Privacy Policy

We collect information in the following categories:

1.1 Information You Provide

When you create an account or use the Service, you voluntarily provide us with:

• Name and work email address
• Organization name and role
• IT asset and inventory data that you enter into the Service ("Customer Data")
• Communications you send to us, including support inquiries and feedback

1.2 Information Collected Automatically

When you access or use the Service, we automatically collect certain technical and usage information, including:

• IP address, browser type and version, and operating system
• Device type, screen resolution, and unique device identifiers
• Referring URLs and pages visited within the Service
• Actions taken, features used, timestamps, and session duration
• Server log data, including request timestamps, response codes, and data transferred

1.3 Payment Information

Payment processing is handled by Stripe, Inc. We do not store, process, or have access to your full credit card numbers or complete payment credentials on our servers. We may receive and retain limited payment-related information from Stripe for record-keeping purposes, such as the last four digits of your card number, card brand, expiration date, and billing address.

1.4 Cookies and Tracking Technologies

We use the following categories of cookies and similar tracking technologies:

• Strictly Necessary Cookies: These cookies are required for the Service to function properly, including authentication, session management, and security. These cookies cannot be disabled without impairing the Service.
• Analytics Cookies: We use Google Analytics, a third-party analytics service, to collect aggregated information about how users interact with the Service, including pages visited, session duration, and feature engagement. Google Analytics may set its own cookies on your device.

You may opt out of analytics cookies by adjusting your browser settings, by using the Google Analytics Opt-Out Browser Add-on, or by contacting us at privacy@assetcompass.co. Disabling analytics cookies will not affect the core functionality of the Service.

We use the information we collect for the following purposes:

• To provide, operate, maintain, and improve the Service
• To process transactions and send related billing and account information
• To send transactional communications related to your account, including confirmations, invoices, security alerts, and support messages
• To respond to your inquiries, comments, and requests for support
• To monitor and analyze trends, usage, and activity to improve the user experience
• To detect, investigate, and prevent fraudulent, unauthorized, or illegal activity
• To protect the security and integrity of the Service and our infrastructure
• To comply with applicable legal obligations, legal process, or governmental requests
• To enforce our Terms of Service and other agreements

Marketing Communications

We may occasionally send you non-transactional communications, such as product updates, feature announcements, or company news. You may opt out of these communications at any time by clicking the "unsubscribe" link included in the email or by contacting us at privacy@assetcompass.co. Opting out of marketing communications will not affect your receipt of transactional messages related to your account.

We do not sell your personal information to any third party. We do not use your Customer Data to train artificial intelligence or machine learning models.

We do not sell, rent, or trade your personal information. We share information only in the following circumstances:

3.1 Service Providers (Sub-processors)

We engage the following third-party service providers to assist in operating the Service. Each provider processes data on our behalf and solely for the purposes described below:

• Supabase, Inc. — Database hosting and user authentication (United States)
• Stripe, Inc. — Payment processing (United States)
• Resend, Inc. — Transactional email delivery (United States)
• Google LLC — Usage analytics via Google Analytics (United States)
• Vercel, Inc. — Application hosting and content delivery (United States / Global CDN)

We select providers that we believe maintain appropriate security and privacy practices. Where available, we maintain data processing agreements with our sub-processors. We encourage you to review the privacy policies of these providers for additional details about their data handling practices.

3.2 Legal Obligations and Protection of Rights

We may disclose your information if we believe in good faith that such disclosure is necessary to: (a) comply with applicable law, regulation, legal process, or enforceable governmental request; (b) enforce our Terms of Service or investigate potential violations; (c) detect, prevent, or otherwise address fraud, security, or technical issues; or (d) protect the rights, property, or safety of the Company, our users, or the public as required or permitted by law.

3.3 Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, dissolution, or other sale or transfer of all or a portion of the Company's assets, your information may be among the assets transferred. We will provide notice via email or a prominent posting on the Service before your personal information is transferred and becomes subject to a different privacy policy. You will have the opportunity to opt out of such a transfer if the new entity's privacy practices differ materially from those described here.

The Service is operated from the United States, and your information is primarily stored and processed in the United States. If you access the Service from outside the United States, please be aware that your information will be transferred to, stored in, and processed in the United States, where data protection and privacy laws may differ from, and may not provide the same level of protection as, those in your home jurisdiction.

The Service is primarily intended for users in the United States. We do not currently maintain Standard Contractual Clauses, Binding Corporate Rules, or other formal cross-border transfer mechanisms. If you are located in the European Economic Area, the United Kingdom, or another jurisdiction that restricts international data transfers, please be aware of this before using the Service. If you have concerns about data transfers, please contact us at privacy@assetcompass.co before creating an account.

We retain your personal information and Customer Data for as long as your account remains active or as reasonably necessary to provide the Service to you.

