Privacy Policy
Last updated: May 2025
1. Introduction
Asgard World Ltd ("we", "us", "our") operates AskAsgard ("the Platform"). This Privacy Policy explains how we collect, use, store, and share your personal data when you use our Service.
We are committed to protecting your privacy and handling your data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
2. Data Controller
Asgard World Ltd is the data controller for the personal data processed through AskAsgard. You can contact us at adi@asgard.world for any data protection queries.
3. Data We Collect
We collect the following categories of personal data:
3.1 Account Data
When you create an account, we collect your name, email address, and profile picture (if you sign in via Google OAuth). If you register with email and password, we store a securely hashed version of your password.
3.2 Usage Data
We collect information about how you interact with AskAsgard, including which tools you use, conversation timestamps, message counts, and feature usage patterns.
3.3 Conversation Data
We store the content of your conversations with AskAsgard tools, including your prompts and AI-generated responses. This data is stored to provide conversation history and improve your experience.
3.4 Billing Data
If you subscribe to a paid plan, payment processing is handled entirely by Stripe. We do not store your credit card number or full payment details. We receive and store your subscription status, plan type, and billing history from Stripe.
3.5 Technical Data
We automatically collect your IP address, browser type and version, device type, operating system, and referring URL when you access the Platform.
4. How We Use Your Data
We use your personal data for the following purposes:
- To provide, maintain, and improve the Service
- To authenticate your identity and manage your account
- To process subscriptions and billing
- To send transactional emails (account confirmations, billing receipts, security alerts)
- To monitor usage for abuse prevention and platform security
- To respond to support requests
- To comply with legal obligations
We do not use your conversation data or User Content to train AI models. Your conversations are processed in real time by Anthropic's Claude API and are not retained by Anthropic for training purposes.
5. Legal Basis for Processing
We process your personal data on the following legal bases under UK GDPR:
- Contract: Processing necessary to provide the Service you have signed up for (Article 6(1)(b)).
- Legitimate interests: Processing for platform security, abuse prevention, and service improvement (Article 6(1)(f)).
- Legal obligation: Processing required to comply with applicable laws (Article 6(1)(c)).
- Consent: Where we send marketing communications or use non-essential cookies, we rely on your consent (Article 6(1)(a)).
6. Third-Party Services
We share data with the following third-party services, each acting as a data processor on our behalf:
Anthropic (Claude API)
Your conversation inputs are sent to Anthropic's Claude API for AI processing. Anthropic processes this data under their API terms and does not use API inputs to train models. Data is processed in the United States.
Supabase
We use Supabase for authentication, database hosting, and file storage. Your account data, conversation history, and uploaded files are stored in Supabase's infrastructure.
Stripe
Stripe handles all payment processing. When you subscribe to a paid plan, Stripe collects and processes your payment information directly. We receive only subscription status and billing metadata from Stripe.
Google (OAuth)
If you sign in with Google, we receive your name, email address, and profile picture from Google. We do not access any other Google account data.
Vercel
The Platform is hosted on Vercel. Vercel may process technical data (IP addresses, request logs) as part of hosting and content delivery.
7. International Data Transfers
Some of our third-party processors operate outside the UK and European Economic Area, including in the United States. Where data is transferred internationally, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) and adequacy decisions where applicable.
8. Data Retention
We retain your data for the following periods:
- Account data: Retained for as long as your account is active. Deleted within 30 days of account closure.
- Conversation data: Retained for as long as your account is active. You can delete individual conversations at any time.
- Billing data: Retained for 7 years after the last transaction to comply with financial record-keeping obligations.
- Technical logs: Retained for up to 90 days for security and debugging purposes.
9. Cookies
We use cookies for authentication and session management. For full details, see our Cookie Policy.
10. Your Rights
Under UK GDPR, you have the following rights regarding your personal data:
- Right of access: Request a copy of the personal data we hold about you.
- Right to rectification: Request correction of inaccurate or incomplete data.
- Right to erasure: Request deletion of your personal data, subject to legal retention obligations.
- Right to restrict processing: Request that we limit how we use your data in certain circumstances.
- Right to data portability: Receive your data in a structured, machine-readable format.
- Right to object: Object to processing based on legitimate interests.
- Right to withdraw consent: Where processing is based on consent, you can withdraw it at any time.
To exercise any of these rights, contact us at adi@asgard.world. We will respond within 30 days.
11. Data Security
We implement appropriate technical and organisational measures to protect your personal data, including encryption at rest and in transit, access controls, and regular security reviews. No system is completely secure, and we cannot guarantee absolute security of your data.
12. Children
AskAsgard is not directed at individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child, we will delete it promptly.
13. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated via email or an in-app notification. The "Last updated" date at the top of this page indicates when the policy was last revised.
14. Complaints
If you have concerns about how we handle your data, please contact us first at adi@asgard.world. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.
15. Contact
For privacy-related enquiries, contact:
Asgard World Ltd
Email: adi@asgard.world
Registered in England and Wales