Privacy Policy

Last Updated: 13 April 2026

1. Introduction

This Privacy Policy explains how Asgard.World Ltd ("we", "us", "our") collects, uses, stores, and protects your personal data when you use askasgard.ai ("the Platform"). Asgard.World Ltd is a company registered in England and Wales (company number 13876919, registered office: 8 Greenlink Walk, Richmond, TW9 4AF, United Kingdom, VAT number: 431043937).

We are committed to protecting your privacy and complying with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and other applicable data protection legislation.

2. Data Controller

Asgard.World Ltd is the data controller for personal data collected through the Platform. For data protection enquiries, contact us at legal@asgard.world.

3. Data We Collect

3.1 Account Data

• Access codes used to authenticate your sessions.
• Session identifiers and authentication tokens.

3.2 Usage Data

• Which Tools you use and how frequently.
• Message counts, token usage, and session duration.
• Timestamps of activity.
• Files you upload for processing (retained only during your session unless otherwise specified).

3.3 Content Data

• Messages and prompts you send to the AI Tools.
• AI-generated responses and outputs.
• Documents, images, and files you upload or generate.

3.4 Technical Data

• IP address and approximate location.
• Browser type, operating system, and device information.
• Referring URLs and page views.

4. Legal Basis for Processing

We process your personal data on the following legal bases under UK GDPR:

• Contract performance (Article 6(1)(b)): Processing necessary to provide the Platform services you have requested.
• Legitimate interests (Article 6(1)(f)): Analytics, service improvement, fraud prevention, and security monitoring, where our interests do not override your rights.
• Consent (Article 6(1)(a)): Where you have given explicit consent, such as for marketing communications or optional data processing.
• Legal obligation (Article 6(1)(c)): Where processing is required to comply with applicable law.

5. How We Use Your Data

We use your data to:

• Provide, operate, and maintain the Platform and AI Tools.
• Authenticate your access and manage sessions.
• Process your prompts through AI models and return responses.
• Monitor usage for fair use enforcement and capacity planning.
• Improve the Platform, including AI accuracy and user experience.
• Detect and prevent fraud, abuse, and security threats.
• Comply with legal obligations and respond to lawful requests.
• Provide customer support.

6. AI Model Processing

When you use the AI Tools, your prompts and uploaded content are sent to third-party AI model providers (currently Anthropic) for processing. You acknowledge that:

• Your prompts and content are transmitted to AI model providers to generate responses.
• AI model providers may process data in accordance with their own privacy policies and data processing agreements.
• We have data processing agreements in place with our AI providers that require them to handle your data securely and not use it for their own training purposes.
• Do not submit sensitive personal data (e.g., financial account numbers, health records, government identification numbers) to the AI Tools unless you understand and accept the associated risks.

7. Data Sharing

We may share your data with:

• AI model providers: To process your prompts and generate responses (currently Anthropic).
• Cloud infrastructure providers: For hosting, storage, and computing (e.g., Render, AWS).
• Payment processors: For billing and subscription management, where applicable.
• Legal and regulatory authorities: Where required by law or to protect our legal rights.

We do not sell your personal data to third parties. We do not share your data with third parties for their own marketing purposes.

8. International Data Transfers

Your data may be transferred to and processed in countries outside the United Kingdom, including the United States (where our AI model and cloud infrastructure providers operate). Where such transfers occur, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) or adequacy decisions, in accordance with UK GDPR requirements.

9. Data Retention

• Session data: Retained for the duration of your active session and cleared on session expiry.
• Usage logs: Retained for up to 12 months for analytics and capacity planning.
• Account data: Retained for as long as your access code remains active, plus 6 months after deactivation.
• Uploaded files: Retained only during the active session and deleted on session end, unless you save outputs to your workspace.
• AI conversation history: Retained during the active session and cleared on session expiry or workspace reset.

10. Your Rights

Under UK GDPR, you have the following rights:

• Right of access: Request a copy of the personal data we hold about you.
• Right to rectification: Request correction of inaccurate personal data.
• Right to erasure: Request deletion of your personal data ("right to be forgotten").
• Right to restrict processing: Request that we limit how we use your data.
• Right to data portability: Request your data in a portable, machine-readable format.
• Right to object: Object to processing based on legitimate interests.
• Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, contact us at legal@asgard.world. We will respond within one month, as required by UK GDPR.

11. Data Security

We implement appropriate technical and organisational measures to protect your personal data, including:

• Encryption of data in transit (TLS/SSL) and at rest.
• Per-user workspace isolation using hashed identifiers.
• Session timeouts and secure cookie configuration.
• Access controls and authentication requirements.
• Regular security monitoring and logging.

12. Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will:

• Notify the Information Commissioner's Office (ICO) within 72 hours of becoming aware of the breach.
• Notify affected individuals without undue delay where the breach is likely to result in a high risk to their rights and freedoms.
• Document all breaches and our response in accordance with UK GDPR Article 33.

13. Cookies

We use cookies and similar technologies as described in our Cookie Policy. By using the Platform, you consent to our use of essential cookies. You may manage your cookie preferences as described in the Cookie Policy.

14. Children's Privacy

The Platform is not intended for use by anyone under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child, we will take steps to delete it promptly.

15. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting a notice on the Platform. The "Last Updated" date at the top of this policy indicates when it was last revised.

16. Complaints

If you have concerns about how we handle your personal data, you may:

• Contact us at legal@asgard.world.
• Lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

17. Contact

Asgard.World Ltd
8 Greenlink Walk, Richmond, TW9 4AF, United Kingdom
Email: legal@asgard.world
Support: support.asgard.world/contact