Upon cancellation of your account, your Customer Data will be automatically deleted thirty (30) days after the effective date of cancellation. You may export your Customer Data at any time while your account is active, and during the 30-day post-cancellation period by contacting us. You may also request earlier deletion by contacting us at privacy@assetcompass.co. We will confirm receipt of any deletion request within five (5) business days.

We may retain anonymized and aggregated data that cannot reasonably be used to identify any individual for analytics, product improvement, and reporting purposes. Such data is not considered personal information.

We may also retain certain information beyond the periods described above to the extent required by applicable law (such as tax, accounting, or other legal requirements), to resolve disputes, to enforce our agreements, or for other legitimate business purposes such as fraud prevention.

We implement commercially reasonable technical and organizational measures designed to protect the security, confidentiality, and integrity of your information, including:

• Encryption of data in transit using TLS/SSL protocols
• Encryption of data at rest
• Role-based access controls to limit internal access to personal information
• Regular monitoring, logging, and review of access to systems containing personal information

While we take the security of your information seriously, no method of transmission over the internet or method of electronic storage is completely secure. We cannot guarantee the absolute security of your information, and any transmission is at your own risk.

In the event of a security breach that compromises the confidentiality, integrity, or availability of your personal information, we will promptly investigate the incident and take appropriate steps to contain and remediate the breach. We will notify affected users and applicable regulatory authorities in the most expedient time possible and without unreasonable delay, in accordance with applicable law. Notification will include, to the extent known, a description of the incident, the types of information involved, and the steps we are taking in response.

Depending on your jurisdiction, you may have certain rights with respect to your personal information. These may include the right to:

• Access the personal information we hold about you
• Request correction of inaccurate or incomplete personal information
• Request deletion of your personal information, subject to certain legal exceptions
• Export your data in a structured, commonly used, and machine-readable format
• Object to or request restriction of certain types of processing
• Withdraw consent where processing is based on your consent

To exercise any of these rights, please contact us at privacy@assetcompass.co. We will acknowledge receipt of your request within five (5) business days and respond substantively within thirty (30) days, or such shorter period as may be required by applicable law. We may need to verify your identity before fulfilling certain requests.

California Consumer Privacy Act (CCPA / CPRA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act:

• Right to Know: You may request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources from which it was collected, the business or commercial purpose for collecting or selling it, and the categories of third parties with whom we share it.
• Right to Delete: You may request deletion of your personal information, subject to certain exceptions provided by law.
• Right to Correct: You may request that we correct inaccurate personal information that we maintain about you.
• Right to Opt-Out of Sale or Sharing: We do not sell or share personal information as those terms are defined under the CCPA/CPRA. If our practices change in the future, we will update this policy and provide a "Do Not Sell or Share My Personal Information" link.
• Right to Non-Discrimination: We will not discriminate against you in any way for exercising your rights under the CCPA/CPRA, including by denying you service, charging different prices, or providing a different quality of service.

Submitting a Request

To submit a request under the CCPA/CPRA, contact us at privacy@assetcompass.co. We will verify your identity before processing your request by confirming information associated with your account. You may designate an authorized agent to submit a request on your behalf. If an authorized agent submits a request, we may require written proof of the agent's authorization and may separately verify your identity.

California "Shine the Light" Law

Under California Civil Code Section 1798.83, California residents may request information regarding the disclosure of personal information to third parties for their direct marketing purposes. We do not disclose personal information to third parties for their direct marketing purposes.

Some web browsers transmit "Do Not Track" (DNT) signals to websites. Because there is currently no universally accepted standard for how companies should respond to DNT signals, we do not currently alter our data collection and use practices in response to DNT signals. If an industry standard for responding to DNT signals is adopted in the future, we will reassess our practices and update this policy accordingly.

The Service is intended for business use and is not directed to individuals under the age of sixteen (16). We do not knowingly collect, solicit, or maintain personal information from anyone under the age of 16. If we become aware that we have collected personal information from a child under 16, we will take steps to delete such information as promptly as practicable. If you believe that a child under 16 has provided us with personal information, please contact us immediately at privacy@assetcompass.co.

We reserve the right to modify this Privacy Policy at any time. If we make material changes, we will provide you with at least thirty (30) days' advance notice, delivered via the email address associated with your account or through a prominent in-app notification. The "Effective Date" at the top of this policy will be updated to reflect the date of the most recent revision. Your continued use of the Service after the effective date of a revised policy constitutes your acceptance of the changes. If you do not agree to the revised policy, you should discontinue use of the Service before the effective date.

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Generic Solutions LLC
DBA Asset Compass
General inquiries: support@assetcompass.co
Privacy inquiries: privacy@assetcompass.co

For privacy-specific matters, including data access requests, deletion requests, and CCPA inquiries, please direct your correspondence to privacy@assetcompass.co.