Privacy Policy
This Privacy Policy is effective as of May 20, 2026.
1. Data Controller
The controller of personal data within the meaning of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data (hereinafter "GDPR") is:
- STAROŽITNÍK, s.r.o.
- Registered office: Javorová 2, 010 07 Žilina, Slovak Republic
- Company ID (IČO): 50 664 638
- Registered in the Commercial Register of the District Court of Žilina
- Email: info@ascera.app
(hereinafter the "Controller" or "we")
You can contact the Controller at its registered office or by email at info@ascera.app.
2. Who This Policy Applies To
This policy applies to all natural persons who use the services of the Ascera platform available at https://www.ascera.app (hereinafter the "Website"), including individuals acting on behalf of the User (employees, collaborators), newsletter subscribers, and Website visitors (hereinafter "you").
The Ascera platform is primarily intended for business users (B2B). The Services are described in detail in the Terms of Service available at https://www.ascera.app/terms.
3. What Personal Data We Collect
Depending on how you use the Service, we process the following categories of data:
During registration and use of the Service: email address (required), first and last name (optional), password stored as a cryptographic hash. We never store passwords in plain text.
During payment: billing details (company name, address, company ID/tax ID) are processed directly by the Stripe payment gateway. The Provider does not store or have access to payment card numbers.
When using the Service on behalf of an employer: name, work email address, and work contact details.
Automatically collected data: through Google Analytics and Google Tag Manager, we collect anonymized data about Website usage — pages visited, time spent on the Website, device and browser type, and approximate location derived from your IP address. This data is collected only with your consent, given through the cookie banner (CookieYes).
4. Purposes and Legal Bases for Processing
| Purpose | Legal basis | Retention period |
|---|---|---|
| Providing the Services — account operation, processing prompts through AI models, storing monitoring results | Performance of a contract (Art. 6(1)(b) GDPR) | Personal data: for the duration of registration + 30 days after account deletion (or immediately upon request). Anonymized monitoring results are not affected. |
| Providing Services to employer — communication with individuals acting on behalf of the User | Legitimate interest (Art. 6(1)(f) GDPR) | For the duration of the contract with the employer |
| Billing and accounting — payment processing, invoicing | Legal obligation (Art. 6(1)(c) GDPR) | 10 years (Accounting Act) |
| Sending newsletters — updates and news about the Services to existing Users | Legitimate interest (Art. 6(1)(f) GDPR, Recital 47) | Until unsubscription |
| Promotion and improvement of Services — notifying registered Users about updates | Legitimate interest (Art. 6(1)(f) GDPR) | For the duration of the legitimate interest or until an objection is raised |
| Protection of the Controller's rights — establishment, exercise, or defense of legal claims | Legitimate interest (Art. 6(1)(f) GDPR) | For the duration of the legitimate interest (typically the statute of limitations) |
| Compliance with legal obligations — e.g., recording newsletter opt-outs | Legal obligation (Art. 6(1)(c) GDPR) | For the duration of the legal obligation |
| Website analytics and cookies — Google Analytics, Google Tag Manager | Consent (Art. 6(1)(a) GDPR) | Until consent is withdrawn; aggregated Google Analytics data retained for up to 14 months |
5. Data Processing Through AI Services
To deliver the Services, Ascera sends prompts to the servers of third-party AI services — OpenAI (ChatGPT), Google (Gemini), and Perplexity. These prompts typically do not contain the User's personal data (they contain brand names, URLs, and business-related queries). Responses obtained from AI services are stored in the Controller's database on AWS infrastructure within the European Union.
If the User enters prompts containing personal data (e.g., names of specific individuals), such data may be processed by the AI service providers in accordance with their respective terms. The Controller recommends against including personal data in prompts.
Upon account deletion, the User's personal data (email address, name, login credentials) will be erased within 30 days. The User may request immediate deletion of their personal data at any time by sending a request to info@ascera.app; the Controller will process the request without undue delay, within 14 days at the latest.
The deletion of personal data does not affect:
- anonymized monitoring results — AI model responses, visibility scores, sentiment analyses, and recommendations that relate to brands and domains (not to natural persons); once decoupled from the User's account, this data does not constitute personal data within the meaning of GDPR, and the Controller may retain it for the purpose of improving the Services,
- billing and accounting records, retained for the period required by law (10 years).
6. Sub-Processors
We use trusted sub-processors to operate the Service. Each is contractually bound to maintain data security and protection in compliance with GDPR:
| Sub-processor | Purpose | Location / safeguards |
|---|---|---|
| Amazon Web Services (AWS) | Application and database hosting | EU |
| Stripe | Payment processing | USA / SCCs + DPF |
| OpenAI | AI prompt processing (ChatGPT) | USA / SCCs + DPF |
| Google LLC | AI prompt processing (Gemini), Google Analytics, Google Tag Manager | USA / SCCs + DPF |
| Perplexity AI | AI prompt processing | USA / SCCs |
| CookieYes | Cookie consent management | USA / SCCs |
Where we transfer your personal data outside the EU, its protection is ensured through Standard Contractual Clauses (SCCs) and, where applicable, the EU–U.S. Data Privacy Framework (DPF).
7. Data Security
We implement appropriate technical and organizational measures to protect your personal data:
- encryption of data in transit using TLS,
- passwords stored exclusively as cryptographic hashes,
- access to personal data restricted on a need-to-know basis,
- regular database backups within the EU,
- infrastructure hosted on AWS with ISO 27001 and SOC 2 certifications.
In the event of a security incident affecting your personal data, we will notify you without undue delay and no later than 72 hours after becoming aware of the incident, in accordance with Articles 33–34 of GDPR.
8. Your Rights
Under GDPR, you have the following rights:
- Right of access — you may request confirmation of whether we process your personal data and obtain a copy of it.
- Right to rectification — you may request correction of inaccurate or incomplete data.
- Right to erasure — you may request deletion of your personal data when the purpose for processing has been fulfilled or you withdraw your consent.
- Right to restriction of processing — you may request temporary suspension of the processing of your data.
- Right to data portability — you may request your data in a structured, machine-readable format.
- Right to object — you may object to processing based on legitimate interest, including direct marketing.
- Right to withdraw consent — if we process your data based on consent (e.g., cookies), you may withdraw that consent at any time through the cookie settings on the Website.
- Right to lodge a complaint — you have the right to file a complaint with the Office for Personal Data Protection of the Slovak Republic (https://www.dataprotection.gov.sk).
Objections to Processing
If you do not wish your personal data to be used for newsletters or marketing communications, you may opt out. The simplest way is to use the unsubscribe link included in every newsletter, or you can send your objection by email to info@ascera.app. Once we receive your objection, we will stop sending you newsletters.
You may opt out of analytics cookies at any time by adjusting your preferences in the cookie banner (CookieYes), through your browser settings, or by installing the Google Analytics opt-out browser add-on (https://tools.google.com/dlpage/gaoptout).
9. Cookies
For details on the cookies we use, please refer to our Cookie Policy at https://www.ascera.app/cookies.
10. Contact
If you have any questions about the processing of your personal data or wish to exercise any of the rights listed above, please contact us at: info@ascera.app. We will respond to your request within 30 days.