// privacy

Privacy, in plain English.

// last updated: July 2026

This page is maintained by ASO Legendary to describe how we handle personal information on asolegendary.com and during client engagements. It is not a legal certification and not a substitute for a signed data-processing agreement — request one at hello@asolegendary.com.

What we collect

  • Form submissions. Name, work email, company, role, monthly downloads band, monthly budget band, an optional app URL, and an optional free-text message — collected when you request an audit, book a Sprint, or subscribe to the Library.
  • Newsletter opt-ins. Email address only, when you subscribe from the footer or a library/data page.
  • Server access logs. IP address, user agent, timestamps, and request paths — kept for security and abuse prevention.
  • During engagements. App store metadata, analytics exports, review data, and any documents you share to run the work.

What we do not collect

  • No third-party advertising cookies. No cross-site tracking pixels.
  • No sensitive personal data (health, financial account, government-ID) — do not send us these.
  • No child data — the service is not directed at anyone under 16.

How we use it

  • Respond to your request and deliver the audit, Sprint, or retainer you asked for.
  • Send the specific newsletters you subscribed to. One-click unsubscribe on every email.
  • Aggregate, de-identified analytics on which pages perform, to improve the site.
  • Meet tax, legal, and accounting obligations.

Who processes it

We use a small set of subprocessors to run the site and the practice. If a subprocessor changes, we update this page.

  • Hosting + database. The site is hosted on Lovable Cloud (backed by Supabase and Cloudflare). Form submissions are stored in a Postgres database with row-level security enabled.
  • Email delivery. Transactional and newsletter email via a standard email provider.
  • Analytics. Privacy-respecting, aggregate analytics — no personal identifiers.

How long we keep it

  • Leads that don't convert: up to 24 months, then deleted.
  • Client records: for the duration of engagement + 7 years for tax and legal compliance.
  • Newsletter list: until you unsubscribe.
  • Server logs: 30 days.

Your rights

Regardless of where you live, you can email privacy@asolegendary.com to:

  • Access the personal data we hold about you.
  • Correct or update it.
  • Ask us to delete it, subject to legal retention requirements.
  • Export it in a portable format.
  • Object to specific uses.

We respond within 30 days.

Security

Data is transmitted over TLS. The database uses row-level security and is accessible only to authorised personnel. We do not export lead data to spreadsheets. This page is not a security certification — request our current security posture summary at security@asolegendary.com.

Changes

We'll update this page whenever practices change and update the "last updated" date at the top. Substantial changes are announced to newsletter subscribers.

Contact