Privacy Policy — AsyncGuard

AsyncGuard ("we," "us," or "our") operates the AsyncGuard platform, a SaaS reliability layer for enterprise API integrations. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our services. We are committed to protecting your privacy and handling your data in a transparent and lawful manner.

AsyncGuard is operated by a company based in Japan and serves customers worldwide. By using our services, you agree to the collection and use of information in accordance with this policy.

1. Information We Collect

1.1 Account Information

When you create an account or contact us, we may collect:

Full name
Email address
Company or organization name
Password (stored in hashed form)

1.2 Billing Information

Payment processing is handled entirely by Stripe. We do not store your full credit card number, CVC, or other sensitive payment details on our servers. Stripe may collect:

Credit or debit card details
Billing address
Transaction history related to your AsyncGuard subscription

1.3 Usage Data and Analytics

We automatically collect certain information when you use our platform:

API call volume and message throughput metrics
Feature usage patterns (e.g., which integrations are configured)
Error rates and retry statistics
Browser type, operating system, and device information
IP address and approximate geographic location
Pages visited within the AsyncGuard dashboard

1.4 Cookies and Tracking Technologies

We use cookies and similar technologies for the following purposes:

Type	Purpose	Duration
Essential	Authentication, session management, security	Session / 30 days
Functional	User preferences, dashboard settings	1 year
Analytics	Understanding usage patterns to improve the product	1 year

You can control cookie preferences through your browser settings. Disabling essential cookies may prevent you from using certain features of the service.

1.5 Customer Integration Data

AsyncGuard processes messages flowing between your enterprise platforms (e.g., Salesforce, Microsoft, SAP). We treat all customer integration data as confidential. Message payloads are encrypted in transit and at rest, and are retained only for the duration specified in your plan.

2. How We Use Your Information

We use the information we collect for the following purposes:

Providing, operating, and maintaining the AsyncGuard platform
Processing transactions and managing your subscription
Sending transactional communications (e.g., billing receipts, service alerts)
Monitoring and improving platform reliability and performance
Responding to support requests and inquiries
Detecting and preventing fraud, abuse, or security incidents
Complying with legal obligations

We do not sell your personal data to third parties. We do not use customer integration data for advertising or marketing purposes.

3. Third-Party Services

We rely on trusted third-party service providers to operate AsyncGuard. Each provider processes data only as necessary to deliver their respective service and is bound by their own privacy policies.

Provider	Purpose	Data Shared
Stripe	Payment processing and subscription management	Billing information, transaction details
Supabase	Authentication and database infrastructure	Account information, usage data
Vercel	Application hosting and delivery	IP address, request logs

4. Data Retention

We retain your personal data for as long as your account is active or as needed to provide our services. Specifically:

Account data is retained until you delete your account
Billing records are retained as required by applicable tax and financial regulations
Usage analytics are retained for up to 24 months in aggregated form
Customer integration data (message payloads) is retained according to your plan tier, after which it is permanently deleted

Upon account deletion, we will remove your personal data within 30 days, except where retention is required by law.

5. Data Security

We implement industry-standard security measures to protect your data, including:

TLS 1.3 encryption for all data in transit
AES-256 encryption for data at rest
Role-based access controls for internal systems
Regular security audits and vulnerability assessments
SOC 2 Type II compliance (in progress)

While we strive to protect your information, no method of electronic transmission or storage is completely secure. If you become aware of a security vulnerability, please contact us immediately at privacy@asyncguard.dev.

6. Your Rights Under GDPR

If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, you have the following rights under the General Data Protection Regulation (GDPR):

Right of Access — Request a copy of the personal data we hold about you
Right to Rectification — Request correction of inaccurate or incomplete data
Right to Erasure — Request deletion of your personal data ("right to be forgotten")
Right to Restrict Processing — Request that we limit how we use your data
Right to Data Portability — Receive your data in a structured, machine-readable format
Right to Object — Object to processing based on legitimate interests
Right to Withdraw Consent — Withdraw consent at any time where processing is based on consent

Our legal bases for processing personal data include: performance of a contract (providing the service you subscribed to), legitimate interests (improving our platform and ensuring security), and consent (where applicable, such as for analytics cookies).

To exercise any of these rights, please contact us at privacy@asyncguard.dev. We will respond to your request within 30 days.

7. Your Rights Under CCPA

If you are a California resident, the California Consumer Privacy Act (CCPA) and its amendment, the CPRA, grant you additional rights:

Right to Know — Request information about the categories and specific pieces of personal data we have collected
Right to Delete — Request deletion of your personal data, subject to certain exceptions
Right to Opt-Out of Sale — We do not sell personal data. No opt-out is necessary
Right to Non-Discrimination — We will not discriminate against you for exercising your CCPA rights
Right to Correct — Request correction of inaccurate personal data
Right to Limit Use of Sensitive Information — Direct us to limit the use of your sensitive personal information

To submit a CCPA request, contact us at privacy@asyncguard.dev. We will verify your identity before processing your request and respond within 45 days.

8. International Data Transfers

AsyncGuard is operated from Japan. Your data may be transferred to and processed in countries other than your country of residence, including Japan and the United States (where our third-party service providers may operate). We ensure that any such transfers are conducted in compliance with applicable data protection laws, using appropriate safeguards such as:

Standard Contractual Clauses (SCCs) approved by the European Commission
Adequacy decisions where applicable (Japan has been granted an adequacy decision by the EU)
Binding contractual obligations with our third-party providers

9. Children's Privacy

AsyncGuard is not intended for use by individuals under the age of 16. We do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child under 16, we will take steps to delete that information promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email or through a prominent notice on our platform at least 30 days before the changes take effect. Your continued use of AsyncGuard after the effective date constitutes acceptance of the updated policy.

11. Contact Us

If you have questions about this Privacy Policy, wish to exercise your data rights, or have concerns about how we handle your data, please contact us:

Email: privacy@asyncguard.dev

If you are in the EU and are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority.