Draft — pending legal review

This document is a template provided for convenience and does not constitute legal advice. It has not yet been reviewed by counsel and may change before it becomes binding.

Privacy Policy

This Privacy Policy explains what data Asenta collects, how we use and share it, and the choices you have. Asenta is the human-in-the-loop approval, audit, and learning layer for AI pipelines.

Effective
July 1, 2026
Last updated
July 1, 2026

1. Scope and roles

This policy applies to information processed through the Asenta website, dashboard, and APIs (the “Service”). It should be read together with our Terms of Service.

  • For account and billing information, and for the operation of the Service generally, Asenta acts as a controller.
  • For the AI output, metadata, edits, decisions, and assets you submit for review (“Customer Content”), Asenta acts as a processor on your behalf. You are the controller of that content and are responsible for having a lawful basis to submit it and for what it contains.

2. Information we collect

  • Account data — name, email address, hashed password (managed by our authentication provider), and organization membership and roles.
  • Organization & configuration data — organization name, plan and quota settings, approval policies, oversight-gate rules, review templates, webhook endpoints, and API key metadata (keys are stored only as hashes).
  • Customer Content — the AI output you submit for review, associated metadata, reviewer edits, approval/rejection/regeneration decisions, and any images or assets you upload. This may include personal data about third parties if you choose to submit it.
  • Audit and activity data — an immutable record of decisions (who acted, when, and what changed), webhook delivery logs, and notification records, used to provide the audit trail and to operate the Service.
  • Usage and device data — log data such as IP address, browser type, timestamps, and pages or endpoints accessed, collected automatically to secure and improve the Service.

3. How we use information

  • to provide, operate, and maintain the Service, including routing items for review, delivering signed webhooks, and serving the learning-loop feedback you request;
  • to authenticate users, secure accounts, and prevent abuse or fraud;
  • to send transactional and notification email (for example, review notifications and account messages);
  • to maintain the audit trail and comply with legal obligations;
  • to monitor, debug, and improve the reliability and performance of the Service.

Asenta does not sell personal data. We do not use Customer Content to train our own or any third party’s models. The learning loop operates only within your own organization: your reviewers’ edits are surfaced back to your organization as style rules and examples that you retrieve through the feedback API.

4. How we share information — subprocessors

We share information with service providers who process it on our behalf under appropriate confidentiality and data-protection obligations:

  • Supabase — managed database, authentication, and file/object storage for accounts, queue items, audit records, and uploaded assets.
  • Vercel — application hosting, serverless compute, and content delivery for the dashboard and APIs.
  • Resend — delivery of transactional and notification email.

We may also disclose information to comply with law or valid legal process, to enforce our agreements, or to protect the rights, safety, and security of Asenta, our customers, or the public. If Asenta is involved in a merger, acquisition, or asset sale, information may be transferred as part of that transaction, subject to this policy.

5. Data retention

We retain account and organization data for as long as your account is active. Customer Content, including the audit trail, is retained to provide the Service and to preserve the integrity of the decision record. When you delete content or close your account, we delete or de-identify the associated data within a reasonable period, except where we are required or permitted by law to retain it (for example, for legal, tax, or security purposes).

6. Security

We use technical and organizational measures designed to protect information, including encryption in transit, row-level access controls scoped by organization, hashed credentials and API keys, and signed webhooks. No method of transmission or storage is perfectly secure; we cannot guarantee absolute security, but we work to protect your information and to promptly address issues we identify.

7. International data transfers

Our subprocessors may process data in countries other than your own. Where required, we rely on appropriate safeguards for such transfers. [Specific transfer mechanisms to be confirmed in legal review.]

8. Your rights and choices

Depending on your location, you may have rights to access, correct, export, or delete personal data, to object to or restrict certain processing, and to withdraw consent. Because much of the personal data in the Service is Customer Content that we process on behalf of a customer, we will refer requests about that content to the relevant customer (controller) and support them in responding. To exercise rights regarding data for which Asenta is the controller, contact us using the details below.

9. Cookies

We use strictly necessary cookies and similar technologies to keep you signed in and to operate the Service securely. We do not use the Service to serve third-party advertising.

10. Children

The Service is intended for business use and is not directed to children. We do not knowingly collect personal data from children. If you believe a child has provided us personal data, contact us so we can address it.

11. Changes to this policy

We may update this policy from time to time. When we make material changes, we will update the “Last updated” date above and, where appropriate, provide additional notice. Your continued use of the Service after a change takes effect constitutes acceptance of the updated policy.

12. Contact

Questions or privacy requests can be sent to support@asenta.app.