US Regulatory Compliance

The California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), grants California residents specific rights regarding their personal information.

Does CCPA apply to AskBiz?

AskBiz is a UK-registered business. CCPA applies to for-profit businesses that collect personal information from California residents and meet certain thresholds (annual gross revenue exceeding $25 million, OR processing data of 100,000+ California consumers, OR deriving 50%+ revenue from selling personal data).

AskBiz does not sell personal data. Our current user base means we may not meet the CCPA threshold. However, we respect and honour CCPA rights for all California-based users regardless of technical applicability.

Your CCPA rights:

• Right to Know — what personal information we collect, use, disclose, and sell (we do not sell)
• Right to Delete — request deletion of your personal information
• Right to Opt-Out of Sale — we do not sell personal information; this right is satisfied by default
• Right to Non-Discrimination — we will not discriminate against you for exercising CCPA rights
• Right to Correct — correct inaccurate personal information
• Right to Limit Use of Sensitive Personal Information — we collect minimal sensitive information; contact privacy@askbiz.co to limit use

Exercise rights by emailing privacy@askbiz.co. We respond within 45 days (extendable by 45 days with notice).

The Federal Trade Commission Act (Section 5) prohibits unfair or deceptive acts or practices in or affecting commerce. AskBiz complies with FTC guidance on:

AI disclosure: We clearly disclose that AskBiz uses AI to generate responses. We do not present AI-generated analysis as independently verified human analysis. See our AI Transparency policy.

Endorsements and testimonials: Any testimonials or case studies on askbiz.co reflect genuine user experiences. We do not publish fabricated testimonials or AI-generated fake reviews.

Data practices: Our privacy policy and this rules page accurately describe how we collect, use, and share data. We do not engage in undisclosed data practices.

Marketing claims: All marketing claims about AskBiz's capabilities are substantiated. We do not make unsubstantiated performance claims.

AskBiz complies with the CAN-SPAM Act for all commercial email communications to US users:

• All marketing emails include our physical mailing address
• All marketing emails include a clear and functioning unsubscribe mechanism
• Unsubscribe requests are processed within 10 business days
• We do not use deceptive subject lines or sender information
• We clearly identify commercial emails as advertisements where required

Transactional emails (invoices, security alerts, account notifications) are not marketing emails and are not subject to CAN-SPAM opt-out requirements, though you can configure notification preferences in Account Settings.

In the event of a data breach affecting US users, AskBiz complies with applicable state breach notification laws. Key requirements:

• California (CCPA/CPRA): Notify within 'in the most expedient time possible and without unreasonable delay'
• New York (SHIELD Act): Notify 'in the most expedient time possible'
• Virginia (VCDPA): Notify within 60 days
• Colorado, Connecticut, Utah: Various timelines (30–60 days)

Where multiple states' laws apply, we notify on the most demanding timeline. US users receive breach notifications from security@askbiz.co.

Notifications include: what happened, what data was affected, what steps we have taken, what steps you can take, and contact information for questions.

The US CLOUD Act (Clarifying Lawful Overseas Use of Data Act) allows US law enforcement to issue warrants for data held by US-based companies abroad. AskBiz is a UK company, not a US company, and is therefore not subject to CLOUD Act obligations as a provider.

However, our sub-processors (Vercel, Supabase, Anthropic, Stripe) are US-based and may be subject to CLOUD Act demands. We have contractual provisions with sub-processors requiring them to notify us of CLOUD Act demands where legally permitted, so we can seek to challenge demands that are inconsistent with UK or EU data protection law.