AssetOS :/>
ContactSign inStart free trial
Legal

Privacy Policy

How we collect, use, and protect your information when you use AssetOS.

Updated April 2026

This Privacy Policy describes how AssetOS ("we," "us," or "our") collects, uses, stores, and protects your personal information when you use our software-as-a-service platform, website, and related services (collectively, the "Service").

We are committed to protecting your privacy and being transparent about our data practices. By using the Service, you agree to the collection and use of information as described in this Privacy Policy.

1. Information We Collect

Information You Provide

We collect information you directly provide to us, including:

  • Account Information: Name, email address, password, company name, job title
  • Profile Information: Profile photo, preferences, settings
  • Billing Information: Credit card details, billing address (processed securely through our payment processor)
  • Content and Files: Data, files, and content you upload, create, or store in the Service
  • Communications: Messages you send to us via email, support requests, or in-app chat
  • Feedback: Survey responses, feature requests, and other feedback

Information We Collect Automatically

When you use the Service, we automatically collect:

  • Usage Data: Pages viewed, features used, actions taken, time spent, frequency of use
  • Device Information: IP address, browser type and version, operating system, device type
  • Log Data: Access times, error logs, performance data
  • Cookies and Tracking: See our Cookie Policy section below
  • Fraud Prevention Data: At account creation, we collect your IP address and browser user agent string. This data is used solely to detect and prevent fraudulent signups and is not used for profiling or marketing purposes.
  • Product Usage Events: When using the application, PostHog records events such as feature interactions, page views, and session behaviour, linked to your user account.
  • Error and Diagnostic Data: Sentry automatically captures application errors, including technical context such as your browser, operating system, IP address, and user identifier, to help us identify and resolve bugs.

Information from Third Parties

We may receive information from:

  • Authentication Providers: If you sign in via Google or other third-party services, we receive basic profile information
  • Payment Processors: Payment confirmation and billing information
  • Analytics Services: Aggregated usage patterns and demographics

2. How We Use Your Information

To Provide and Improve the Service

  • Create and manage your account
  • Process transactions and send billing confirmations
  • Provide customer support and respond to inquiries
  • Monitor and improve Service performance and reliability
  • Develop new features and functionality
  • Debug and fix technical issues

To Communicate with You

  • Send service-related notifications (account changes, security alerts, system updates)
  • Respond to your requests and questions
  • Send marketing communications (with your consent; you may opt out)
  • Request feedback and conduct surveys

For Security and Compliance

  • Detect, prevent, and investigate fraud and abuse
  • Enforce our Terms of Service
  • Comply with legal obligations and protect legal rights
  • Conduct security audits and risk assessments

The legal basis for processing IP address and user agent data for fraud prevention is our legitimate interests in protecting the integrity of the Service (GDPR Art. 6(1)(f)). This processing is proportionate to the risk and does not override your fundamental rights.

For Analytics and Research

  • Analyze usage patterns and trends
  • Conduct market research
  • Create aggregated, anonymized statistics
  • Measure effectiveness of marketing campaigns

3. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA), UK, or Switzerland, we process your personal data based on the following legal grounds:

  • Contract Performance: To provide the Service you've subscribed to
  • Legitimate Interests: To improve our Service, prevent fraud, and ensure security
  • Consent: For marketing communications and non-essential cookies (you may withdraw consent)
  • Legal Obligation: To comply with laws and regulations

4. How We Share Your Information

We do not sell your personal information. We share your information only in these circumstances:

Service Providers

  • Hosting: Vercel Inc. — our infrastructure is deployed via Vercel, with servers in the EU and US
  • Payment Processing: Stripe — handles all credit card processing and billing
  • Email: Resend — transactional email delivery
  • Analytics: Google Analytics 4 (GA4) — behavioural analytics using cookies; and Vercel Analytics — cookieless, aggregated traffic analytics
  • Product Analytics: PostHog — tracks in-app user behaviour and feature usage
  • Error Monitoring: Sentry — captures application errors and crash reports
  • Support: Customer support and help desk platforms

All service providers are contractually bound to protect your data and use it only for specified purposes.

Business Transfers

If we are involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you before your information is transferred and becomes subject to a different privacy policy.

Legal Requirements

We may disclose your information if required to comply with laws, respond to government requests, protect our rights, prevent fraud, or enforce our Terms of Service.

5. Data Retention

  • Account Data: Retained while active and for 30 days after account deletion
  • Usage Data: Retained for up to 2 years for analytics
  • Billing Records: Retained for 7 years to comply with tax and accounting requirements
  • Support Communications: Retained for 3 years
  • Marketing Data: Retained until you opt out or request deletion
  • Fraud Prevention Logs: IP address and user agent retained for 90 days, then permanently deleted

6. Data Security

  • Encryption: Data is encrypted in transit (TLS/SSL) and at rest (AES-256)
  • Access Controls: Strict authentication requirements for our team
  • Monitoring: Continuous security monitoring and intrusion detection
  • Backups: Regular encrypted backups stored in secure locations

While we use industry-standard security measures, no system is completely secure. We cannot guarantee absolute security, but we take all reasonable measures to protect your data.

7. Your Rights and Choices

You can update your account information at any time through your account settings. To request deletion of your account and personal information, contact us at hello@assetos.io. We will delete your information within 30 days, except where required by law to retain it.

You can opt out of marketing emails by clicking "unsubscribe" in any marketing email.

8. GDPR Rights (EEA, UK, Switzerland Users)

If you are located in the European Economic Area, UK, or Switzerland, you have additional rights under GDPR:

  • Right to Access: Request a copy of your personal data
  • Right to Rectification: Correct inaccurate or incomplete data
  • Right to Erasure: Request deletion of your personal data ("right to be forgotten")
  • Right to Restriction: Limit how we process your data
  • Right to Data Portability: Receive your data in a structured, machine-readable format
  • Right to Object: Object to processing based on legitimate interests
  • Right to Withdraw Consent: Withdraw consent at any time
  • Right to Complain: Lodge a complaint with your local data protection authority

To exercise these rights, contact us at hello@assetos.io. We will respond within 30 days.

9. CCPA Rights (California Users)

  • Right to Know: Request information about personal data we collect, use, and share
  • Right to Delete: Request deletion of your personal data
  • Right to Opt-Out: Opt out of the "sale" of personal data (note: we do not sell personal data)
  • Right to Non-Discrimination: Not be discriminated against for exercising your rights

10. Cookie Policy

We use cookies and similar tracking technologies to provide and improve the Service. See our full Cookie Policy for details.

11. International Data Transfers

The Service is operated from the United Kingdom. For users outside the UK, your information will be transferred to, stored, and processed in the UK and other locations where our service providers operate. We ensure appropriate safeguards via Standard Contractual Clauses and UK GDPR-compliant data processing agreements.

12. Children's Privacy

The Service is not intended for children under 18 years old. If you believe your child has provided us with personal information, please contact us at hello@assetos.io and we will delete it promptly.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email and by posting the updated policy on our website, with at least 30 days' notice before material changes take effect.

14. Data Breach Notification

In the event of a data breach affecting your personal information, we will notify you within 72 hours of becoming aware of the breach, as required by law.

15. Contact Us

This Privacy Policy is written in English. If we provide a translation, the English version will prevail in case of any discrepancy.

We use cookies to analyze site traffic and improve your experience. Learn more