Legal

Privacy Policy

How we collect, use, and protect your information when you use AssetOS.

Updated January 2026

Last updated: January 29, 2026

This Privacy Policy describes how AssetOS ("we," "us," or "our") collects, uses, stores, and protects your personal information when you use our software-as-a-service platform, website, and related services (collectively, the "Service").

We are committed to protecting your privacy and being transparent about our data practices. By using the Service, you agree to the collection and use of information as described in this Privacy Policy.

1. Information We Collect

Information You Provide

We collect information you directly provide to us, including:

  • Account Information: Name, email address, password, company name, job title
  • Profile Information: Profile photo, preferences, settings
  • Billing Information: Credit card details, billing address (processed securely through our payment processor)
  • Content and Files: Data, files, and content you upload, create, or store in the Service
  • Communications: Messages you send to us via email, support requests, or in-app chat
  • Feedback: Survey responses, feature requests, and other feedback

Information We Collect Automatically

When you use the Service, we automatically collect:

  • Usage Data: Pages viewed, features used, actions taken, time spent, frequency of use
  • Device Information: IP address, browser type and version, operating system, device type
  • Log Data: Access times, error logs, performance data
  • Cookies and Tracking: See our Cookie Policy section below

Information from Third Parties

We may receive information from:

  • Authentication Providers: If you sign in via Google, Facebook, or other third-party services, we receive basic profile information
  • Payment Processors: Payment confirmation and billing information
  • Analytics Services: Aggregated usage patterns and demographics

2. How We Use Your Information

We use your information for the following purposes:

To Provide and Improve the Service

  • Create and manage your account
  • Process transactions and send billing confirmations
  • Provide customer support and respond to inquiries
  • Monitor and improve Service performance and reliability
  • Develop new features and functionality
  • Debug and fix technical issues

To Communicate with You

  • Send service-related notifications (account changes, security alerts, system updates)
  • Respond to your requests and questions
  • Send marketing communications (with your consent; you may opt out)
  • Request feedback and conduct surveys

For Security and Compliance

  • Detect, prevent, and investigate fraud and abuse
  • Enforce our Terms of Service
  • Comply with legal obligations and protect legal rights
  • Conduct security audits and risk assessments

For Analytics and Research

  • Analyze usage patterns and trends
  • Conduct market research
  • Create aggregated, anonymized statistics
  • Measure effectiveness of marketing campaigns

3. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA), UK, or Switzerland, we process your personal data based on the following legal grounds:

  • Contract Performance: To provide the Service you've subscribed to
  • Legitimate Interests: To improve our Service, prevent fraud, and ensure security
  • Consent: For marketing communications and non-essential cookies (you may withdraw consent)
  • Legal Obligation: To comply with laws and regulations

4. How We Share Your Information

We do not sell your personal information. We share your information only in these circumstances:

Service Providers

We share information with third-party vendors who provide services on our behalf:

  • Hosting: Cloud infrastructure providers (e.g., AWS, Google Cloud)
  • Payment Processing: Stripe, PayPal, or similar payment processors
  • Email: Email delivery services for transactional and marketing emails
  • Analytics: Google Analytics, Mixpanel, or similar analytics tools
  • Support: Customer support and help desk platforms
  • Security: Security monitoring and fraud prevention services

All service providers are contractually bound to protect your data and use it only for specified purposes.

Business Transfers

If we are involved in a merger, acquisition, sale of assets, or bankruptcy, your information may be transferred as part of that transaction. We will notify you before your information is transferred and becomes subject to a different privacy policy.

Legal Requirements

We may disclose your information if required to:

  • Comply with laws, regulations, or legal processes
  • Respond to government or law enforcement requests
  • Protect our rights, property, or safety
  • Prevent fraud or security threats
  • Enforce our Terms of Service

With Your Consent

We may share your information with other parties when you give us explicit consent to do so.

5. Data Retention

We retain your personal information for as long as necessary to provide the Service and fulfill the purposes described in this Privacy Policy:

  • Account Data: Retained while your account is active and for 30 days after account deletion
  • Usage Data: Retained for up to 2 years for analytics and service improvement
  • Billing Records: Retained for 7 years to comply with tax and accounting requirements
  • Support Communications: Retained for 3 years for quality assurance
  • Marketing Data: Retained until you opt out or request deletion

After the retention period, we securely delete or anonymize your information. Some information may be retained in backup systems for up to 90 days before permanent deletion.

6. Data Security

We implement comprehensive security measures to protect your information:

  • Encryption: Data is encrypted in transit (TLS/SSL) and at rest (AES-256)
  • Access Controls: Strict access controls and authentication requirements for our team
  • Monitoring: Continuous security monitoring and intrusion detection
  • Audits: Regular security audits and vulnerability assessments
  • Backups: Regular encrypted backups stored in secure locations
  • Incident Response: Documented procedures for responding to security incidents

While we use industry-standard security measures, no system is completely secure. We cannot guarantee absolute security, but we take all reasonable measures to protect your data.

7. Your Rights and Choices

Access and Portability

You have the right to access your personal information and receive a copy in a portable format. You can export most of your data directly through the Service.

Correction and Updates

You can update your account information at any time through your account settings.

Deletion

You can request deletion of your account and personal information by contacting us at hello@assetos.io. We will delete your information within 30 days, except where we are required by law to retain it.

