies for authentication (Supabase session cookies) and analytics cookies (Google Analytics and PostHog, with your consent). When you first visit ATDb, a consent banner lets you accept or reject analytics cookies. You can change your preference at any time via the “Cookie Settings” link in the footer. See our Cookie Policy for details.

How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the Service
  • Authenticate your account and manage your session
  • Process, review, and publish your contributions
  • Calculate and manage your trust level based on contribution quality
  • Display your display name alongside your contributions in edit histories
  • Send you transactional emails required for account operation (e.g., email verification, password resets)
  • Send a one-time confirmation email to anonymous submitters who provide their email address on the submission form, and follow up only if our editors have a question about the submission
  • Send you optional notification emails about your contributions (e.g., edit approvals or rejections) only if you explicitly opt in
  • Understand how users interact with the Service
  • Respond to your requests or inquiries
  • Process and display your accuracy votes on entity profiles
  • Maintain audit logs of account activity for security and abuse prevention
  • Detect and prevent vandalism, spam, and abuse

Automated Profile Research

ATDb runs automated agents that scan public sources (RSS feeds, press releases, SEC filings, news articles) to detect business events involving the companies, people, and events in our database. These agents produce structured findings such as pending acquisition announcements, IPO events, leadership changes, and competitor relationships, which are saved to the affected records (for example, marking a target company as having a pending acquirer, or adding the deal to the acquirer’s list of pending acquisitions).

This automated research processes business data only— not personal data about users. Findings are reviewed in our internal admin queue before they appear on public record pages. High-confidence multi-source findings may be auto-published. If you believe a published finding about a company you represent is inaccurate, you can flag it via the “Report” button on the affected page or email admin@theatdb.com.

Automated Fact Verification

To improve the trustworthiness of automatically-researched profile data, ATDb runs an automated verification system that scores the headline facts on each record (parent company, founding year, M&A status, etc.) against the public sources that back them. The result drives the “Verification seal” chip you see on company / person / event / news pages (states: Verified, Verified · N sources, Unverified). See /help/verification for the full explainer.

The verification system processes business data only— not personal data about users. Each backing source (a press release, regulator filing, trade-press article, etc.) is stored alongside its details: the URL, the publisher domain, a short excerpt, a source-class rating (regulator / corporate / editorial / press wire / tertiary reference), and a confidence score.

An automated AI check sends each newly-proposed fact (along with the source title, publisher domain, and a short excerpt) to Anthropic's Claude API to evaluate whether the proposed claim is actually supported by the cited source. The resulting score and a short explanation are stored with the source. Facts that score below our seal-confidence threshold do not surface as “Verified” and may show a “Help confirm” prompt inviting community members to provide a corroborating source.

The hallucination scorer also processes only entity-level business data — not personal data about users. Source URLs, source titles, body excerpts, and the proposed fact itself are sent to Anthropic; user identity, IP address, and session context are not included in the request.

Public Information

The following information may be publicly visible to other users of the Service:

  • Your display name (which may be a pseudonym)
  • Your approved contributions and edit history
  • Your trust level
  • Your accuracy voting statistics (number of sections rated)

Your email address is never publicly displayed. It is used only for account authentication, transactional emails (password resets, verification), and notification emails that you have explicitly opted into.

Email Communications

Transactional emails (account verification, password resets, security alerts) are sent as needed to operate your account. These do not require separate opt-in and cannot be disabled while your account is active.

Submission acknowledgment emails are sent one time to anonymous community submitters who voluntarily provide an email address on the submission form. Each submission triggers at most one acknowledgment email, plus a possible follow-up if our editors have a clarifying question. There is no list to subscribe or unsubscribe from; the email itself states this.

All other emails are opt-in only. We will never send you notification or marketing emails unless you explicitly enable them in your account settings. Every notification type (edit reviews, trust level changes, daily digests, administrative reports) is disabled by default and must be individually enabled by you. You may disable any notification at any time.

