AI Spend IndexStanford Computer Science

Privacy Policy

What data AI Spend Index stores and how it is used.

Last updated: March 5, 2026

Version: 2026-03-05

This page is the current published version.

1. Information we collect

  • Account information such as the email address used for authentication.
  • Submission data such as company name, industry, engineering headcount, AI-for-SWE spend, fiscal year, and optional benchmark fields.
  • Basic operational logs such as IP address, browser metadata, and timestamps processed by hosting and authentication providers.

2. How we use data

  • To authenticate users, review submissions, operate contributor-only benchmark views, and publish one overall public distribution across the full dataset.
  • To produce research outputs related to AI software-engineering spend and adoption.
  • To communicate about submission status, corrections, deletion requests, and account access.
  • We do not sell identifiable submitted data and we do not use identifiable submitted data to train AI models.

3. Visibility model

  • Company names and submitter email addresses are not displayed publicly or to other contributors.
  • Approved contributors may see pseudonymous company rows with bucketed industry, region, and engineering headcount bands.

4. Retention, correction, and deletion

Submitted data is retained for the life of the research project unless the team decides to retire the project earlier.

You may request correction or deletion of identifiable submission data by contacting the research team from the email address associated with the submission. We aim to process verified requests within 30 calendar days, subject to legal obligations and routine backup retention.

5. Cookies and authentication

AI Spend Index uses only cookies and storage mechanisms needed for authentication and session continuity. It does not use advertising cookies.

6. Service providers

  • Supabase for database hosting and authentication.
  • Vercel for application hosting and edge delivery.
  • Resend for transactional email delivery.

7. Incident response

If we confirm unauthorized access to identifiable submitted data or account credentials, we will investigate and respond in accordance with applicable law, Stanford requirements, and law-enforcement needs. Where notice is legally required or otherwise reasonably appropriate, affected individuals or organizations will be notified after scope determination and containment are underway.

8. Related documents

This policy should be read together with the Data Protection Commitment and Data Use Terms.

9. Contact

Privacy-related questions or requests can be sent to ydebl at stanford.edu.