This Privacy Policy describes how Generic Solutions LLC, doing business as Asset Compass ("Asset Compass," "we," "us," or "our") collects, uses, shares, and protects personal information when you visit assetcompass.co, use app.assetcompass.co, or interact with us by email. By using our Service, you acknowledge that you have read and understood this policy.
Asset Compass provides cloud-hosted IT asset management software to businesses and organizations. Our services are accessible at assetcompass.co (marketing site) and app.assetcompass.co (application).
Contact for privacy matters:
Email: [email protected] — Subject: "Privacy Request"
We will respond to verified privacy requests within 45 days. If additional time is needed, we will notify you within that period.
| Category | Examples | Required? |
|---|---|---|
| Account information | Name, work email address, password (stored as a cryptographic hash — never in plain text) | Yes — to create an account |
| Billing information | Name and billing email. Credit card data is collected and stored solely by Stripe — we never receive or store raw card numbers, CVVs, or full card data. | Yes — to subscribe |
| Asset data | Device names, serial numbers, purchase prices, warranty dates, assigned employee names, office locations, and any other data you enter or import | No — you control what you enter |
| Support communications | Content of emails sent to [email protected] | No |
| Category | Examples | Source |
|---|---|---|
| Usage data | Pages visited, features used, time on page, session duration | Google Analytics, Supabase |
| Device and browser data | Browser type and version, operating system, device type | Google Analytics |
| IP address | Your internet protocol address, used to approximate general geographic location (country/region only). IP addresses constitute personal information under applicable law and are treated accordingly. | Google Analytics, Supabase, Cloudflare |
| Referral and traffic source | The URL or source that referred you to our site | Google Analytics |
| Authentication logs | Login timestamps, session tokens (not passwords) | Supabase |
| Cookies | Session and analytics cookies. See Section 6. | Supabase, Google Analytics, Cloudflare |
We receive limited information from Stripe, including payment confirmation status, subscription status, and anonymized billing identifiers. We do not receive full payment card data from Stripe.
We use the information we collect only for the following purposes:
We do not sell your personal information. We do not use your data for targeted advertising. We do not use your asset data or account data to train machine learning models.
For users in the EEA or UK, our lawful bases for processing are:
We do not sell, rent, or trade your personal information. We share data only as follows:
| Recipient | Purpose | Data shared |
|---|---|---|
| Supabase | Database hosting and authentication | Account data, asset data, authentication logs. Isolated, encrypted databases in the United States. |
| Stripe | Payment processing | Billing name, email, payment method. Governed by Stripe's privacy policy. |
| Google Analytics | Anonymized usage analytics | Anonymized usage data, IP address (partially anonymized by Google), device/browser data, referral source. |
| Cloudflare | Content delivery and security | IP addresses and request metadata. Cloudflare has no access to your account or asset data. |
| Legal process | Lawful legal requests | We may disclose information if required by law or valid legal process. We will notify you if legally permitted. |
| Business transfers | Merger, acquisition, or asset sale | Data may transfer with the business. We will notify you before your data becomes subject to a different privacy policy. |
No third party listed above is authorized to use your personal information for their own marketing or commercial purposes. We are not responsible for the data practices of third-party services operating under their own terms and privacy policies. Your use of the Service constitutes acknowledgment that certain data is processed by these third parties subject to their own policies, over which we have no control.
| Cookie | Type | Purpose | Duration |
|---|---|---|---|
| Supabase session token | Strictly necessary | Maintains your login session | Session / until logout |
| Google Analytics (_ga) | Analytics | Distinguishes unique users | 2 years |
| Google Analytics (_ga_*) | Analytics | Maintains GA4 session state | 2 years |
| Cloudflare (__cf_bm) | Strictly necessary | Bot management and DDoS protection | 30 minutes |
You can disable non-essential cookies via your browser settings, which may affect application functionality. You may also opt out of Google Analytics via the Google Analytics Opt-out Browser Add-on. For more on how Google uses this data: policies.google.com/technologies/partner-sites.
| Data category | Retention period | Basis |
|---|---|---|
| Account information (name, email) | Duration of active subscription + 30 days after cancellation | Service delivery; recovery window |
| Asset data | Duration of active subscription + 30 days after cancellation | Service delivery; export window |
| Billing records and payment history | 7 years from transaction date | Tax and accounting legal requirements |
| Support communications | 3 years from last communication | Dispute resolution |
| Security and authentication logs | 90 days | Security incident investigation |
| Google Analytics data | 14 months (Google's default) | Aggregated analytics; subject to Google's policies |
When your subscription is cancelled, your account enters read-only mode. You will receive a cancellation confirmation email. After 30 days, your account data and asset data will be permanently deleted and cannot be recovered. You will receive a reminder approximately 7 days before deletion.
