Privacy Policy

AskBiz Ltd · Effective date: 10 April 2026 · Last updated: 10 June 2026

1. Who We Are

AskBiz Ltd ("AskBiz", "we", "us") operates the AI-powered business intelligence platform at askbiz.co. We are the data controller for personal data processed through our platform.

Contact: privacy@askbiz.co · legal@askbiz.co

2. Data We Collect

Account data: Your name, email address, business type, and country when you register.

Usage data: Questions asked, files uploaded (metadata only — not content), features used, and session information.

Technical data: IP address hash (SHA-256 — raw IP never stored), browser type, and device information for fraud prevention and security.

Payment data: Processed by Stripe (card payments) and mobile money providers including M-Pesa, MTN Mobile Money, and Airtel Money (where available). We never see or store your card details or mobile money PINs.

Camera and image data: If you use AskBiz POS camera scanning (barcode or price tag recognition), images are processed in real time on your device and via our AI pipeline. Raw images are never stored — only the extracted product data (name, price, barcode) is retained.

Logistics and delivery data: If you use the AskBiz POS logistics module, we process parcel tracking information, delivery routes, vehicle inspection photos, driver handover records, and delivery addresses. Delivery addresses are retained for the duration of the shipment plus 90 days.

Location data: We use IP-based geolocation to detect your country for currency localisation and pricing display. We do not use GPS or precise location tracking. Your raw IP address is never stored (see Technical data above).

Trial data: If you activate a free trial (Growth plan or POS), we store the trial type, start date, end date, and conversion status to manage your subscription.

With your consent only — Financial data: If you opt in to financial data personalisation (see Section 6), we store aggregated financial metrics from your uploaded files.

3. How We Use Your Data

• Providing and improving the AskBiz service
• Authenticating your identity and securing your account
• Processing your subscription payments via Stripe
• Preventing fraud and abuse (IP hash analysis)
• Sending service-related emails (account confirmations, billing receipts)
• Processing camera images for barcode and price tag scanning (POS module)
• Managing logistics, parcel tracking, and delivery routes (POS logistics module)
• Detecting your country via IP geolocation for currency and pricing localisation
• Managing free trial eligibility, duration, and conversion tracking
• With your consent: personalising AI answers using your financial data
• With your consent: improving AI accuracy using anonymised sector data

4. Legal Basis for Processing

5. Anonymised Upload Analytics

To improve AskBiz, we collect the following anonymised metadata when you upload files. This does not require separate consent as it falls under legitimate interest:

• File type (CSV or Excel)
• Number of rows and columns
• Column header names only (e.g. "Revenue", "Stock") — never the data values
• Your business type and country from your profile

We never store your actual data values, business names, customer records, or financial figures as part of standard analytics.

6. Financial Data — Consent-Based Processing

If you choose to enable financial data personalisation in Settings → Privacy, we store additional data to improve your AI experience. This processing is based entirely on your explicit, freely given consent which you can withdraw at any time.

Financial data is retained for 24 months then automatically deleted. You can delete it sooner at any time in the Privacy section of our website.

You can manage your consent settings at any time at askbiz.co/settings.

7. Sector Trend Alerts

When you consent to AI improvement, you may receive alerts about trends detected across businesses in your sector — for example "UK retail margins have declined 8% this month." These alerts are:

• Fully anonymised — your business is never identifiable in any alert
• Statistically protected — only generated when at least 5 businesses contribute to the signal
• Sector-specific — you only receive alerts relevant to your business type and country
• Not shared externally — sector trend data is never sold or shared with third parties

8. Data Sharing

We share your data only with the following processors, all bound by appropriate data processing agreements:

• Supabase — database hosting (AWS EU West)
• Anthropic — AI processing of your questions (USA — Standard Contractual Clauses apply)
• Tavily — real-time web search used by our AI agent to retrieve market data (USA — Standard Contractual Clauses apply). Only your search queries are transmitted, never your personal or financial data.
• Vercel — hosting and CDN (global edge)
• Stripe — payment processing (PCI DSS Level 1)
• Resend — transactional email delivery (USA — Standard Contractual Clauses apply). Used only for account and billing emails.
• WhatsApp/Meta — receipt delivery for AskBiz POS module (USA — Meta Data Processing Agreement and Standard Contractual Clauses apply). Customer phone numbers are transmitted only when customer opts in to receipt delivery; never stored by AskBiz after 30 days.
• Safaricom (M-Pesa) — mobile money payment processing for Kenyan and East African users (Kenya — Safaricom Data Processing Terms apply). Only transaction reference and amount are transmitted; M-Pesa PINs are never seen or stored by AskBiz.
• MTN Mobile Money / Airtel Money — mobile money payment processing for West and Central African users (regional — respective Data Processing Terms apply). Only transaction reference and amount are transmitted.
• PesaPal — payment gateway for M-Pesa and mobile money transactions (Kenya — PesaPal Data Processing Agreement applies). Processes payment callbacks and subscription conversions.

