PRIVACY POLICY

This Privacy Policy explains how asinX ("we", "us", "our") collects, uses, stores, and protects your personal data when you use our website, desktop application, and browser extension. We are committed to compliance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

1. Data Controller

asinX is the data controller responsible for your personal data. For privacy-related inquiries, contact us at: privacy@asinx-app.com

2. Data We Collect

2.1 Account Data

When you create an account, we collect:

• Email address — used for authentication, communication, and account recovery
• Full name — used for account identification
• Password — stored as a cryptographic hash by Supabase Auth; we never store or access your plain-text password

2.2 Subscription & Billing Data

• Subscription tier (Trial, Pro, Enterprise) and billing dates
• Payment information — processed entirely by Stripe. We do not store credit card numbers, CVCs, or billing addresses on our servers. Stripe is PCI DSS Level 1 certified.

2.3 Usage Data

• Daily product data collection counts — used for quota enforcement
• Number of pages processed and links analyzed — used for service monitoring

2.4 Data We Do NOT Collect

• We do not collect IP addresses of users
• We do not use analytics or tracking services (no Google Analytics, no Facebook Pixel)
• We do not collect device fingerprints or browser telemetry
• The product data you collect is processed locally on your machine and is not transmitted to or stored on our servers

3. Lawful Basis for Processing

We process your personal data under the following legal bases (GDPR Article 6):

Data	Lawful Basis	Purpose
Account data (email, name)	Contract performance — Art. 6(1)(b)	Providing the service you signed up for
Subscription & billing	Contract performance — Art. 6(1)(b)	Processing payments and managing your plan
Usage statistics	Legitimate interest — Art. 6(1)(f)	Enforcing quotas, preventing abuse, improving service
Policy acceptance records	Legal obligation — Art. 6(1)(c)	Demonstrating compliance with contractual requirements

4. Data Processors (Third Parties)

We share your data only with the following service providers, each under appropriate data processing agreements:

Provider	Purpose	Data Shared	Location
Supabase Inc.	Authentication & database hosting	Email, name, subscription data, usage stats	US (EU Standard Contractual Clauses)
Stripe Inc.	Payment processing	Email, payment method (handled by Stripe directly)	US (EU Standard Contractual Clauses, PCI DSS L1)
IPRoyal	Network routing for data collection	None — only marketplace page requests are routed. No user personal data is transmitted to IPRoyal.	Lithuania (EU)

We do not sell, rent, or trade your personal data to any third party.

5. Data Retention

• Account data — retained while your account is active, plus 30 days after account deletion to allow for recovery
• Usage statistics — retained for 12 months, then automatically purged
• Payment records — retained as required by applicable tax and financial regulations (typically 7 years)
• Collected product data — stored locally on your machine only; we have no access to it and do not retain it

6. Your Rights (GDPR Articles 15–22)

As a data subject, you have the following rights:

• Right of access — request a copy of all personal data we hold about you
• Right to rectification — request correction of inaccurate or incomplete data
• Right to erasure ("right to be forgotten") — request deletion of your account and all associated data
• Right to restriction — request that we limit processing of your data
• Right to data portability — receive your data in a structured, machine-readable format (JSON)
• Right to object — object to processing based on legitimate interest
• Right to withdraw consent — where processing is based on consent, withdraw it at any time

To exercise any of these rights, email us at privacy@asinx-app.com. We will respond within 30 days.

7. Cookies & Local Storage

asinX uses only essential storage for authentication:

• asinx_token — your session access token (localStorage)
• asinx_refresh — your session refresh token (localStorage)
• asinx_user — cached user profile for display purposes (localStorage)

We do not use cookies for tracking, advertising, or analytics. No third-party cookies are set by our website.

8. International Data Transfers

Your data may be processed in the United States by Supabase and Stripe. These transfers are protected by EU Standard Contractual Clauses (SCCs) as approved by the European Commission. Both providers maintain SOC 2 Type II certifications.

9. Data Security

We implement appropriate technical and organizational measures to protect your data:

• All communications are encrypted via TLS/HTTPS
• Passwords are hashed using bcrypt via Supabase Auth
• Database access is restricted to authenticated service calls
• The desktop application communicates with the browser extension only over localhost (127.0.0.1)

10. Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will:

• Notify the relevant supervisory authority within 72 hours (GDPR Article 33)
• Notify affected users without undue delay (GDPR Article 34) when the breach is likely to result in a high risk

11. Children's Privacy

asinX is not intended for use by individuals under 18 years of age. We do not knowingly collect personal data from children.

12. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements. Material changes will be communicated via email or a notice on our website. The "Effective Date" at the top of this page indicates the most recent revision.

13. Contact

For privacy-related questions, requests, or complaints:

Email: privacy@asinx-app.com

You also have the right to lodge a complaint with your local data protection supervisory authority.