Information Sharing

We do not sell your personal information. We share information only with the following service providers, who process data on our behalf:

  • Supabase— database hosting and authentication
  • Vercel— application hosting and edge delivery
  • Google Analytics— website analytics (data only collected with your consent)
  • PostHog— product analytics and session replay (data only collected with your consent). PostHog also receives backend AI telemetry for our data pipelines, the Ask ATDb feature, our M&A enrichment agents (which scan public RSS feeds and structured research manifests to detect acquisitions, IPOs, and deal events), and the verification hallucination scorer — model name, token counts, latency, cost, and request/response content. AI telemetry events are not linked to your personal identity
  • Sentry— error monitoring and performance tracking
  • Resend— transactional email delivery (notifications)
  • Logo.dev— company logo images served from a third-party CDN (your browser sends standard request data such as IP address and user agent when loading logos)
  • Anthropic— AI content generation, question answering, and verification scoring. For database enrichment, entity data such as company names, descriptions, and publicly available business information is sent to Anthropic's Claude API. When you use the Ask ATDb feature, your query text and relevant database excerpts are also sent to generate answers. The verification hallucination scorer also sends source URLs, source titles, body excerpts, and proposed factual claims to Anthropic to evaluate whether the proposed claim is supported by the cited source. Your query text and user identity are not linked to your personal identity when transmitted to Anthropic. See “Automated Verification & Hallucination Scoring” above
  • Canny.io— user feedback and feature request platform (if you use the feedback feature, your user ID, email address, and display name are shared with Canny via single sign-on to identify your feedback submissions)
  • Inngest— background job orchestration for data pipeline processing (processes system and entity data; does not receive user personal data)
  • Cohere— vector embedding generation for semantic search. Entity data such as titles and summaries is sent to generate search embeddings. When you use the Ask ATDb feature, your query text is also embedded for semantic retrieval. Your query text is not linked to your personal identity when transmitted to Cohere
  • Serper— web search for source discovery. To find independent sources that corroborate entity facts, ATDb sends search queries built from public company names (for example, a company name plus its industry) to the Serper Google-search API. Only public business/entity data is sent — no user personal data, identity, IP address, or Ask ATDb query text
  • Cloudflare Turnstile— bot and spam prevention on authentication forms (collects browser signals, IP address, and interaction data to distinguish humans from bots; no CAPTCHA challenge is presented to users)

We may also disclose information if required by law or to protect our rights.

Legal Basis for Processing (GDPR)

If you are in the European Economic Area (EEA) or the United Kingdom, we process your personal data under the following legal bases:

  • Consent— for analytics cookies and usage tracking (you can withdraw consent at any time via the “Cookie Settings” link in the footer)
  • Contract performance— for providing your account, processing your contributions, and managing your watchlist
  • Legitimate interest— for error monitoring (Sentry), service reliability, and preventing abuse

Your Rights Under GDPR

If you are in the EEA or the United Kingdom, you have the following rights regarding your personal data:

  • Right of Access. You may request a copy of the personal data we hold about you.
  • Right to Rectification. You may request that we correct inaccurate or incomplete personal data.
  • Right to Erasure.You may request that we delete your personal data, subject to certain exceptions (see “Data Retention” below regarding approved contributions).
  • Right to Restriction. You may request that we restrict the processing of your personal data in certain circumstances.
  • Right to Data Portability. You may request a copy of your personal data in a structured, commonly used, machine-readable format.
  • Right to Object. You may object to our processing of your personal data where we rely on legitimate interest as the legal basis.
  • Right to Withdraw Consent.Where processing is based on consent (e.g., analytics cookies), you may withdraw consent at any time via the “Cookie Settings” link in the footer. Withdrawal does not affect the lawfulness of processing before withdrawal.
  • Right to Lodge a Complaint. You have the right to lodge a complaint with your local data protection supervisory authority.

To exercise any of these rights, contact us at admin@theatdb.com. We will respond within 30 days.

Automated Decision-Making

ATDb uses automated systems for two purposes:

  • User trust levels.We determine your trust level based on the number of your approved contributions and your account age. Trust levels affect your editing capabilities — for example, Trusted Editors may have some edits on non-protected fields auto-approved without manual review. These automated decisions are based solely on objective criteria (edit count and account age thresholds) and do not involve profiling.
  • Fact verification scoring.We score the headline facts on each record (company / person / event / news) for confidence using public sources, source-class weighting, an automated stance classifier, and a hallucination scorer (see “Automated Verification & Hallucination Scoring” above). These automated decisions concern data about entities in the database, not data about users. They affect what label (Verified / Verified · N sources / Unverified) appears on an entity page; they do not affect any rights or obligations of users.

You may contact us at admin@theatdb.com to request a manual review of any automated trust-level decision affecting your account, or a manual review of any automated verification decision affecting an entity you represent.

Your California Privacy Rights

If you are a California resident, the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) provide you with specific rights regarding your personal information:

  • Right to Know. You may request the categories and specific pieces of personal information we have collected about you.
  • Right to Correct. You may request that we correct inaccurate personal information we maintain about you.
  • Right to Delete.You may request that we delete the personal information we have collected from you, subject to certain exceptions. Note: contributions that have been approved and integrated into the database may be retained in anonymized form, as they are part of the collaborative dataset (see “Data Retention” below).
  • Right to Opt-Out of Sale. We do not sell personal information. If this changes in the future, we will provide an opt-out mechanism.
  • Right to Non-Discrimination. We will not discriminate against you for exercising any of your privacy rights.

Categories of Information Collected. In the preceding 12 months, we may have collected: identifiers (email address, display name), internet activity information (browsing history on our site, search queries, contribution history), and geolocation data (approximate location via analytics).

To exercise any of these rights, contact us at admin@theatdb.com. We will verify your identity before processing your request and respond within 45 days.

Other US State Privacy Laws

Several US states have enacted consumer privacy laws, including Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, and others. While ATDb is operated from California, we extend the privacy rights described above — including the rights to access, correct, and delete your personal data — to all users regardless of location. To exercise any privacy right, contact us at admin@theatdb.com.

International Data Transfers

ATDb is operated from the United States. Your personal data may be transferred to and processed in the US and other countries where our service providers operate, including:

  • Supabase (US) — database and authentication
  • Vercel (US/global edge) — application hosting
  • Google (US) — analytics
  • PostHog (US) — product analytics
  • Sentry (US) — error monitoring
  • Resend (US) — email delivery
  • Logo.dev (US) — company logo images
  • Anthropic (US) — AI content generation
  • Canny.io (US) — user feedback platform
  • Inngest (US) — background job orchestration
  • Cohere (US/Canada) — vector embeddings for semantic search
  • Serper (US) — web search for source discovery (public entity queries only)
  • Cloudflare (US/global edge) — bot prevention (Turnstile)

Where data is transferred outside the EEA or UK, our service providers rely on Standard Contractual Clauses (SCCs), the EU-US Data Privacy Framework, or other approved transfer mechanisms to ensure adequate protection of your personal data. We maintain data processing agreements with our key sub-processors where required by applicable law.

Data Retention

We retain your account information for as long as your account is active. Usage and analytics data is retained in accordance with our service providers' retention policies (Google Analytics retains data for 14 months by default; PostHog retains data according to your plan settings).

Contribution data:Approved contributions become part of the collaborative database. If you delete your account, we will remove your email address and personal identifiers. Previously approved contributions may be retained in anonymized form (attributed to “[deleted user]”) to preserve the integrity of the database and its edit history. This is similar to how collaborative platforms like Wikipedia handle contribution history.

You may request deletion of your account and personal data at any time by contacting us at admin@theatdb.com.

Data Security

We implement reasonable technical and organizational measures to protect your information, including encrypted connections (HTTPS), secure authentication via Supabase, and access controls. However, no method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

Data Breach Notification

In the event of a data breach that compromises your personal information, we will notify affected users without undue delay and no later than 72 hours after becoming aware of the breach, where feasible. Notification will be sent via email to the address associated with your account. We will also notify relevant supervisory authorities as required by applicable law, including the GDPR and applicable US state breach notification laws.

Children's Privacy

The Service is not directed at children under 13. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal information, please contact us and we will delete it.

Do Not Track & Global Privacy Control

Some browsers send a “Do Not Track” (DNT) signal. There is no industry standard for how websites should respond to this signal. We do, however, honor the Global Privacy Control (GPC)signal as a valid opt-out of the sale or sharing of personal information, as required by the California Consumer Privacy Act. ATDb does not sell personal information, but we treat GPC signals as an expression of your privacy preference and ensure no analytics data is collected when a GPC signal is detected. Additionally, our cookie consent banner lets you explicitly accept or reject analytics tracking, and you can change your preference at any time via the “Cookie Settings” link in the footer. If you have not granted analytics consent, no analytics data is collected regardless of any browser-level signals.

Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will update the effective date at the top of this page. Your continued use of the Service after changes are posted constitutes your acceptance of the revised policy.

Contact

If you have questions about this Privacy Policy, contact us at admin@theatdb.com.