Legal
Privacy Policy
Effective: June 7, 2026 · Codebyte Ltd., Israel
This Privacy Policy describes how Codebyte Ltd. ("Codebyte", "we", "us") collects, uses, and protects information when you use Asistry ("Service"). We are committed to protecting your personal data in accordance with applicable law, including the Israeli Privacy Protection Law and, where applicable, the EU General Data Protection Regulation (GDPR).
1. Data we collect
| Category | Examples | Why |
|---|---|---|
| Account data | Email, name, OAuth identity | Authentication, communication |
| Usage data | Pages visited, features used, timestamps | Analytics, product improvement |
| Task / content data | Task titles, notes, agent outputs | Deliver the Service |
| Integration tokens | OAuth refresh tokens (encrypted) | Connect third-party services |
| Technical data | IP address, browser type, error logs | Security, debugging |
2. How we use your data
- Provide, operate, and improve the Service
- Authenticate you and keep your account secure
- Execute agent actions on third-party platforms at your direction
- Send transactional emails (security alerts, billing receipts)
- Analyse aggregate usage patterns to improve the product
- Comply with legal obligations
We do not sell your personal data to third parties. We do not use your data to train AI models without your explicit consent.
3. Data storage and security
Your data is stored in Supabase (PostgreSQL) hosted in the EU region. Sensitive credentials (API keys, OAuth refresh tokens) are encrypted at rest using AES-256 via pgcrypto. Access is governed by row-level security policies; each user can only access their own rows.
We use industry-standard transport security (TLS 1.2+) for all data in transit. Regular backups are encrypted and stored separately.
4. Third-party processors
| Processor | Purpose | Location |
|---|---|---|
| Supabase | Database, authentication | EU |
| Vercel | Application hosting | EU / global edge |
| Google Analytics | Usage analytics | US |
| Vercel Analytics | Performance analytics | EU / global edge |
5. Google user data and Limited Use
Asistry connects to Google services using OAuth. We request only the read-only Google Calendar scope (calendar.readonly) together with your basic profile (name, email address). We access this Google user data solely to display your calendar events within the Service, at your direction.
Asistry's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.
We do not sell, rent, or otherwise disclose your Google user data to third parties. We share, transfer, or disclose Google user data only:
- to the infrastructure sub-processors listed in Section 4 (Supabase, Vercel) that host and operate the Service on our behalf, under contractual confidentiality and data-protection obligations;
- where required to comply with applicable law or a valid legal request; or
- with your explicit consent.
We do not use Google user data for advertising and we do not transfer it to data brokers or information resellers. We do not use Google user data, or any Google Workspace API data, to develop, improve, or train generalized or non-personalized AI and/or machine-learning models.
6. AI and machine learning
Certain optional features (such as task enrichment, prompt enhancement, and suggestions) use a third-party AI integration: the Google Gemini API. These features operate on a bring-your-own-key basis — they call the Google Gemini API using your own Google API key, which you provide and which is stored encrypted at rest (AES-256).
These AI features process only the dashboard content you enter, such as task titles, descriptions, and prompts. They do not process Google user data obtained through the Google OAuth scopes (including your Google Calendar data). We do not use any Google Workspace API data to develop, improve, or train AI or machine-learning models.
7. Cookies
We use strictly necessary cookies (Supabase session token) and analytics cookies (Google Analytics, Vercel Analytics). You can opt out of analytics cookies via your browser settings or by using a content blocker.
8. Data retention
We retain your data for as long as your account is active. If you delete your account, we will delete or anonymise your personal data within 30 days, except where we are required to retain it for legal or audit purposes (up to 7 years for financial records under Israeli law).
9. Your rights
Subject to applicable law, you have the right to:
- Access — request a copy of your personal data
- Rectification — correct inaccurate data
- Erasure — request deletion of your data
- Portability — receive your data in a machine-readable format
- Objection — object to processing based on legitimate interests
- Restriction — request restriction of processing in certain circumstances
To exercise any right, email privacy@asistry.com. We will respond within 30 days.
10. International transfers
If you are in the EEA, your data may be transferred to and processed in countries outside the EEA. We ensure appropriate safeguards are in place (Standard Contractual Clauses or adequacy decisions) for all such transfers.
11. Children
The Service is not directed at children under 18. We do not knowingly collect data from children. If you believe a child has provided us data, contact us and we will delete it.
12. Changes to this policy
We may update this policy from time to time. We will notify you of material changes via email or in-app notice before they take effect.
13. Contact
Data Controller: Codebyte Ltd., Israel
privacy@asistry.com