Privacy, in plain English.
This page is maintained by ASO Legendary to describe how we handle personal information on asolegendary.com and during client engagements. It is not a legal certification and not a substitute for a signed data-processing agreement — request one at hello@asolegendary.com.
What we collect
- →Form submissions. Name, work email, company, role, monthly downloads band, monthly budget band, an optional app URL, and an optional free-text message — collected when you request an audit, book a Sprint, or subscribe to the Library.
- →Newsletter opt-ins. Email address only, when you subscribe from the footer or a library/data page.
- →Server access logs. IP address, user agent, timestamps, and request paths — kept for security and abuse prevention.
- →During engagements. App store metadata, analytics exports, review data, and any documents you share to run the work.
What we do not collect
- →No third-party advertising cookies. No cross-site tracking pixels.
- →No sensitive personal data (health, financial account, government-ID) — do not send us these.
- →No child data — the service is not directed at anyone under 16.
How we use it
- →Respond to your request and deliver the audit, Sprint, or retainer you asked for.
- →Send the specific newsletters you subscribed to. One-click unsubscribe on every email.
- →Aggregate, de-identified analytics on which pages perform, to improve the site.
- →Meet tax, legal, and accounting obligations.
Who processes it
We use a small set of subprocessors to run the site and the practice. If a subprocessor changes, we update this page.
- →Hosting + database. The site is hosted on Lovable Cloud (backed by Supabase and Cloudflare). Form submissions are stored in a Postgres database with row-level security enabled.
- →Email delivery. Transactional and newsletter email via a standard email provider.
- →Analytics. Privacy-respecting, aggregate analytics — no personal identifiers.
How long we keep it
- →Leads that don't convert: up to 24 months, then deleted.
- →Client records: for the duration of engagement + 7 years for tax and legal compliance.
- →Newsletter list: until you unsubscribe.
- →Server logs: 30 days.
Your rights
Regardless of where you live, you can email privacy@asolegendary.com to:
- →Access the personal data we hold about you.
- →Correct or update it.
- →Ask us to delete it, subject to legal retention requirements.
- →Export it in a portable format.
- →Object to specific uses.
We respond within 30 days.
Security
Data is transmitted over TLS. The database uses row-level security and is accessible only to authorised personnel. We do not export lead data to spreadsheets. This page is not a security certification — request our current security posture summary at security@asolegendary.com.
Changes
We'll update this page whenever practices change and update the "last updated" date at the top. Substantial changes are announced to newsletter subscribers.
Contact
Questions? privacy@asolegendary.com.