Privacy Policy

Last updated: 2026-05-05

This Privacy Policy explains how we handle personal data across the asambl website, desktop application, waitlist, newsletter, and beta tester programme.

Summary (Plain English)

  • Your planning vault stays on your device. We do not have access to it.
  • When AI is on, only the prompt for that specific request goes to our managed AI endpoint. AI can be switched off entirely.
  • We collect the minimum information needed to manage beta access, the waitlist, and emails from us.
  • We do not sell your data or use it for targeted advertising.
  • You can unsubscribe or ask us to delete your data at any time.
  • asambl is intended for users aged 18 or older.

Who we are

Asambl Technologies Ltd, trading as asambl, is the data controller for personal data processed through the website and desktop application. The registered address is:

71–75 Shelton Street
Covent Garden
London WC2H 9JQ
United Kingdom

Company number: 17066085

ICO registration number: ZC102886

For privacy questions or data requests, contact: privacy@asambl.app

asambl and the EU AI Act

asambl is the provider of an AI system under EU Regulation 2024/1689 (the EU AI Act). We classify the system as limited risk: it is a general-purpose productivity assistant, not a high-risk system under Annex III of the regulation.

The transparency obligation that applies to us under Article 50 is to inform you when you are interacting with an AI system. We do this in two places: in this Privacy Policy, and in the asambl desktop application itself, where AI features are clearly labelled and the AI on/off control is always available.

Microsoft is the provider of the underlying general-purpose AI model (Azure OpenAI Service). Documentation and training-data summaries for the underlying model are published by Microsoft and OpenAI under their own AI Act obligations.

What we collect

Waitlist and beta access

When you join the waitlist or beta tester programme, we may collect:

  • your email address
  • your platform preference, such as macOS or Windows
  • your main area of interest, such as fitness, finance, relationships, joy, or growth
  • whether you want to take part as a beta tester

Newsletter

When you subscribe to the newsletter, we collect your email address.

We may also use basic email engagement information, such as opens and link clicks, to understand what content is useful. We do not track your browsing behaviour across the web.

Desktop application

asambl is designed around a clear three-tier separation of where data lives.

  • Local vault. Your planning data, notes, preferences, and outputs are stored on your device under your operating system’s user data directory. The vault is never transmitted to us.
  • Local embeddings and semantic search. Embeddings are generated on your device with an on-device model (Xenova/all-MiniLM-L6-v2) and stored locally in SQLite with sqlite-vec. The semantic index never leaves the device.
  • Request-level prompts. When AI is on, only the prompt assembled for that specific request — which may include curated snippets retrieved from your vault — is sent to our managed AI endpoint via a Cloudflare Worker proxy. The full vault is not sent in one go.

The asambl application does not have a user account system. The app identifies itself to our AI proxy with an opaque beta key stored on your device; we do not link prompts to a personal profile.

Optional integrations

  • Google Calendar. If you choose to connect Google Calendar, asambl exchanges OAuth tokens and calendar API requests with your Google account. You can disconnect at any time.
  • Web search. If you enable web search inside asambl, your search query is sent to Tavily Inc. to fetch results. Off unless configured.
  • Crash reporting. If you turn on crash reporting in Settings › Data, scrubbed crash and error metadata is sent to Sentry. Off by default.
  • Auto-updates. The desktop app checks GitHub for new releases roughly every four hours. These checks necessarily expose your IP address and the asambl version you are running. They can be disabled by blocking outbound network access for the app.

Cookies and analytics

The website does not use cookies.

We use Plausible Analytics, which is cookieless and privacy-friendly. It provides aggregated website analytics without creating individual user profiles, and we do not use Google Analytics.

How AI processing works

When AI features are enabled inside asambl, the prompt for that request is sent to our managed AI endpoint, which is built on Microsoft’s Azure OpenAI Service. We do not build user profiles from your prompts and we do not retain prompts or completions on our own infrastructure beyond what is needed to deliver the response.

Microsoft processes prompts under the standard Azure OpenAI Service terms. Microsoft does not use Azure OpenAI inputs to train OpenAI’s foundation models or Microsoft’s own models. Under Microsoft’s standard configuration, prompts and outputs may be retained by Microsoft for up to thirty days for abuse monitoring and accessed only by authorised Microsoft personnel where required to investigate suspected misuse. We are working with Microsoft to confirm and, where possible, reduce this retention, and we will update this policy as that configuration is finalised.

You can switch AI off at any time from the application’s settings. With AI off, no prompts are sent.

asambl outputs are advisory drafts. We do not use AI to make decisions that produce legal or similarly significant effects on you within the meaning of Article 22 of the UK and EU GDPR.

We design asambl’s AI features to be understandable: a clear AI on/off control, per-feature labels, and plain-language descriptions of what each feature sends to our managed AI.

Data Protection Impact Assessment

We are completing a Data Protection Impact Assessment for asambl’s AI-driven features, in line with Article 35 of the UK and EU GDPR and the European Data Protection Board’s Opinion 28/2024 on AI models. A summary will be made available to regulators on request.

