Privacy Policy

Last updated: May 2025

This Privacy Policy describes how Azetly ("we", "us", or "our") collects, uses, and protects your personal information when you use our personal asset management platform at azetly.com. By using Azetly, you agree to the collection and use of information as described here.

1. Information We Collect

We collect information you provide directly and data generated as you use the platform:

  • Account information: Your name, email address, and password when you register with an email and password, or your name and email from Google when you sign in with Google OAuth.
  • Asset data: Details you enter about your assets, including names, types, valuations, purchase costs, purchase dates, and any notes.
  • Documents: Files you upload to the document vault for any asset (PDFs, images, receipts, contracts, etc.).
  • Event and payment data: Dates, amounts, and descriptions of events (payments, renewals, service dates) you log against your assets.
  • Usage data: Basic technical information such as your IP address, browser type, and pages visited, collected via server logs and Vercel Analytics. This data is anonymised and used only for performance monitoring.

2. How We Use Your Information

We use the information we collect to:

  • Create and manage your account and authenticate your identity.
  • Provide the core asset management features of the platform.
  • Send transactional emails — including email verification, password reset, and security notifications. We do not send marketing emails without your explicit consent.
  • Monitor and improve the performance and reliability of the service.
  • Detect, investigate, and prevent fraudulent, unauthorised, or illegal activity.
  • Comply with applicable legal obligations.

We do not sell, rent, or share your personal data with third parties for advertising or marketing purposes.

3. Data Storage & Security

Your account and asset data are stored in a PostgreSQL database hosted on Neon (neon.tech), a serverless PostgreSQL provider. Uploaded documents are stored in Microsoft Azure Blob Storage, in a private container accessible only to your account.

We implement the following security measures:

  • Passwords are hashed using bcrypt with a salt factor of 12 before storage. We never store plain-text passwords.
  • All data in transit is protected by TLS (HTTPS). We enforce HSTS with a two-year max-age and preload eligibility.
  • Row-level access controls ensure each user can only read and modify their own data.
  • Authentication tokens and session cookies are signed with a secret key, set as httpOnly, and scoped to the application domain.
  • Database credentials and API keys are stored as environment variables and never committed to source code.

While we take industry-standard precautions, no system is completely immune to security risks. We will notify you promptly in the event of a data breach that affects your personal information.

4. Sharing of Information

We do not sell or rent your personal data. We share information only in the following limited circumstances:

  • Service providers: We use third-party services strictly to operate the platform — Neon (database), Microsoft Azure (file storage), Resend (transactional email), Vercel (hosting and analytics), and Google (OAuth sign-in). Each provider is bound by its own privacy and data protection policies.
  • Legal requirements: We may disclose your information if required to do so by law, court order, or governmental authority.
  • Business transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred as part of the transaction. You will be notified before your data is transferred or becomes subject to a different privacy policy.

5. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Request correction of inaccurate or incomplete data.
  • Deletion: Request deletion of your account and all associated data. You can initiate this by contacting us at contact@azetly.com.
  • Portability: Export your asset and event data at any time using the CSV export feature available in the Reports section.
  • Withdraw consent: Where processing is based on your consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, contact us at contact@azetly.com. We will respond within 30 days.

6. Cookies

Azetly uses a minimal number of cookies, all strictly necessary for the service to function:

  • An authentication session cookie (httpOnly, SameSite=Lax) to keep you signed in.
  • A CSRF token cookie to protect form submissions.

We do not use tracking cookies, advertising cookies, or any third-party analytics cookies that identify individuals. Vercel Analytics uses anonymised, cookieless measurements.

7. Data Retention

We retain your personal data for as long as your account is active. If you delete your account, we will delete your personal data within 30 days, except where we are required to retain it for legal or regulatory compliance. Anonymised, aggregated usage statistics may be retained indefinitely.

8. Children's Privacy

Azetly is not directed at children under 13. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users by email of material changes at least 14 days before they take effect. The "Last updated" date at the top of this page reflects the most recent revision. Continued use of Azetly after changes take effect constitutes your acceptance of the revised policy.

10. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:

Azetly

Email: contact@azetly.com

Website: azetly.com