You may request earlier deletion by emailing [email protected]. Billing records are retained for 7 years regardless of deletion requests, as required by law.
We implement the following measures to protect your data:
No security system is impenetrable, and we cannot guarantee absolute security. Despite our efforts, no method of transmission over the internet or electronic storage is 100% secure. We disclaim liability for unauthorized access, disclosure, or loss of your data to the extent permitted by law, provided we have implemented the security measures described above. If you believe your account has been compromised, contact us immediately at [email protected].
Request a copy of the personal information we hold about you.
Request correction of inaccurate or incomplete personal information.
Request deletion of your personal information, subject to legal retention requirements.
Export your asset data at any time via CSV export in the application.
Unsubscribe from marketing emails at any time. See Section 12.
Where processing is based on consent, withdraw it at any time without affecting prior processing.
To exercise any right, email [email protected] — Subject: "Privacy Request." We will verify your identity before processing and respond within 45 days. We reserve the right to deny requests that we cannot verify or that are manifestly unfounded or excessive.
If you are a California resident, the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA) grants you specific rights.
We do not sell your personal information. We do not share your personal information with third parties for cross-context behavioral advertising. We have not sold or shared personal information in the preceding 12 months.
Submit CCPA requests to [email protected] — Subject: "CCPA Request." Response within 45 days, extendable by 45 days with notice. Authorized agents must provide written authorization signed by you.
If you are in the EEA or UK, GDPR or UK GDPR applies. Our lawful bases are described in Section 4. You have the rights in Section 9 and additionally the right to lodge a complaint with your local supervisory authority (in the UK: the ICO at ico.org.uk).
We rely on Standard Contractual Clauses (SCCs) for international transfers of personal data from the EEA to the United States. Contact [email protected] for questions about transfer mechanisms.
We may send marketing emails about product updates, new features, and promotional offers to the email address associated with your account.
Opt-out: Click "Unsubscribe" in any marketing email, or email [email protected] — Subject: "Unsubscribe." Requests processed within 10 business days. Opting out does not affect transactional emails.
All marketing emails comply with the CAN-SPAM Act and include a functioning opt-out mechanism.
Asset Compass is a business software tool intended exclusively for use by adults in a professional capacity. We do not knowingly collect personal information from individuals under 16. If you believe a minor has created an account, contact [email protected] and we will delete the account promptly.
Asset Compass is operated from the United States. Our infrastructure is primarily located in the United States. If you access the Service from outside the United States, your information will be transferred to and processed in the United States, where data protection laws may differ from those in your jurisdiction. Your use of the Service constitutes your acknowledgment of this transfer and processing.
For EEA/UK users, we rely on Standard Contractual Clauses for lawful transfer.
In the event of a data breach affecting your personal information, we will notify affected users by email within a reasonable time after becoming aware of the breach, to the extent required by applicable law and reasonably practicable. Notification will describe the nature of the breach, categories of data affected, and measures taken.
Where required by law, we will notify relevant regulatory authorities. We are not liable for breaches caused by third-party service providers operating their own infrastructure, including Supabase, Stripe, Cloudflare, or Google, except to the extent required by applicable law.
TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, ASSET COMPASS SHALL NOT BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES ARISING FROM OR RELATED TO ANY PRIVACY INCIDENT, DATA BREACH, UNAUTHORIZED ACCESS, OR LOSS OF DATA, WHETHER CAUSED BY OUR ACTIONS, THE ACTIONS OF THIRD-PARTY SERVICE PROVIDERS, OR CIRCUMSTANCES BEYOND OUR CONTROL. OUR TOTAL LIABILITY FOR ANY PRIVACY-RELATED CLAIM SHALL NOT EXCEED ONE HUNDRED US DOLLARS ($100.00) OR THE AMOUNT PAID TO US IN THE THREE MONTHS PRECEDING THE CLAIM, WHICHEVER IS LESS.
Nothing in this section limits your statutory rights under applicable law, including rights under CCPA/CPRA or GDPR that cannot be contractually limited.
We may update this Privacy Policy from time to time. We will update the "Last updated" date when we do. For material changes — including new categories of data collected, new third-party sharing, or significant changes to your rights — we will notify active account holders by email at least 14 days before changes take effect. Continued use of the Service after the effective date constitutes acceptance. Prior versions are available upon request.
Generic Solutions LLC, doing business as Asset Compass
Email: [email protected]
Subject: "Privacy Request"
We respond to all verified privacy requests within 45 days.