Marketing Opt-Out

You can opt out of marketing emails by clicking the "unsubscribe" link in any marketing email or by adjusting your preferences in account settings. Note that you will still receive transactional emails related to your account.

Cookies

You can control cookies through your browser settings. Note that disabling cookies may affect Service functionality.

Do Not Track

We do not currently respond to "Do Not Track" browser signals, but you can control tracking through our cookie preferences.

8. GDPR Rights (EEA, UK, Switzerland Users)

If you are located in the European Economic Area, UK, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR):

  • Right to Access: Request a copy of your personal data
  • Right to Rectification: Correct inaccurate or incomplete data
  • Right to Erasure: Request deletion of your personal data ("right to be forgotten")
  • Right to Restriction: Limit how we process your data
  • Right to Data Portability: Receive your data in a structured, machine-readable format
  • Right to Object: Object to processing based on legitimate interests
  • Right to Withdraw Consent: Withdraw consent for processing at any time
  • Right to Complain: Lodge a complaint with your local data protection authority

To exercise these rights, contact us at hello@assetos.io. We will respond within 30 days.

Data Protection Officer

For GDPR-related inquiries, you can contact our data protection officer at hello@assetos.io.

9. CCPA Rights (California Users)

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA):

  • Right to Know: Request information about personal data we collect, use, and share
  • Right to Delete: Request deletion of your personal data
  • Right to Opt-Out: Opt out of the "sale" of personal data (note: we do not sell personal data)
  • Right to Non-Discrimination: Not be discriminated against for exercising your rights

To exercise these rights, contact us at hello@assetos.io or call us at the number provided on our website. We will verify your identity before processing requests.

Categories of Information Collected

In the past 12 months, we have collected the following categories of personal information:

  • Identifiers (name, email, IP address)
  • Commercial information (purchase history, billing)
  • Internet activity (browsing, usage patterns)
  • Professional information (job title, company)

10. Cookie Policy

We use cookies and similar tracking technologies to provide and improve the Service. Cookies are small text files stored on your device.

Types of Cookies We Use

  • Essential Cookies: Required for the Service to function (authentication, security, session management). These cannot be disabled.
  • Analytics Cookies: Help us understand how users interact with the Service (Google Analytics, Mixpanel). You can opt out through cookie preferences.
  • Marketing Cookies: Track your activity across websites to deliver relevant advertising. You can opt out through cookie preferences.
  • Preference Cookies: Remember your settings and preferences (language, theme, layout).

Managing Cookies

You can manage cookie preferences through our cookie banner or your browser settings. Most browsers allow you to:

  • View and delete cookies
  • Block third-party cookies
  • Block all cookies (may affect functionality)
  • Clear cookies when you close your browser

Third-Party Cookies

Some cookies are placed by third-party services. We do not control these cookies. Review third-party privacy policies for details.

11. International Data Transfers

The Service is operated from Estonia, a member state of the European Union. As we operate within the EU, data protection for EU/EEA users remains under GDPR jurisdiction. For users outside the EU/EEA, your information will be transferred to, stored, and processed in Estonia and other locations where our service providers operate.

For users in the EEA, UK, or Switzerland, we ensure appropriate safeguards are in place for any international transfers outside the EEA:

  • Standard Contractual Clauses approved by the European Commission
  • Adequacy decisions by the European Commission
  • GDPR-compliant data processing agreements with all service providers

12. Children's Privacy

The Service is not intended for children under 18 years old. We do not knowingly collect personal information from children under 18.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us at hello@assetos.io. We will delete the information promptly.

13. Third-Party Links and Services

The Service may contain links to third-party websites or integrate with third-party services. We are not responsible for the privacy practices of these third parties.

We encourage you to review the privacy policies of any third-party services before providing them with your information.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of material changes by:

  • Posting the updated Privacy Policy on our website
  • Sending an email notification to your registered email address
  • Displaying a prominent notice in the Service

We will provide at least 30 days' notice before material changes take effect. Your continued use of the Service after changes take effect constitutes acceptance of the updated Privacy Policy.

The "Last updated" date at the top of this Privacy Policy indicates when it was last revised.

15. Data Breach Notification

In the event of a data breach that affects your personal information, we will notify you within 72 hours of becoming aware of the breach, as required by law. We will provide information about:

  • The nature of the breach
  • What information was affected
  • Steps we are taking to address the breach
  • Recommended actions you can take to protect yourself

16. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

  • Email: hello@assetos.io
  • Website: www.assetos.io
  • Company: AssetOS
  • Location: Tallinn, Estonia

Response Time

We will respond to your privacy-related inquiries within 30 days. For GDPR or CCPA requests, we will respond within the timeframes required by law.

Complaints

If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority:

  • EEA/UK: Contact your national data protection authority
  • Estonia: Contact the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon)
  • California: Contact the California Attorney General's office

17. Additional Information for Specific Regions

Australia

Australian users have rights under the Privacy Act 1988. We comply with the Australian Privacy Principles and will handle your information accordingly.

Canada

Canadian users have rights under the Personal Information Protection and Electronic Documents Act (PIPEDA). We comply with PIPEDA requirements for the collection, use, and disclosure of personal information.

Brazil

Brazilian users have rights under the Lei Geral de Proteção de Dados (LGPD). We comply with LGPD requirements and you may exercise your rights as provided under Brazilian law.

This Privacy Policy is written in English. If we provide a translation, the English version will prevail in case of any discrepancy.

We use cookies to analyze site traffic and improve your experience. Learn more