Asserto AI – Data Privacy Policy
Last updated: 27 June, 2025
Effective date: 27 June, 2025
Website: https://asserto.ai
Contact: hi@asserto.ai
Asserto AI (“Asserto”, “we”, “us”, or “our”) respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, share, and protect your information when you use our website, platform, and services. This Policy applies to all users globally, with specific provisions to comply with the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA/CPRA), along with other applicable U.S. state laws.
1. Scope of this Privacy Policy
This Privacy Policy covers:
- Visitors to our website ((https://asserto.ai))
- Users of our platform and services (including free trials and demos)
- Business contacts (e.g., prospects, partners, vendors)
- Communications via email, forms, and events
It does not apply to third-party websites or services you may access via our platform or to any personal data processed by Asserto AI customers through their own configurations of our platform (i.e., as data controllers).
2. Types of Personal Data We Collect
We collect the following categories of personal information:
A. Information You Provide Directly
- Full name, job title, company, country
- Email address, phone number
- Login credentials (e.g., username, hashed password)
- Feedback, messages, and other correspondence
- Billing and payment details (if applicable)
B. Automatically Collected Data
- IP address and geolocation
- Browser type and device ID
- Operating system, screen resolution
- Pages viewed, links clicked, referring URLs
- Cookie identifiers and session activity
C. Information from Third Parties
- Authentication providers (e.g., Google, Microsoft SSO)
- Business and marketing platforms
- Publicly available databases or social media (if relevant to B2B outreach)
3. Legal Bases for Processing (GDPR)
Under GDPR, we process your data under the following legal grounds:
Purpose | Legal Basis |
---|---|
Account registration and service provision | Contractual necessity |
Customer support | Legitimate interest |
Product updates, newsletters | Consent |
Analytics and service improvement | Legitimate interest |
Compliance with legal obligations | Legal obligation |
Marketing (B2B) | Legitimate interest (opt-out enabled) |
4. Use of Personal Data
We use your data to:
- Deliver and manage our services
- Provide customer support and respond to inquiries
- Analyze user behavior and improve our offerings
- Send service-related communications
- Conduct security monitoring and fraud detection
- Run marketing and promotional campaigns (with appropriate consent)
- Fulfill contractual and legal obligations
We do not sell personal data for monetary gain.
5. Cookies and Tracking Technologies
We use:
- Essential cookies: Required for functionality
- Analytics cookies: Google Analytics, Mixpanel, or similar for usage tracking
See our Cookie Policy for full details.
6. Data Sharing and Disclosure
We may share your data with:
A. Service Providers (Processors)
- Cloud hosting (e.g., AWS, Azure)
- CRM, marketing automation, analytics
- Payment and billing processors
Each provider is contractually obligated to protect your data in line with GDPR Article 28 and U.S. privacy laws.
B. Business Transfers
If we are involved in a merger, acquisition, or asset sale, your information may be transferred.
C. Legal Requirements
We may disclose your data if required by law, subpoena, or regulatory obligation.
7. International Data Transfers
If you are located in the EEA, UK, or Switzerland, your data may be transferred to the United States or other jurisdictions. In such cases, we ensure appropriate safeguards such as:
- Standard Contractual Clauses (SCCs)
- UK International Data Transfer Addendum
- Binding Corporate Rules (if applicable)
8. Data Retention
We retain personal data as follows:
- For active customers: As long as the account remains active
- For legal and compliance purposes: Up to 7 years, depending on the requirement
- For marketing contacts: Until you opt out or request deletion
When data is no longer needed, we securely delete or anonymize it.
9. Your Privacy Rights
EU/UK (GDPR)
You have the right to:
- Access your data
- Rectify inaccuracies
- Request erasure ("right to be forgotten")
- Restrict or object to processing
- Data portability
- Withdraw consent
To exercise your rights, contact: hi@asserto.ai
California (CCPA/CPRA)
You may:
- Request to know what data we collect and how we use it
- Request deletion of your personal data
- Opt-out of "selling" or "sharing" data (we do not sell personal data)
- Correct your personal information
- Limit use of sensitive personal information
- Not be discriminated against for exercising your rights
To submit a request, contact: hi@asserto.ai We will verify your identity before processing requests.
