Privacy Policy

Effective Date: 22/10/2025

Last Updated: 22/10/2025

This Privacy Notice explains how Ask-y (“Company,” “we,” “us,” or “our”) collects, uses, discloses, and protects personal information when you visit our website at www.ask-y.ai and interact with our marketing communications.

1. About This Company

Ask-y is a Technology company incorporated in Delaware. We are committed to protecting your privacy and handling your personal data responsibly in accordance with applicable privacy laws.

Company Details:

  • Legal Name: Ask-y
  • Contact: info@ask-y.ai

2. Information We Collect

We may collect the following categories of personal information:

Personal Identifiers:

  • Name, email address, phone number, postal address
  • Account usernames and passwords

Commercial Information:

  • Purchase history and transaction records
  • Payment information (processed securely through third-party providers)
  • Product preferences and interests

Technical and Usage Data:

  • IP address, browser type, operating system
  • Website navigation patterns and page views
  • Device identifiers and technical specifications
  • Cookies and similar tracking technologies

Demographic Information:

  • Geographic location (general area based on IP address)

Sensitive Personal Information:

  • We do not intentionally collect sensitive personal information.

3. Third-Party Data Sources and Integrations

Ask-y Prism integrates with third-party services to help you analyze and visualize your data. This section describes how we access, use, store, and protect data from these integrations.

3.1 Google BigQuery Integration

When you choose to connect your Google BigQuery account to Ask-y Prism, we access and process your BigQuery data in accordance with the following practices:

Authentication and Authorization:

  • User-Initiated Authentication: You authenticate directly through Google’s standard OAuth 2.0 authentication interface. We never access your Google account credentials.
  • Explicit Permissions: Before each data import, we request your explicit authorization to access specific BigQuery projects and datasets. You have full control over which projects and data we can access.
  • Token Management: Access tokens are encrypted using industry-standard encryption protocols (AES-256) and stored securely in Azure Key Vault. Tokens are retained only for the duration necessary to complete your requested operations and are automatically deleted when no longer needed.
  • Re-authentication: For your security, we require re-authentication for each data import session. We do not maintain persistent access to your Google BigQuery account.

Data Collection and Import:

  • User-Selected Data Only: We import only the specific projects, datasets, tables, and metadata that you explicitly select for analysis. We do not access or collect any BigQuery data without your direct instruction.
  • Secure Transfer: All data transfers between Google BigQuery and Ask-y Prism occur over encrypted connections (TLS 1.2 or higher) using the official Google Cloud SDK.
  • Import Scope: We collect:
    • Table schemas and metadata (table names, column names, data types)
    • Query results and data samples as specified by you
    • Project and dataset names that you authorize
  • No Background Processing: We never access, query, or process your BigQuery data in the background or without your explicit action. All data operations require your direct initiation through the Ask-y Prism interface.

Data Storage and Security:

  • Isolated Database Storage: Data imported from BigQuery is stored in a dedicated, encrypted PostgreSQL database instance allocated exclusively to your organization. Each customer has a completely separate database environment.
  • Encryption: All data is encrypted both in transit (TLS 1.2+) and at rest (AES-256 encryption) in our Azure Cloud infrastructure.
  • Data Residency: Your data is stored in Microsoft Azure data centers with automatic backup and disaster recovery procedures following industry best practices.
  • Access Controls: Only authorized users within your organization who have been granted explicit permissions can view or access the imported data. We implement role-based access control (RBAC) to ensure data privacy.

Data Usage:

  • Analysis and Visualization: Imported BigQuery data is used exclusively to:
    • Generate SQL queries for data analysis at your request
    • Create visualizations, charts, and reports
    • Perform analytics operations you initiate
  • AI Processing: Data samples may be sent to Azure OpenAI services (within your Azure tenant) to generate SQL queries and analytical insights. This processing:
    • Occurs only when you initiate an analytical operation
    • Uses Microsoft Azure OpenAI, which does not train on customer data
    • Is transmitted over encrypted connections
    • Does not result in your data being used to train or improve AI models
  • No Sharing or Sale: We never share, sell, or disclose your BigQuery data to third parties for any purpose, including advertising, analytics, or model training.

Data Retention and Deletion:

  • User Control: You have complete control over your imported BigQuery data. You can delete any or all imported data at any time through the Ask-y Prism interface.
  • Download Capability: You can download your complete dataset from our platform at any time without restrictions or fees.
  • Account Termination: Upon account termination or at your request, all imported BigQuery data is permanently deleted from our systems within 30 days, including all backups.
  • Token Deletion: Google BigQuery access tokens are deleted immediately upon completion of the import process or session termination.

