Asserto AI – Data Privacy Policy

Asserto AI ("Asserto", "we", "us", or "our") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, share, and protect your information when you use our website, platform, and services. This Policy applies to all users globally, with specific provisions to comply with the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA/CPRA), along with other applicable U.S. state laws.

1. Scope of this Privacy Policy

This Privacy Policy covers:

• Visitors to our website (https://asserto.ai)
• Users of our platform and services (including free trials and demos)
• Business contacts (e.g., prospects, partners, vendors)
• Communications via email, forms, and events

It does not apply to third-party websites or services you may access via our platform or to any personal data processed by Asserto AI customers through their own configurations of our platform (i.e., as data controllers).

2. Types of Personal Data We Collect

We collect the following categories of personal information:

A. Information You Provide Directly

• Full name, job title, company, country
• Email address, phone number
• Login credentials (e.g., username, hashed password)
• Feedback, messages, and other correspondence
• Billing and payment details (if applicable)

B. Automatically Collected Data

• IP address and geolocation
• Browser type and device ID
• Operating system, screen resolution
• Pages viewed, links clicked, referring URLs
• Cookie identifiers and session activity

C. Information from Third Parties

• Authentication providers (e.g., Google, Microsoft SSO)
• Business and marketing platforms
• Publicly available databases or social media (if relevant to B2B outreach)

3. Legal Bases for Processing (GDPR)

Under GDPR, we process your data under the following legal grounds:

4. Use of Personal Data

We use your data to:

• Deliver and manage our services
• Provide customer support and respond to inquiries
• Analyze user behavior and improve our offerings
• Send service-related communications
• Conduct security monitoring and fraud detection
• Run marketing and promotional campaigns (with appropriate consent)
• Fulfill contractual and legal obligations

We do not sell personal data for monetary gain.

5. Cookies and Tracking Technologies

We use:

• Essential cookies: Required for functionality
• Analytics cookies: Google Analytics, Mixpanel, or similar for usage tracking

See our Cookie Policy for full details.

6. Data Sharing and Disclosure

We may share your data with:

A. Service Providers (Processors)

• Cloud hosting (e.g., AWS, Azure)
• CRM, marketing automation, analytics
• Payment and billing processors

Each provider is contractually obligated to protect your data in line with GDPR Article 28 and U.S. privacy laws.

B. Business Transfers

If we are involved in a merger, acquisition, or asset sale, your information may be transferred.

C. Legal Requirements

We may disclose your data if required by law, subpoena, or regulatory obligation.

7. International Data Transfers

If you are located in the EEA, UK, or Switzerland, your data may be transferred to the United States or other jurisdictions. In such cases, we ensure appropriate safeguards such as:

• Standard Contractual Clauses (SCCs)
• UK International Data Transfer Addendum
• Binding Corporate Rules (if applicable)

8. Data Retention

We retain personal data as follows:

• For active customers: As long as the account remains active
• For legal and compliance purposes: Up to 7 years, depending on the requirement
• For marketing contacts: Until you opt out or request deletion

When data is no longer needed, we securely delete or anonymize it.

9. Your Privacy Rights

EU/UK (GDPR)

You have the right to:

• Access your data
• Rectify inaccuracies
• Request erasure ("right to be forgotten")
• Restrict or object to processing
• Data portability
• Withdraw consent

To exercise your rights, contact: hi@asserto.ai

California (CCPA/CPRA)

You may:

• Request to know what data we collect and how we use it
• Request deletion of your personal data
• Opt-out of "selling" or "sharing" data (we do not sell personal data)
• Correct your personal information
• Limit use of sensitive personal information
• Not be discriminated against for exercising your rights

To submit a request, contact: hi@asserto.ai We will verify your identity before processing requests.

10. Data Security

We implement appropriate security measures including:

• End-to-end encryption (TLS)
• Access control with MFA
• Audit logging and activity monitoring
• Regular penetration testing and vulnerability scanning

If a data breach occurs, we will notify you and regulators as required by law.

11. Children's Privacy

Our services are not intended for individuals under 16. We do not knowingly collect personal data from minors. If you believe we have inadvertently collected such data, contact us immediately for removal.

12. Changes to This Privacy Policy

We may revise this policy from time to time. Material changes will be notified via email (if you are a registered user) or via website banner. Please review this page periodically for updates.

13. Contact Us

For privacy-related questions, rights requests, or complaints:

Cookie Policy (GDPR + CCPA/CPRA Compliant)

Asserto AI – Cookie Policy

Effective Date: 2025-06-27

This Cookie Policy explains how Asserto AI ("we", "us", "our") uses cookies and similar tracking technologies on our website (https://asserto.ai). This policy is part of our Privacy Policy and adheres to the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA/CPRA).

1. What Are Cookies?

Cookies are small text files placed on your device when you visit a website. They help us provide functionality, analyze site usage, personalize content, and support marketing efforts.

2. Types of Cookies We Use

3. Third-Party Cookies

We may use third-party services such as:

• Google Analytics
• HubSpot/Intercom (for customer interaction)

These third parties may place cookies to collect information about your activities.

4. Managing Your Preferences

Browser Settings: You can also manage cookie settings directly through your browser.

Opt-Out Tools: For Google Analytics, use the Google opt-out add-on.

5. Updates

We may update this policy as needed. Please check periodically for changes.

Contact us at: privacy@asserto.ai

Data Processing Addendum (DPA)

Asserto AI – Data Processing Addendum

Effective Date: 2025-06-27

This DPA forms part of the Master Services Agreement or Terms of Service between Asserto AI and the customer ("Controller").

1. Definitions

• "Personal Data": As defined under GDPR Article 4(1) and CCPA Section 1798.140.
• "Processor": Asserto AI.
• "Controller": Customer using Asserto's services.
• "Sub-Processor": Third-party data processors engaged by Asserto.

2. Scope and Roles

Asserto processes Personal Data solely on behalf of the Customer. The Customer is the data controller; Asserto is the data processor.

3. Processing Details

• Subject Matter: Provision of AI-enabled services.
• Duration: Duration of service agreement.
• Nature and Purpose: Hosting, analytics, support, feature delivery.
• Types of Data: Names, emails, usage logs, optional custom fields.
• Data Subjects: End users, customers, employees of the Controller.

4. Obligations of the Processor

• Process data only under documented instructions.
• Implement appropriate technical and organizational measures (encryption, access controls, audits).
• Ensure confidentiality and security of personnel.
• Assist Controller in fulfilling data rights requests (access, erasure, etc.).
• Notify Controller of any personal data breach without undue delay.
• Maintain a record of processing activities.

5. Sub-Processors

Asserto maintains a list of approved sub-processors. We will notify Controller of material changes and allow objections as per GDPR Article 28.

6. Data Transfers

Transfers outside the EEA/UK will be safeguarded by:

• Standard Contractual Clauses (2021 version)
• UK International Addendum (if applicable)
• Additional safeguards where required

7. Audit Rights

Controller may audit Asserto's compliance with this DPA annually, subject to confidentiality and reasonable scheduling.

8. Data Return or Deletion

Upon contract termination, Asserto will delete or return personal data unless otherwise required by law.

9. Liability

Each party's liability under this DPA shall follow the limits in the main agreement.