We never sell your data. We never share your data with advertisers. We never share individual business data with other AskBiz users.

9. Data Retention

10. AskBiz POS — Point of Sale Module

The AskBiz POS module (pos.askbiz.co) is a separate application for managing retail sales, inventory, and receipts. When using POS, the following additional data is processed:

Summary: The POS module processes personal data transparently with clear legal bases and user rights. Customer phone numbers are optional and automatically deleted after 30 days. Transaction history is retained for accounting compliance but can be exported or deleted upon request. Staff PINs are securely hashed and never visible to other users. Camera images are processed in real time and never stored. Logistics data is retained for 12 months after delivery. Mobile money PINs are never seen by AskBiz.

11. Your Rights

AskBiz serves users globally. Regardless of where you are located, you have the following rights. These satisfy EU GDPR, UK GDPR, CCPA/CPRA (California), LGPD (Brazil), PIPEDA (Canada), POPIA (South Africa), Australia Privacy Act, PDPA (Thailand & Singapore), and most other applicable privacy laws.

• Right of access — Request a copy of all personal data we hold about you
• Right to erasure / deletion — Request deletion of your account and all data (30-day grace period applies). California, Brazilian, South African, and Canadian residents have this right by statute.
• Right to rectification / correction — Correct inaccurate or incomplete data in your profile at any time
• Right to portability — Receive your data in a machine-readable format (JSON). Available to all users.
• Right to object / opt out — Object to processing based on legitimate interest. California residents: you may also opt out of "sharing" for cross-context behavioural advertising — we do not do this.
• Right to restrict processing — Request we limit processing while a dispute is resolved
• Right to withdraw consent — Withdraw consent for financial data and AI training at any time via Settings → Privacy, with immediate effect
• Do Not Sell or Share (CCPA/CPRA) — We do not sell or share personal data with third parties for advertising. There is nothing to opt out of.
• Right to non-discrimination (CCPA) — Exercising your privacy rights will never affect your service level or pricing

To exercise any right, email privacy@askbiz.co. We respond within 30 days (EU/UK GDPR: within 1 month; CCPA: within 45 days; LGPD: within 15 days).

You also have the right to lodge a complaint with your local data protection authority: ICO (UK), Data Protection Commission (Ireland/EU), ANPD (Brazil), OPC (Canada), Information Regulator (South Africa), or your local equivalent.

12. Delete Your Account and Data

You can request deletion of your account and all associated data below. There is a 30-day grace period before permanent deletion to protect against accidental requests. You can cancel at any time during this period.

What gets deleted: Profile, conversations, uploads, financial snapshots, IP hashes, and all associated data. Billing records are retained for 7 years as required by law.

13. Cookies

AskBiz uses only essential cookies required for authentication. We do not use advertising cookies or third-party tracking cookies.

• supabase-auth-token — Authentication session (essential, session duration)
• sb-refresh-token — Keeps you signed in (essential, 1 week)

14. Security & Breach Notification

We use industry-standard measures to protect your data: encrypted connections (TLS), hashed IP addresses, row-level security on our database, and scoped API keys. Access to personal data is restricted to authorised personnel only.

If a data breach occurs that is likely to result in a risk to your rights and freedoms, we will:

• Notify the relevant supervisory authority within 72 hours of becoming aware (EU/UK GDPR Art. 33; LGPD Art. 48; PIPEDA; POPIA)
• Notify affected users without undue delay when there is a high risk to their rights, including the nature of the breach, data affected, and steps taken
• Maintain an internal breach register for compliance purposes

To report a suspected security vulnerability or breach, contact us immediately at security@askbiz.co.

15. Changes to This Policy

We will notify you by email of any material changes to this policy at least 14 days before they take effect. Continued use of AskBiz after changes take effect constitutes acceptance of the updated policy.