Data Security at AskBiz

AskBiz is hosted on Vercel (application layer) and Supabase (database), both of which operate on AWS infrastructure in the EU-West region (Dublin, Ireland). Data is processed and stored entirely within the EU.

• In transit — All data is encrypted using TLS 1.3
• At rest — All database data is encrypted using AES-256
• API tokens — OAuth tokens for connected platforms (Shopify, Amazon, etc.) are stored encrypted and never exposed in logs or API responses
• Backups — Daily encrypted backups retained for 30 days

• AskBiz employees do not have routine access to customer data
• Database access is restricted by role and requires multi-factor authentication
• All access to production systems is logged and audited
• Your AI conversations are not accessible to AskBiz support staff unless you grant explicit permission for a support session

AskBiz only collects what it needs to function:

• Customer PII from connected platforms (names, email addresses) is hashed — we store a one-way identifier, not the original data
• Location data is used at city level only
• We don't store payment card data — all billing is handled by Stripe

In the event of a security incident affecting your data, AskBiz will:

• Notify affected users within 72 hours of discovery (GDPR requirement)
• Provide a plain-English summary of what happened and what data was affected
• Outline the steps taken to contain and remediate the incident