Why we process your data

We process personal data to:

  • manage the waitlist and beta tester programme
  • send the newsletter
  • send product updates, including beta access and major releases
  • tailor communications where you have provided optional preferences, such as platform information
  • prioritise beta invites and feedback follow-up where relevant
  • operate and secure the asambl desktop application and proxy

Legal basis

Where UK GDPR or EU GDPR applies, we rely on the following legal bases:

  • Performance of a contract. Operating the desktop application, processing AI requests when you have enabled AI features, and providing beta access.
  • Consent. Waitlist sign-ups, beta tester registration, newsletter subscriptions, opt-in crash reporting, and optional integrations such as Google Calendar.
  • Legitimate interests. Operating and securing the service, abuse monitoring on our AI proxy, and protecting against fraud.

You can withdraw consent at any time by using the unsubscribe link in an email, disabling the relevant integration in the app, or contacting us directly.

How we use email

Newsletter

The newsletter may include:

  • educational content about intentional planning and living
  • updates on how asambl is evolving
  • ideas related to building a more thoughtful life system

It is usually sent weekly or fortnightly.

Every newsletter email includes an unsubscribe link, and we do not add you to unrelated mailing lists.

Product updates

We may also send emails about:

  • beta access availability
  • new life areas or features
  • updates to the beta tester programme

You may receive both newsletter emails and product updates, and you can unsubscribe from either at any time.

Data retention

We keep personal data only for as long as needed.

  • Waitlist data: until launch or conversion of the waitlist, unless you ask for deletion earlier
  • Newsletter data: until you unsubscribe, then deleted within 30 days
  • Beta preference data: while the beta programme is active, unless you ask for deletion earlier
  • AI prompts and completions: not retained on our infrastructure beyond what is required to deliver the response. Retention by Microsoft on the Azure OpenAI Service is described above.
  • Crash reports: retained by Sentry on our behalf for the standard ninety-day default unless we configure otherwise.

We may also clean up inactive entries from time to time, for example where there has been no engagement for 12 months, and we will give notice before doing so.

Sub-processors

We use service providers to help operate the website, the desktop application, the AI proxy, and email communications. At the time of writing, those include:

  • Cloudflare — website hosting, DNS, CDN, and the Worker proxy that fronts our AI requests.
  • Resend — transactional and newsletter email delivery.
  • Microsoft (Azure OpenAI Service) — processes AI requests when you use AI features inside asambl.
  • Tavily Inc. — receives your web-search query when web search is enabled in asambl. Optional, off unless configured.
  • Google LLC (Calendar API) — receives OAuth tokens and calendar API requests when you connect Google Calendar. Optional, off unless connected by you.
  • Sentry (Functional Software, Inc.) — receives scrubbed crash and error metadata when crash reporting is enabled in Settings › Data. Off by default.
  • GitHub, Inc. — auto-update checks necessarily expose your IP address and the asambl version you are running. Required for the application to receive security updates.

These providers process data only to provide their services to us. They are not authorised to sell your data or use it for their own marketing purposes. We will update this policy when our sub-processors change.

International transfers

Some of our providers may process data outside the UK or EU.

Where this happens, we rely on appropriate safeguards, such as standard contractual clauses or the UK International Data Transfer Agreement, where required.

Notice for EU residents

asambl is a UK-based service registered with the UK Information Commissioner’s Office (ICO registration ZC102886). During the beta programme we do not currently maintain a representative in the European Union under Article 27 of the EU GDPR. EU residents should consider this before signing up. We expect to appoint an EU representative ahead of general availability and will update this policy when we do.

Your rights

If UK GDPR or EU GDPR applies to you, you may have the right to:

  • access your personal data
  • correct inaccurate data
  • ask us to delete your data
  • withdraw consent at any time
  • object to certain kinds of processing
  • request a copy of your data in a structured format
  • complain to the Information Commissioner's Office (ICO)

To exercise these rights, email: privacy@asambl.app

We aim to respond within one calendar month. If a request is complex and we need more time, we will let you know within that first month.

Security

We take reasonable steps to protect personal data, including access controls, least-privilege access, secure hosting, and encrypted connections.

No system can be guaranteed 100% secure, but we work to reduce risk and protect the information we handle.

Children

asambl is intended for users aged 18 or older. We do not knowingly collect personal data from anyone under 18. If you believe a child has signed up, contact us at privacy@asambl.app and we will delete the relevant data.

Changes to this policy

We may update this Privacy Policy as the product and services evolve, including as further provisions of the EU AI Act take effect.

When we do, we will update the “Last updated” date above. If a change is significant, we will notify existing subscribers by email before it takes effect.

Changelog — 2026-05-05: restructured the AI section into local vault, local embeddings, and request-level prompts; added EU AI Act provider declaration; extended the sub-processor list to include Tavily, Google Calendar, Sentry, and GitHub; raised the minimum age to 18; added DPIA, Article 22, and EU residents notices.

Contact

For privacy and data requests: privacy@asambl.app

For general enquiries: contact@asambl.app