Privacy Policy
How ASQR collects, uses, and protects your information.
Effective Date: July 4, 2026
1. Introduction
ASQR LLC ("ASQR," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website (asqr.ai) and use our guest intelligence platform (the "Service").
This policy applies to all users of our website and Service, including event organizers, venue operators, and end guests who interact with ASQR-powered communication channels.
Our core privacy principle: We NEVER share your data with third parties for marketing, advertising, or any purpose outside of providing our Service.
Our Role: Controller and Processor
For information about our customers and website visitors (account details, billing, demo requests, and site analytics), ASQR acts as the data controller. For guest communications and event data that our customers process through the Service, ASQR acts as a processor (or service provider) on behalf of the event organizer or venue, who is the controller of that data.
If you are a guest who contacted an event through an ASQR-powered channel, that event organizer's privacy policy governs your data, and we recommend directing privacy requests to them first. We will refer any request we receive to the relevant customer and support them in fulfilling it.
2. Information We Collect
Information You Provide Directly
Account Information:
- Name, email address, phone number
- Company name and role
- Billing information for paid accounts
Service Content:
- Event information you upload (names, dates, venues, policies)
- Knowledge base content (FAQs, procedures, venue details)
- Communication preferences and settings
Communications:
- Messages sent through our platform (email, chat, SMS)
- Support requests and feedback
- Demo requests and sales inquiries
Information Collected Automatically
Technical Information:
- IP address, browser type, device information
- Platform usage data (features used, session duration)
- Performance and error logs
Cookies and Similar Technologies:
- We use strictly necessary cookies for platform functionality
- We use Google Analytics on our website to understand site traffic (with your consent where required)
- No advertising or tracking cookies
Information from Third-Party Integrations
- OAuth identity information (Google, if you choose to connect)
- Email channel data (when you connect email integration)
- Payment information through Stripe (billing name, email, address)
3. How We Use Your Information
We use your information solely to provide and improve our Service:
Service Delivery:
- Operate the ASQR platform and AI-powered communication tools
- Process and route guest communications
- Generate insights and analytics for your events
- Provide customer support and technical assistance
Account Management:
- Authenticate users and maintain account security
- Process billing and subscription management
- Send essential service communications
Service Improvement:
- Analyze platform usage to improve features and performance
- Identify and fix technical issues
- Develop new features and capabilities
Legal Compliance:
- Comply with applicable laws and regulations
- Respond to legal requests and prevent fraud
- Maintain audit logs and security records
We do NOT use your information for:
- Advertising or marketing to third parties
- Selling or sharing data with data brokers
- Training AI models for other customers
- Any purpose outside of providing our Service to you
4. Information Sharing and Disclosure
We NEVER sell, rent, or share your personal information with third parties for their marketing purposes.
We only share your information in these limited circumstances:
Sub-Processors (Service Providers)
We work with a select number of sub-processors who help us operate our website and the Service:
- Supabase: Platform database and backend infrastructure (hosted on AWS)
- Amazon Web Services (AWS): Cloud infrastructure
- Vercel: Website hosting
- OpenAI: AI model services (your data is not used to train OpenAI's models)
- Resend: Transactional email delivery
- Stripe: Payment processing
- Google: Optional sign-in (OAuth) and website analytics
- Sentry: Error monitoring and application performance
All sub-processors are bound by data processing agreements and are prohibited from using your data for any purpose other than providing services to ASQR.
Legal Requirements
We may disclose information when required to:
- Comply with legal obligations, court orders, or valid government requests
- Protect our rights, property, or safety, or that of our users
- Detect, prevent, or address fraud or security issues
Business Transfers
If ASQR is involved in a merger, acquisition, or sale of assets, your information may be transferred. We will notify you of any such change and any choices you may have.
With Your Consent
We may share information for other purposes with your explicit consent.
5. Data Retention
Customer Account Data: Retained for the duration of your account plus 7 years for audit and compliance purposes.
Communication Content: Retained according to your account settings and data retention policies.
Audit Logs: Retained for 7 years for security and compliance purposes.
Billing Information: Retained as required by tax and accounting regulations.
Anonymous Analytics: May be retained indefinitely in aggregated, non-identifiable form.
When you close your account, personal data is anonymized rather than hard-deleted to preserve audit integrity and comply with legal retention requirements.
6. Data Security
We implement enterprise-grade security measures to protect your information:
Technical Safeguards:
- Encryption in transit (HTTPS/TLS) and at rest (AES-256)
- Database-level isolation between customer organizations
- Multi-factor authentication for administrative access
- Regular security monitoring and incident response procedures
Access Controls:
- Role-based access with principle of least privilege
- Regular access reviews and immediate deprovisioning
- Separate authentication systems for platform admins and customers
Infrastructure:
- Industry-standard security controls across our cloud infrastructure
- Regular security updates and vulnerability management
No method of transmission or storage is 100% secure, but we use industry-standard practices and continuously improve our security posture.
7. International Data Transfers
ASQR is based in the United States. Your information may be transferred to, stored, and processed in the United States and other countries where our service providers operate.
For users in the European Economic Area (EEA) and United Kingdom:
- We rely on Standard Contractual Clauses (SCCs) for data transfers
- All sub-processors have appropriate data transfer safeguards in place
- You have rights under GDPR as described below
8. Your Privacy Rights
For All Users
Access: Request information about what personal data we hold about you
Correction: Update or correct inaccurate personal information
Deletion: Request deletion of your personal data (subject to legal retention requirements)
Portability: Receive a copy of your data in a machine-readable format
Additional Rights for EEA/UK Users (GDPR)
Object to Processing: Object to processing based on legitimate interest
Restrict Processing: Limit how we process your data
Withdraw Consent: Where processing is based on consent
Lodge Complaints: Contact your local data protection authority
Additional Rights for US State Residents
Residents of California and a growing number of other states (including Virginia, Colorado, Connecticut, and Texas) have rights under comprehensive state privacy laws:
Know: Categories of personal information collected, used, and disclosed
Correct: Request correction of inaccurate personal information
Delete: Request deletion of personal information
Opt-Out: Opt out of the sale or sharing of personal information (ASQR does not sell or share personal information)
Non-Discrimination: Equal service regardless of privacy rights exercised
To exercise your rights, contact us at privacy@asqr.ai. We will respond within the timeframes required by applicable law (typically 30 days for GDPR requests and 45 days for US state law requests).
9. Children's Privacy
Our Service is not intended for children under 16 years of age. We do not knowingly collect personal information from children under 16. If you become aware that a child has provided us with personal information, please contact us at privacy@asqr.ai.
10. Changes to This Privacy Policy
We may update this Privacy Policy periodically. We will notify you of any material changes by:
- Posting the updated policy on our website
- Sending notification to your email address (for account holders)
- Providing notice through our Service
Your continued use of the Service after changes take effect constitutes acceptance of the updated policy.
11. Contact Information
Data Controller: ASQR LLC
Privacy Contact: privacy@asqr.ai
General Contact: support@asqr.ai
For privacy-related questions, complaints, or to exercise your rights, please contact privacy@asqr.ai.
Last Updated: July 4, 2026