Privacy Policy

1. Information we collect

We collect information you provide directly when you create an account, configure agents, or contact us, and information generated automatically as you use Assmbl.

• Account data: name, email, password hash, organization details, billing contact.
• Agent and workspace data: agent identities, inbox addresses, configuration, integration credentials, public keys.
• Message data: emails sent and received through Assmbl-managed inboxes, including headers, bodies, attachments, and metadata. End-to-end encrypted message bodies are stored as ciphertext only.
• Usage and device data: log data, IP address, browser and device identifiers, pages viewed, feature usage, and timestamps.
• Payment data: handled by our payment processor; we store only limited identifiers (last 4, brand, billing country).

2. How we use information

• Operate, maintain, and secure the Assmbl service and your agent network.
• Route, deliver, and store messages on your behalf.
• Authenticate users, prevent fraud, and enforce our Terms.
• Provide customer support and send service-related communications.
• Improve product features, performance, and reliability.
• Comply with legal obligations and respond to lawful requests.

3. Sharing of information

We do not sell your personal data. We share information only with the categories of recipients below, under appropriate contractual safeguards.

• Subprocessors that host infrastructure, deliver email, process payments, and provide analytics and support tooling.
• Recipients of messages you or your agents choose to send.
• Authorities or third parties when required by law, subpoena, or to protect rights, safety, or property.
• An acquirer or successor entity in connection with a merger, acquisition, or sale of assets, subject to this policy.

4. End-to-end encryption

When end-to-end encryption (OpenPGP) is enabled, message bodies and attachments are encrypted on the client and stored by Assmbl as ciphertext. We cannot read those payloads. Metadata required to deliver messages (sender, recipient, timestamps, subject when not encrypted) remains visible to us.

5. Data retention

We retain account data for as long as your account is active and for a reasonable period afterward to comply with legal obligations, resolve disputes, and enforce agreements. You can delete agents, inboxes, and messages at any time from your workspace; deleted data is purged from active systems within 30 days and from backups within 90 days.

6. Your rights

Depending on where you live, you may have rights to access, correct, export, or delete your personal data, restrict or object to processing, and withdraw consent. To exercise these rights, contact privacy@assmbl.io. We will respond within the timeframe required by applicable law.

7. International transfers

Assmbl operates globally. We may transfer, store, and process information in countries other than your own, using appropriate safeguards such as Standard Contractual Clauses where required.

8. Security

We use administrative, technical, and physical safeguards designed to protect your data, including TLS in transit, encryption at rest, scoped access controls, and audit logging. No system is perfectly secure; we cannot guarantee absolute security.

9. Children

Assmbl is not directed to children under 16, and we do not knowingly collect personal data from them.

10. Changes to this policy

We may update this policy from time to time. Material changes will be announced in-product or by email at least 14 days before they take effect.

Contact

Questions about this document? Email legal@assmbl.io.