10. Data Security
We implement appropriate security measures including:
- End-to-end encryption (TLS)
- Access control with MFA
- Audit logging and activity monitoring
- Regular penetration testing and vulnerability scanning
If a data breach occurs, we will notify you and regulators as required by law.
11. Children’s Privacy
Our services are not intended for individuals under 16. We do not knowingly collect personal data from minors. If you believe we have inadvertently collected such data, contact us immediately for removal.
12. Changes to This Privacy Policy
We may revise this policy from time to time. Material changes will be notified via email (if you are a registered user) or via website banner. Please review this page periodically for updates.
13. Contact Us
For privacy-related questions, rights requests, or complaints: Data Protection Officer (DPO) Asserto AI Email: hi@asserto.ai Address: 32 PEKIN STREET, #05-01, SINGAPORE 048762 Supervisory Authority (EU/UK residents): You have the right to lodge a complaint with your local data protection authority.
Cookie Policy (GDPR + CCPA/CPRA Compliant)
Asserto AI – Cookie Policy
Effective Date: 2025-06-27
This Cookie Policy explains how Asserto AI ("we", "us", "our") uses cookies and similar tracking technologies on our website ((https://asserto.ai)). This policy is part of our Privacy Policy and adheres to the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA/CPRA).
1. What Are Cookies?
Cookies are small text files placed on your device when you visit a website. They help us provide functionality, analyze site usage, personalize content, and support marketing efforts.
2. Types of Cookies We Use
Cookie Type | Purpose | Duration |
---|---|---|
Strictly Necessary | Enables core functionality like security and navigation | Session |
Performance | Tracks usage for site optimization (e.g., Google Analytics) | 6–24 months |
Functional | Remembers your preferences | 6–12 months |
Targeting/Marketing | Personalizes ads and measures campaign effectiveness | 6–24 months |
3. Third-Party Cookies
We may use third-party services such as:
- Google Analytics
- HubSpot/Intercom (for customer interaction)
These third parties may place cookies to collect information about your activities.
4. Managing Your Preferences
- Browser Settings: You can also manage cookie settings directly through your browser.
- Opt-Out Tools: For Google Analytics, use the Google opt-out add-on.
5. Updates
We may update this policy as needed. Please check periodically for changes.
Contact us at: privacy@asserto.ai
Data Processing Addendum (DPA)
Asserto AI – Data Processing Addendum
Effective Date: 2025-06-27
This DPA forms part of the Master Services Agreement or Terms of Service between Asserto AI and the customer ("Controller").
1. Definitions
- “Personal Data”: As defined under GDPR Article 4(1) and CCPA Section 1798.140.
- “Processor”: Asserto AI.
- “Controller”: Customer using Asserto’s services.
- “Sub-Processor”: Third-party data processors engaged by Asserto.
2. Scope and Roles
Asserto processes Personal Data solely on behalf of the Customer. The Customer is the data controller; Asserto is the data processor.
3. Processing Details
- Subject Matter: Provision of AI-enabled services.
- Duration: Duration of service agreement.
- Nature and Purpose: Hosting, analytics, support, feature delivery.
- Types of Data: Names, emails, usage logs, optional custom fields.
- Data Subjects: End users, customers, employees of the Controller.
4. Obligations of the Processor
- Process data only under documented instructions.
- Implement appropriate technical and organizational measures (encryption, access controls, audits).
- Ensure confidentiality and security of personnel.
- Assist Controller in fulfilling data rights requests (access, erasure, etc.).
- Notify Controller of any personal data breach without undue delay.
- Maintain a record of processing activities.
5. Sub-Processors
Asserto maintains a list of approved sub-processors at . We will notify Controller of material changes and allow objections as per GDPR Article 28.
6. Data Transfers
Transfers outside the EEA/UK will be safeguarded by:
- Standard Contractual Clauses (2021 version)
- UK International Addendum (if applicable)
- Additional safeguards where required
7. Audit Rights
Controller may audit Asserto's compliance with this DPA annually, subject to confidentiality and reasonable scheduling.
8. Data Return or Deletion
Upon contract termination, Asserto will delete or return personal data unless otherwise required by law.
9. Liability
Each party’s liability under this DPA shall follow the limits in the main agreement.
Contact: hi@asserto.ai 32 PEKIN STREET, #05-01, SINGAPORE 048762