Draft — pending legal review
This document is a template provided for convenience and does not constitute legal advice. It has not yet been reviewed by counsel and may change before it becomes binding.
Privacy Policy
This Privacy Policy explains what data Asenta collects, how we use and share it, and the choices you have. Asenta is the human-in-the-loop approval, audit, and learning layer for AI pipelines.
- Effective
- July 1, 2026
- Last updated
- July 1, 2026
1. Scope and roles
This policy applies to information processed through the Asenta website, dashboard, and APIs (the “Service”). It should be read together with our Terms of Service.
- For account and billing information, and for the operation of the Service generally, Asenta acts as a controller.
- For the AI output, metadata, edits, decisions, and assets you submit for review (“Customer Content”), Asenta acts as a processor on your behalf. You are the controller of that content and are responsible for having a lawful basis to submit it and for what it contains.
2. Information we collect
- Account data — name, email address, hashed password (managed by our authentication provider), and organization membership and roles.
- Organization & configuration data — organization name, plan and quota settings, approval policies, oversight-gate rules, review templates, webhook endpoints, and API key metadata (keys are stored only as hashes).
- Customer Content — the AI output you submit for review, associated metadata, reviewer edits, approval/rejection/regeneration decisions, and any images or assets you upload. This may include personal data about third parties if you choose to submit it.
- Audit and activity data — an immutable record of decisions (who acted, when, and what changed), webhook delivery logs, and notification records, used to provide the audit trail and to operate the Service.
- Usage and device data — log data such as IP address, browser type, timestamps, and pages or endpoints accessed, collected automatically to secure and improve the Service.
3. How we use information
- to provide, operate, and maintain the Service, including routing items for review, delivering signed webhooks, and serving the learning-loop feedback you request;
- to authenticate users, secure accounts, and prevent abuse or fraud;
- to send transactional and notification email (for example, review notifications and account messages);
- to maintain the audit trail and comply with legal obligations;
- to monitor, debug, and improve the reliability and performance of the Service.
Asenta does not sell personal data. We do not use Customer Content to train our own or any third party’s models. The learning loop operates only within your own organization: your reviewers’ edits are surfaced back to your organization as style rules and examples that you retrieve through the feedback API.
5. Data retention
We retain account and organization data for as long as your account is active. Customer Content, including the audit trail, is retained to provide the Service and to preserve the integrity of the decision record. When you delete content or close your account, we delete or de-identify the associated data within a reasonable period, except where we are required or permitted by law to retain it (for example, for legal, tax, or security purposes).
6. Security
We use technical and organizational measures designed to protect information, including encryption in transit, row-level access controls scoped by organization, hashed credentials and API keys, and signed webhooks. No method of transmission or storage is perfectly secure; we cannot guarantee absolute security, but we work to protect your information and to promptly address issues we identify.
7. International data transfers
Our subprocessors may process data in countries other than your own. Where required, we rely on appropriate safeguards for such transfers. [Specific transfer mechanisms to be confirmed in legal review.]
8. Your rights and choices
Depending on your location, you may have rights to access, correct, export, or delete personal data, to object to or restrict certain processing, and to withdraw consent. Because much of the personal data in the Service is Customer Content that we process on behalf of a customer, we will refer requests about that content to the relevant customer (controller) and support them in responding. To exercise rights regarding data for which Asenta is the controller, contact us using the details below.
10. Children
The Service is intended for business use and is not directed to children. We do not knowingly collect personal data from children. If you believe a child has provided us personal data, contact us so we can address it.
11. Changes to this policy
We may update this policy from time to time. When we make material changes, we will update the “Last updated” date above and, where appropriate, provide additional notice. Your continued use of the Service after a change takes effect constitutes acceptance of the updated policy.
12. Contact
Questions or privacy requests can be sent to support@asenta.app.