Asva AIPower the future

Privacy Policy

Last updated: 16 April 2026

1. Who we are

This Privacy Policy describes how Asva AI ("we", "us", "our") collects, uses, shares, and protects personal information when you visit asvaai.com, sign in to app.asvaai.com, use our APIs, or connect the Service to an AI assistant through our MCP server at mcp.asvaai.com. It applies to customers, prospects, website visitors, and anyone who contacts us.

If you are a customer, this policy sits alongside our Terms of Service. If your organization has signed a separate data-processing agreement with us, that agreement controls where it differs from this policy.

2. Information we collect

We collect information in the following categories.

Information you give us

  • Account information: work email, name, role, company, password hash.
  • Billing information handled through our payment processor (card tokens, billing address, transaction history). We do not store full card numbers on our systems.
  • Brands you configure us to track (brand name, domain, competitors, topics, regions, personas).
  • Communications you send us (support emails, chat messages, sales inquiries, feedback).

Information we collect automatically

  • Usage data about how you use the Service (pages visited, tools called, timestamps, error events).
  • Device and connection data (IP address, browser, operating system, approximate location inferred from IP).
  • Cookie and similar identifiers (see Cookies below).
  • For MCP integrations: OAuth client registration data and audit logs of tool calls made against your Account.

Information we generate

  • Visibility scores, audits, share-of-voice metrics, citation graphs, and other analytical outputs derived from publicly available AI-assistant responses about the brands you track.
  • Aggregated or de-identified statistics used to improve the Service and to publish benchmarks. No individual customer is identifiable in these.

3. How we use personal information

  • Provide, operate, secure, and improve the Service.
  • Authenticate users, including through third-party sign-in providers you choose (for example, Google OAuth).
  • Process payments through our payment processor and comply with tax and accounting obligations.
  • Send service-related communications (product updates, security notices, billing, support replies).
  • Send marketing communications you have consented to. You can opt out at any time.
  • Detect, investigate, and prevent fraud, abuse, or violations of our Terms of Service.
  • Comply with legal obligations, enforce our rights, and respond to lawful requests.
  • Build aggregate analytics, benchmarks, and product usage insights, without identifying any individual or customer.

4. Legal bases we rely on (EEA and UK)

If you are in the European Economic Area or the United Kingdom, we rely on the following legal bases under the GDPR:

  • Performance of a contract for activities needed to provide the Service you signed up for.
  • Legitimate interests in running and improving our business (security, analytics, product improvement, customer communications), balanced against your rights.
  • Consent for marketing emails and for non-essential cookies.
  • Legal obligation where we must process information to comply with law.

5. How we share information

We share personal information only with the parties below and only for the purposes noted:

  • Service providers that host our infrastructure, send transactional email, process payments, run analytics, provide customer support, and detect fraud. They are bound by contractual data-protection obligations and may only process information on our documented instructions.
  • AI model providers when you use features that call an external model to summarize or analyze a response. We send only what is needed for that call. These providers do not train on your Content unless you explicitly opt in.
  • AI assistants you connect through our MCP server (Claude, ChatGPT, Cursor, Windsurf, and similar). We send only the data your authenticated tool call requests.
  • Corporate transactions such as a merger, acquisition, or asset sale, subject to appropriate confidentiality protections.
  • Law enforcement or regulators when legally required to, or to protect the rights, property, or safety of our users or the public.

We do not sell personal information for money. Some uses of cookies for advertising may be treated as a "sale" or "share" under certain US state privacy laws; see the Cookies section for opt-out.

6. Cookies and similar technologies

We use cookies, local storage, and similar technologies for these purposes:

  • Strictly necessary. Sign-in sessions, CSRF protection, load balancing. These cannot be switched off.
  • Analytics. Understanding which pages are used and how often, so we can prioritize improvements.
  • Preferences. Remembering your settings such as dark mode or last-selected brand.
  • Marketing. Measuring campaign effectiveness on our marketing site. You can decline these.

You can manage non-essential cookies through your browser settings or our cookie banner where available. Blocking strictly necessary cookies may break core functionality.

7. International data transfers

We operate primarily from India and use cloud services hosted in multiple regions, including the United States and the European Union. If you are in the EEA, the UK, or another region with cross-border transfer rules, we rely on appropriate safeguards, such as Standard Contractual Clauses, when transferring personal information outside your region. You can email team@asvaai.com for more detail.

8. Retention

We keep personal information only as long as needed to provide the Service, comply with our legal obligations, resolve disputes, and enforce our agreements. Common retention patterns:

  • Account data: while your Account is active, plus up to 24 months after closure unless you request earlier deletion.
  • Billing records: at least seven years to meet statutory accounting requirements.
  • Audit logs and security records: up to 13 months.
  • Aggregated or de-identified analytics: indefinitely, in a form that no longer identifies you.

9. Security

We use administrative, technical, and organizational safeguards proportionate to the sensitivity of the information, including encryption in transit, access controls, logging, and periodic security reviews. No online service is completely secure; please protect your own credentials and report suspected compromise to team@asvaai.com.

10. Your choices and rights

Depending on where you live, you may have some or all of the following rights:

  • Access a copy of the personal information we hold about you.
  • Correct inaccurate personal information.
  • Delete your personal information, subject to legal retention requirements.
  • Object to, or restrict, certain processing.
  • Withdraw consent where we rely on it.
  • Port your personal information to another service in a commonly used format.
  • Opt out of marketing emails via the unsubscribe link or by emailing team@asvaai.com.

To exercise a right, email team@asvaai.com. We verify requests before acting. If you are an employee of an enterprise customer, contact your organization's administrator first; we respond to customer-directed requests under the data-processing agreement in place with that organization.

11. EEA, UK, and Swiss residents

For the GDPR, UK GDPR, and Swiss Federal Data Protection Act, Asva AI acts as a Controller for information we collect directly from you, and as a Processor for Content you submit through the Service on behalf of an enterprise customer. You have the right to lodge a complaint with a supervisory authority in your country of residence.

12. United States residents

If you live in California, Virginia, Colorado, Connecticut, Utah, Texas, or another US state that has enacted a comprehensive privacy law, you have rights substantially similar to those above, including the right to request access and deletion, and to opt out of certain uses of your personal information. We do not sell personal information for money. Certain third-party cookies on our marketing site may fall under the definition of "sale" or "share" in California and similar states; use our cookie controls or browser settings to opt out. To exercise a state-specific right, email team@asvaai.com with "Privacy request" and your state in the subject line.

13. Children's privacy

The Service is intended for business use and is not directed to anyone under 18. We do not knowingly collect personal information from people under 18. If you believe a minor has provided us information, contact us and we will delete it.

14. Third-party links

Our website and dashboards may link to third-party sites, integrations, or documentation. We do not control those sites and are not responsible for their privacy practices. Review the privacy policies of any third party before providing personal information.

15. Changes to this policy

We update this policy when the Service changes or when legal or regulatory expectations move. Material changes will be announced in product or by email to the address on your Account, with notice where reasonably possible. The "Last updated" date at the top always reflects the current version.

16. Contact

Questions, concerns, or privacy requests can be sent to team@asvaai.com. For matters related to our Terms of Service, use the same address.