Privacy Policy

1. Who We Are

CDAOX LLC, an Illinois limited liability company doing business as Analytic Story Architects and ASA Engine (“ASA,” “we,” “us,” or “our”), operates the ASA Engine platform at app.asa-engine.ai and the website at asa-engine.ai. This Privacy Policy describes how we collect, use, store, and protect information when you use our Service.

Legal Contact: legal@asa-engine.ai
Privacy Contact: privacy@asa-engine.ai

2. Our Role

2.1 Customer Data

With respect to Customer Data uploaded to the Service, ASA acts as a data processor. The Customer is the data controller and is responsible for ensuring that Customer Data is collected and provided to ASA in compliance with applicable data protection laws.

2.2 Account and Usage Data

With respect to account information and usage data, ASA acts as the data controller and processes this data for the purposes described in Section 4 of this Privacy Policy.

3. Information We Collect

3.1 Account Information

When you create an account, we collect your name, email address, and organization name through our authentication provider (Microsoft Entra ID B2C). We do not collect or store passwords directly.

3.2 Usage Data

We automatically collect information about how you interact with the Service, including: pages viewed, features used, timestamps of activity, browser type and version, device type, and IP address.

3.3 Customer Data

You may upload marketing campaign data, platform reports, and other business data to the Service for analysis. The handling of Customer Data is governed by our Terms of Service.

3.4 Communications

When you contact us via email or through the Service, we collect the content of those communications.

4. How We Use Information

We use the information we collect for the following purposes:

Provide the Service: Process your Customer Data, generate ASA Outputs, and manage your account.

Improve the Service: Analyze usage patterns to improve features, performance, and reliability. We do not use Customer Data to train AI models.

Communicate: Send service-related notices, respond to inquiries, and provide support.

Security: Detect and prevent fraud, abuse, and security incidents.

Legal Compliance: Comply with applicable laws, regulations, and legal processes.

5. How We Share Information

We do not sell your personal information. We may share information in the following limited circumstances:

5.1 Subprocessors

We use third-party infrastructure and service providers to operate the Service. These subprocessors process data on our behalf under contractual obligations to protect your information. ASA maintains a current list of subprocessors available upon request by contacting privacy@asa-engine.ai.

Current primary subprocessors include:

Microsoft Azure (US East region): Cloud infrastructure, compute, and data storage.

Azure OpenAI Service: AI narrative generation. Microsoft’s Azure OpenAI service does not use customer data to train or improve their models. Customer Data is not shared with OpenAI directly.

Azure Cosmos DB: Multi-tenant data storage.

Microsoft Entra ID B2C: Authentication and identity management.

5.2 Legal Requirements

We may disclose information if required by law, subpoena, court order, or governmental request.

5.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change.

6. Data Storage and Security

6.1 Infrastructure

Customer Data and account information are stored on Microsoft Azure infrastructure in the United States (East US region).

6.2 Security Measures

We implement industry-standard security measures including: encryption in transit (TLS 1.2+), encryption at rest, role-based access controls, managed identity authentication (no stored secrets or API keys in code), structured JSON logging and monitoring, and regular security reviews.

6.3 Data Retention

We retain data according to the following schedule:

Account information: Duration of active account plus thirty (30) days.

Customer Data: As specified in Terms of Service Section 4.5 (30 days post-termination, then permanent deletion within 60 days).

Usage and access logs: Retained in structured JSON format for up to twelve (12) months for operational and analytical purposes.

Backups: Encrypted and subject to the same retention and deletion schedules as primary data.

Deletion is permanent and non-recoverable after the applicable retention period expires.

7. Your Rights

7.1 Access and Portability

You may request a copy of the personal information we hold about you by contacting privacy@asa-engine.ai. We will respond within thirty (30) days.

7.2 Correction

You may request correction of inaccurate personal information by contacting us.

7.3 Deletion

You may request deletion of your personal information. Note that we may retain certain information as required by law or for legitimate business purposes (e.g., fraud prevention, dispute resolution).

8. Cookies and Tracking

The ASA Engine application uses essential cookies required for authentication and session management. We do not use advertising cookies, third-party tracking pixels, or behavioral analytics tools.

9. Children’s Privacy

The Service is not directed to individuals under the age of 16. We do not knowingly collect personal information from children. If we learn that we have collected personal information from a child under 16, we will promptly delete that information.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or through the Service at least thirty (30) days before taking effect. The “Last Updated” date at the top of this policy indicates the most recent revision.

11. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us: