Privacy Policy
Last updated: Nov 8, 2025
Policies
Introduction
This Privacy Policy explains how Askiva (“Askiva,” “we,” “us,” or “our”) collects, uses, discloses, and protects personal data when you visit our website, request a demo, or otherwise communicate with us (the “Services”). By using the Services, you agree to the practices described here. If you do not agree, please do not use the Services.
Plain-language summary: Askiva is currently available via demo requests and limited pilots/early access. We primarily collect contact information to respond to demo requests and schedule walkthroughs. If you participate in a pilot, we may process research data (such as transcripts and summaries) on behalf of our customers. We do not use Customer Content to train machine-learning models without explicit opt-in.
Who we are and scope
Askiva operates the Services made available at askiva.io.
This Policy applies to:
Website and demo request data collected from visitors and people who submit our forms (Askiva acts as Controller for this data), and
Research data about Participants processed on behalf of our customers during pilots/early access (Askiva acts as Processor; the customer organization acts as Controller). For EEA/UK processing, our Data Processing Addendum (“DPA”) governs Controller–Processor roles.
Personal data we collect
We collect the following categories of personal data depending on how you interact with the Services:
A) Demo Request & Contact Data
Name
Work email address
Company name (optional)
Message content you submit (optional)
Follow-up communications (emails you send/receive with us)
B) Website Usage & Device Data
IP address, device/browser type, operating system
Pages visited, referrer URLs, approximate location (e.g., country/city level)
Log data, timestamps, and security events
C) Cookies and Similar Technologies
Necessary cookies for site functionality and security
Functional cookies for preferences (where applicable)
Analytics cookies (where applicable, subject to consent where required)
D) Pilot / Early Access Research Data (only if applicable)
If you join a pilot or early access and your organization uses Askiva for interviews or research workflows, we may process:
Participant lists uploaded by our customer (e.g., names, emails, participant metadata)
Interview/session metadata (time, duration, invitees)
Real-time text transcripts and derived outputs (summaries, highlights, exports)
Note: Askiva currently does not store raw audio or video. See Section 7.
How we use personal data (purposes & legal bases)
Where GDPR applies (EEA/UK), we process personal data under the following legal bases:
A) To respond to demo requests and communicate with you (contract/pre-contract steps; legitimate interests)
We use your contact details to reply, answer questions, and schedule a demo.
B) To operate, secure, and improve the Services (legitimate interests)
We monitor performance, prevent abuse, debug issues, and improve reliability.
C) To provide pilot/early access Services (if applicable) (contract; legitimate interests)
We process research data on behalf of our customers to deliver the requested functionality.
D) Analytics (where used) (legitimate interests; consent where required)
We analyze aggregated usage trends to improve user experience and site performance.
We obtain consent where required by law (e.g., certain cookies or marketing in specific jurisdictions).
Customer Content, ownership, and model training
You (or your organization) retain ownership of Customer Content, including transcripts, summaries, and exports. You grant us a limited license to process Customer Content only to provide, secure, troubleshoot, and improve the Services.
No model training without opt-in: We do not use Customer Content to train machine-learning models without your express opt-in. We may use aggregated and anonymized information for analytics and product improvement.
Participant transparency and consent
Customers are responsible for providing clear notices to Participants and obtaining any required consents (e.g., transcription consent, privacy disclosures, local recording/transcription laws). We may provide templates or technical prompts, but customers control their Participant relationship and compliance choices.
Recordings and transcripts
Askiva currently does not store raw audio or video. Where technically feasible, the AI agent processes audio ephemerally to generate real-time text transcripts. Those transcripts and derived outputs (summaries/highlights/exports) may be saved as part of the research record if your organization uses Askiva in a pilot/early access.
If audio/video capture is introduced later, we will update this Policy and obtain appropriate consents where required.
Cookies and similar technologies
We use cookies and similar technologies to remember preferences, secure sessions, and measure engagement. Categories may include: (i) strictly necessary, (ii) functional, and (iii) analytics. Marketing cookies are minimal or not used by default.
You can manage cookies through your browser settings. Where required by law, we obtain consent for non-essential cookies and provide a settings panel or consent banner.
How we share personal data
We use reputable vendors to help us operate and secure the Services (collectively, “Subprocessors”). These vendors process personal data only on our instructions and subject to appropriate contractual safeguards. We remain responsible for their performance.
Current key providers include:
Hosting / infrastructure: DigitalOcean (FRA1 – Frankfurt, Germany)
Scheduling: SimplyMeet
Payments (if applicable): Dodo Payments (we do not store full card numbers)
A current list of Subprocessors is available on request
Legal and compliance
We may disclose personal data if required by law, in response to a lawful request, or to protect rights, safety, and the integrity of the Services.
We do not sell personal data and do not share it for cross-context behavioral advertising as defined by applicable privacy laws.
International transfers and data residency
Your data may be processed in countries other than your own. Where cross-border transfers occur, we use appropriate transfer mechanisms such as the EU Standard Contractual Clauses and the UK IDTA/appendix, as applicable.
Data residency (if you want to keep this claim): Customer Content may be hosted in [region/datacenter, e.g., Frankfurt, Germany]. If our transfer mechanisms materially change, we will update this Policy and/or our DPA.
Data retention
We retain personal data only as long as necessary for the purposes described:
Demo request/contact data: typically retained up to [12 months] after our last interaction, unless a longer period is needed for legitimate business purposes or required by law.
Pilot/early access Customer Content (if applicable): retained according to our agreement/DPA with the customer. When a customer deletes content, we delete from active systems promptly and purge from backups within [45 days] (or your actual backup window).
Logs and security telemetry: generally retained up to [12 months] unless extended for security investigations.
Support communications: retained up to [24 months] to improve support quality and track recurring issues.
We honor legal holds and statutory retention duties where applicable.
Security
We implement appropriate technical and organizational measures to protect personal data, including encryption in transit (TLS), access controls, audit logging, and secure secret management. No system can be 100% secure; we continuously improve our safeguards.
Roles under data protection law (EEA/UK)
For EEA/UK personal data:
Website/demo request data: Askiva acts as Controller.
Research/Participant data (pilot/early access): the customer acts as Controller; Askiva acts as Processor under a DPA available on request.
We will notify customers of a personal data breach affecting Processor data without undue delay and in line with applicable legal requirements.
Your rights
Depending on where you live, you may have rights to access, rectify, erase, restrict, object, or port your personal data, and to withdraw consent where processing is based on consent.
EEA/UK: You can exercise GDPR rights by contacting support@askiva.io. You also have the right to lodge a complaint with your local supervisory authority or the UK ICO.
US (e.g., CA/VA/CO/CT/UT): You may have rights to know/access, correct, delete, and opt-out of sale or sharing (we do not sell or share as defined). We do not discriminate for exercising rights.
We may ask you to verify your identity. If we process data on behalf of a customer (Processor role), we will forward your request to the relevant Controller.
Marketing communications
If you subscribe to updates or if permitted by law, we may send product news. You can opt out at any time via the email footer. Transactional/service notices are not marketing.
Children
The Services are not directed to children under 18 and we do not knowingly collect personal data from them. Do not involve minors as Participants unless we agree in writing and all legal requirements are met.
Changes to this Policy
We may update this Policy from time to time. For material changes, we will provide reasonable notice (e.g., via website notice or email, where applicable). Your continued use after the effective date means you accept the updated Policy.
Contact
Questions, requests, or complaints about privacy can be sent to support@askiva.io. We will respond within a reasonable timeframe, and where required by law, within statutory deadlines.