Compliance with Google API Services User Data Policy:

Our use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

  • We use Google BigQuery data only to provide and improve Ask-y Prism’s analytics features
  • We do not transfer Google BigQuery data to others unless:
    • Necessary to provide or improve Ask-y Prism features
    • Required for security purposes (e.g., investigating abuse)
    • Required by law
    • Aggregated and used for internal operations in accordance with applicable laws and regulations
    • You provide explicit consent for additional purposes
  • We do not use Google BigQuery data for serving advertisements
  • We do not allow humans to read Google BigQuery data unless:
    • You provide explicit consent
    • It is necessary for security purposes (such as investigating abuse)
    • It is required to comply with applicable law
    • It is required for internal operations and the data is aggregated and anonymized

3.2 Other Data Sources

Ask-y Prism also supports data import from other sources including Excel files and other database systems. For these integrations:

  • Data is imported only when you upload files or provide connection credentials
  • The same security, encryption, and isolation principles described above apply
  • You maintain full control over data import, storage, and deletion

4. How We Collect Information

Direct Collection: When you voluntarily provide information by:

  • Creating an account or profile
  • Making purchases or requesting services
  • Subscribing to newsletters or communications
  • Contacting customer support
  • Participating in surveys or promotions

Automatic Collection: Through technical means including:

  • Cookies, web beacons, and similar technologies
  • Analytics tools and tracking pixels
  • Server logs and usage monitoring

5. How We Use Your Information

We process your personal information for the following business purposes:

Service Provision:

  • Fulfilling orders and delivering requested services
  • Managing accounts and customer relationships
  • Processing payments and transactions
  • Importing, storing, and processing data from third-party sources (such as Google BigQuery) that you explicitly authorize
  • Generating SQL queries and analytics using AI services to analyze your data
  • Creating visualizations, reports, and data insights based on your imported data

Marketing and Communications:

  • Sending promotional emails and newsletters (with your consent where required)
  • Personalizing marketing content and offers
  • Conducting market research and surveys

Website and Application Operations:

  • Improving website and application functionality and user experience
  • Analyzing usage patterns and performance
  • Providing customer support and technical assistance
  • Maintaining and optimizing our data analytics platform

Legal and Security:

  • Preventing fraud and ensuring security
  • Complying with legal obligations and requests
  • Protecting our rights and interests
  • Investigating potential abuse or security incidents involving your data

Limitations on Data Use:

We do NOT use your data (including data imported from Google BigQuery or other sources) for the following purposes:

  • Training machine learning models or AI systems (except as part of Azure OpenAI services which do not use customer data for training)
  • Serving advertisements or targeted marketing to third parties
  • Sharing or selling to data brokers or other third parties for their independent use
  • Any purpose not directly related to providing and improving the Ask-y Prism analytics platform

6. Data Processing and AI Services

Ask-y Prism utilizes artificial intelligence services to provide advanced analytics capabilities. This section describes how your data is processed by AI systems.

Azure OpenAI Integration:

  • Purpose: We use Azure OpenAI services to generate SQL queries, provide natural language insights, and create data analysis recommendations based on your imported data.
  • Data Transmission: When you request AI-assisted analysis, relevant data samples are transmitted securely to Azure OpenAI services hosted within our Azure tenant environment.
  • No Model Training: Azure OpenAI does not use your data to train or improve its models. Your data is processed only to respond to your specific requests and is not retained by the AI service.
  • Security: All communications with Azure OpenAI services are encrypted in transit using TLS 1.2 or higher.
  • User Control: AI processing occurs only when you actively use AI-assisted features within Ask-y Prism. You can choose not to use these features and work directly with your data.

