Last updated: 10 April 2026 · Effective date: 10 April 2026
AskBiz Ltd ("AskBiz", "we", "us", "our") is the data controller responsible for your personal data.
Registered address: AskBiz Ltd, London, United Kingdom
Data Protection contact: privacy@askbiz.co
AskBiz operates a business intelligence platform that allows users to upload business data and receive AI-powered analytical insights. We are subject to the UK General Data Protection Regulation (UK GDPR), the EU General Data Protection Regulation (EU GDPR 2016/679), and the California Consumer Privacy Act (CCPA) where applicable.
When you create an account we collect: name, email address, business type, and country. Legal basis: Contract — necessary to provide the service.
CSV, XLSX, or other files you upload ("Business Data") are processed solely to provide you with analytical responses. We do not use your Business Data to train AI models, sell to third parties, or share with any other user. Legal basis: Contract.
Business Data is encrypted at rest (AES-256) and in transit (TLS 1.3). Files are stored in isolated per-user storage and are not accessible to other users or AskBiz employees without your explicit request.
We collect anonymised usage data including: pages visited, features used, query counts, and session duration. This helps us improve the product. Legal basis: Legitimate interests.
Payments are processed by Stripe, Inc. We do not store card numbers, CVV codes, or full payment details. We receive a tokenised reference and subscription status from Stripe. Stripe's privacy policy governs payment data handling.
If you contact us by email, we retain that correspondence for up to 3 years to resolve disputes and improve support quality.
IP address, browser type, device type, operating system, and referral source. Used for security monitoring, fraud prevention, and service improvement. Legal basis: Legitimate interests.
We use your data exclusively to:
We do not use your data to: train AI models on your business data, serve advertising, sell or rent your data to any third party, or make automated decisions with legal or significant effects without human review.
We share data only with the following categories of processors, all bound by data processing agreements:
| Processor | Purpose | Location | Safeguard |
|---|---|---|---|
| Supabase, Inc. | Database and authentication | USA / EU | SCCs + SOC2 Type II |
| Anthropic, PBC | AI query processing | USA | SCCs + enterprise DPA |
| Stripe, Inc. | Payment processing | USA / EU | SCCs + PCI-DSS Level 1 |
| Vercel, Inc. | Hosting and delivery | USA / EU | SCCs + SOC2 Type II |
| Resend, Inc. | Transactional email | USA | SCCs |
We do not transfer data to countries without adequate protection unless appropriate safeguards (Standard Contractual Clauses or equivalent) are in place.
We retain your data for as long as your account is active. Upon account deletion:
You can request immediate deletion of your Business Data at any time from Settings → Delete my data, or by emailing privacy@askbiz.co.
Depending on your location, you have the following rights:
| Right | What it means | Applies under |
|---|---|---|
| Access | Receive a copy of your personal data | GDPR, UK GDPR, CCPA |
| Rectification | Correct inaccurate data | GDPR, UK GDPR |
| Erasure | Delete your account and all data | GDPR, UK GDPR, CCPA |
| Portability | Export your data in machine-readable format | GDPR, UK GDPR |
| Restriction | Limit how we process your data | GDPR, UK GDPR |
| Objection | Object to legitimate interests processing | GDPR, UK GDPR |
| Opt-out of sale | We do not sell data — right automatically met | CCPA |
| Non-discrimination | Equal service regardless of privacy choices | CCPA |
To exercise any right, email privacy@askbiz.co. We will respond within 30 days. We may ask you to verify your identity before fulfilling a request.
If you are in the EU or UK and believe we have handled your data unlawfully, you have the right to lodge a complaint with your local supervisory authority (UK: ICO at ico.org.uk; EU: your national DPA).
We use the following cookies:
| Cookie | Purpose | Duration |
|---|---|---|
| sb-auth-token | Authentication session | Session |
| signalx-preferences | User settings (currency, theme) | 1 year |
| _vercel_analytics | Anonymous usage analytics | 30 days |
We do not use advertising cookies or third-party tracking cookies. You can clear cookies in your browser settings at any time. Clearing the authentication cookie will sign you out.
We implement industry-standard security measures including:
In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours and affected users without undue delay, as required by GDPR Article 33.
AskBiz is not directed at children under the age of 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us immediately at privacy@askbiz.co and we will delete it promptly.
We may update this Privacy Policy from time to time. We will notify you of material changes by email and by displaying a prominent notice in the app at least 14 days before the changes take effect. Continued use of AskBiz after the effective date constitutes acceptance of the updated policy.
All previous versions of this policy are archived and available on request.
For any privacy-related questions, requests, or concerns:
Email: privacy@askbiz.co
Post: AskBiz Ltd, London, United Kingdom
We aim to respond to all privacy enquiries within 5 business days.