Privacy Policy
Effective: May 5, 2026
Summary
Asios Rooms is built around ephemeral data. Room messages and participant data are permanently deleted when rooms expire. We collect minimal information, don't sell your data, and don't use ads or tracking pixels. We do use Google Analytics 4 to understand aggregate site usage — see Analytics & Cookies below — and you can decline it via the consent banner. Room link tokens and message contents are never sent to analytics.
What We Collect
Room data (ephemeral)
Messages, display names, and participant info while a room is active. All room data is permanently deleted when the room expires.
Account data (optional)
If you create an account: email address, hashed password, and display name. We never store your password in plain text.
Payment data
Payments are processed by Stripe. We do not store credit card numbers. Stripe's privacy policy applies to payment processing.
Server logs
IP addresses are temporarily logged for rate limiting and abuse prevention. These logs are automatically deleted within 48 hours.
AI Processing and Third-Party Processors
When you send a message with @asios, we route it to one of our AI providers based on your plan. Here's what happens:
• Your message is sent to the selected provider's API endpoint (USA)
• Free plan: Groq (Llama 3.3 70B). Pro/Team: Anthropic (Claude). OpenAI may be used as a fallback.
• The provider processes it and returns a response within seconds
• None of these providers train on your data on their production API tiers
• Providers may retain the request for up to 30 days for safety/abuse monitoring only
• Your message is not retained by us after the room expires
Your data is also processed by these service providers:
Render (USA) — Database and backend compute hosting
Vercel (USA) — Frontend hosting and edge functions
Stripe (USA) — Payment processing (PCI DSS compliant)
Groq (USA) — AI inference (Free plan)
Anthropic (USA) — AI inference (Pro & Team plans)
OpenAI (USA) — AI inference (fallback)
Each of these processors is bound by their published Terms of Service and our agreements with them. See the Data Retention section below for retention windows.
What We Don't Do
- We don't sell your data to anyone
- We don't use advertising cookies or run ads
- We don't track you across other websites
- We don't store room messages after the room ends
- We don't read your messages (they're processed server-side for AI only)
- We don't send marketing emails unless you opt in
- We don't train AI models on your data
- We don't pass room IDs, message text, or any personal info into analytics
Analytics & Cookies
We use Google Analytics 4 to understand how Asios Rooms is used. We collect:
- Page views (with room link tokens stripped — the URL
/room/<token>is reported as/room/[token]) - Referrer and country (not city)
- Device class and browser type
- Aggregate event counts:
room_created,room_joined,decision_log_generated,decision_log_shared,signup_completed,checkout_started,checkout_completed
We do notshare data with Google's ads products (Google Signals is disabled), we do not pass message text, room IDs, decision-log content, or email addresses into analytics events, and event data is retained for 14 months.
On your first visit a banner asks for consent. We use Google Consent Mode v2 with all consent categories defaulted to denied until you accept. If you decline, Google Analytics receives only cookieless pings used for aggregate modeling — no identifiers are stored on your device.
You can revoke consent at any time by clearing your browser's site data for rooms.asios.app, or by installing the Google Analytics opt-out browser add-on.
Data Retention
By data type:
| Data Type | Retention Window | Notes |
|---|---|---|
| Room messages | 1 hr – 7 days | Hard-deleted on room expiration, or within 120 seconds of the host leaving — whichever comes first |
| Rate limit logs | 48 hours | Auto-deleted for abuse prevention |
| Account data | Until deleted | You own this data |
| Database backups | 30 days | Auto-purged by provider |
| Payment records | 7 years | Required by law |
Your Privacy Rights
You have the right to:
- Access: Request a copy of your account data
- Deletion: Delete your account and all associated data
- Portability: Export your account data
- Correction: Update inaccurate information
- Use without account: Create and join rooms with no personal data stored
To exercise these rights, email asios_app@proton.me
Subprocessor List
The following third-party service providers process data on our behalf:
| Provider | Purpose | Location |
|---|---|---|
| Render | Database & backend compute hosting | USA |
| Vercel | Frontend hosting & edge functions | USA |
| Stripe | Payment processing (PCI DSS compliant) | USA |
| Groq | AI inference for Free plan (does not train on your data) | USA |
| Anthropic | AI inference for Pro & Team plans (does not train on your data) | USA |
| OpenAI | AI inference (fallback; does not train on your data) | USA |
| Google Analytics | Aggregate usage analytics (subject to consent) | USA |
Security
We use industry-standard security: HTTPS encryption for all traffic, hashed passwords (bcrypt), JWT authentication, and rate limiting. The Service is hosted on Render (backend) and Vercel (frontend), both of which maintain SOC 2 compliance.
Changes
We may update this policy. Material changes will be communicated via the Service. Continued use after changes constitutes acceptance.
Privacy Requests & Contact
To exercise your privacy rights or ask questions, email us at asios_app@proton.me
We handle the following request types:
- Data access: We'll send you a copy of your account data within 30 days
- Account deletion: We'll permanently delete your account and all associated data
- Data correction: We'll update inaccurate information on your account
- Questions: We'll respond within 5 business days
Please include your account email address and a description of your request. We may ask for identity verification before fulfilling sensitive requests.
Asios LLC · Austin, TX · USA