Data Minimization:

We implement data minimization practices when using AI services:

  • Only necessary data samples and metadata are sent to AI services
  • Full datasets are not transmitted unless required for your specific analytical request
  • Personally identifiable information is excluded from AI processing when possible

7. Information Sharing and Disclosure

We may share your personal information in the following circumstances:

Service Providers:

We may share limited personal and technical information with trusted third-party vendors who assist with:

  • Cloud Infrastructure: Microsoft Azure for database hosting, encryption, and cloud services
  • AI Services: Azure OpenAI for natural language processing and query generation (data is not used for training)
  • Authentication Services: Google OAuth for secure authentication when you connect BigQuery
  • Payment Processing: Secure payment processors for transaction handling
  • Email Delivery: Email service providers for transactional and marketing communications
  • Customer Support: Support tools and platforms for assistance

Important Limitations:

  • Service providers are contractually obligated to protect your data and use it only for providing services to Ask-y
  • Your analytical data (imported from BigQuery or other sources) is NOT shared with service providers except:
    • Microsoft Azure (infrastructure provider where data is stored)
    • Azure OpenAI (only data samples necessary for analysis you request)
  • We never share your data with service providers for their own marketing, advertising, or independent business purposes

Business Transfers: In connection with mergers, acquisitions, or asset sales, subject to confidentiality obligations.

Legal Requirements: When required by law, regulation, legal process, or to protect our rights and safety.

Consent: With your explicit consent for specific purposes not covered above.

We do not sell personal information to third parties for monetary consideration.

8. Your Privacy Rights

Depending on your location and applicable laws, you may have the following rights:

Access and Portability: Request copies of your personal information in a portable format.

Correction: Request correction of inaccurate or incomplete information.

Deletion: Request deletion of your personal information, subject to legal retention requirements.

Restriction: Request limitation of processing in certain circumstances.

Objection: Object to processing based on legitimate interests or for direct marketing.

Opt-Out Rights:

  • Unsubscribe from marketing communications

To Exercise Your Rights:

  • Email: info@ask-y.ai

9. Data Security

We implement appropriate technical and organizational security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. However, no internet transmission or electronic storage is completely secure, and we cannot guarantee absolute security.

Additional Security Measures for Integrated Data:

For data imported from third-party sources such as Google BigQuery:

  • Database Isolation: Each customer organization has a completely isolated PostgreSQL database instance, ensuring your data never intermingles with other customers’ data
  • Encryption at Rest: All databases are encrypted using AES-256 encryption
  • Encryption in Transit: All data transfers use TLS 1.2 or higher encryption
  • Secure Credential Storage: API tokens and credentials are stored in Azure Key Vault with strict access controls
  • Regular Security Audits: We conduct regular security assessments and penetration testing
  • Automated Backups: Encrypted backups are performed automatically following Microsoft Azure best practices
  • Access Logging: All data access is logged and monitored for security purposes

10. Data Retention

We retain personal information only as long as necessary for the purposes outlined in this Notice or as required by applicable law. Specific retention periods include:

  • Account Information: Until account deletion plus 3 years for legal compliance
  • Imported Analytical Data (BigQuery, Excel, etc.): Retained for as long as you maintain your account and choose to keep the data. You can delete imported data at any time through the Ask-y Prism interface. Upon account deletion, all imported data is permanently deleted within 30 days.
  • Access Tokens (Google BigQuery, etc.): Deleted immediately upon completion of the authorized session or operation. Maximum retention period is 24 hours for active sessions.
  • Backup Data: Encrypted backups containing your data are retained for 30 days for disaster recovery purposes, after which they are permanently deleted. Upon your request for data deletion, backup data is excluded from recovery and purged within 30 days.
  • Usage Logs and Metadata: Retained for 12 months for security and operational purposes, then automatically deleted

Your Right to Delete Data:

You have the right to request deletion of your data at any time. Upon receiving a deletion request:

  • Your imported analytical data is immediately removed from active systems
  • All access tokens and credentials are immediately revoked and deleted
  • Backup data is marked for exclusion and permanently deleted within 30 days
  • We will confirm completion of the deletion process via email

11. Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your website experience. You can manage cookie preferences through your browser settings.

12. Third-Party Websites

Our website may contain links to external websites. We are not responsible for the privacy practices or content of these third-party sites. We encourage you to review their privacy policies before providing personal information.

13. Children’s Privacy

Our services are not directed to individuals under [AGE, typically 13 or 16]. We do not knowingly collect personal information from children under this age. If we become aware of such collection, we will take steps to delete the information promptly.

14. Changes to This Privacy Notice

We may update this Privacy Notice periodically to reflect changes in our practices or applicable laws. Material changes will be communicated through:

  • Prominent notice on our website

15. Contact Information

For privacy-related questions, concerns, or to exercise your rights:

Privacy Officer/Contact:

  • Email: info@ask-y.ai

General Contact:

  • Email: info@ask-y.ai