← Back to Assistly

Privacy Policy

Last updated: 5 July 2026

This policy explains how Assistly collects, uses, and protects personal data in line with UK GDPR and the Data Protection Act 2018. It applies to everyone who uses the Service — workspace owners, admins, and employees.

Data controller: Assistly, operated as a sole trader based in England. Assistly is the data controller for the personal data described in this policy.

What data we collect

  • Account details: name, email address, and password (stored as a hash by our authentication provider, never in plain text).
  • Workspace content: business context, chat messages, tasks, notes, incidents, handover notes, and announcements you or your team create.
  • Usage data: log-in activity, feature usage, and audit trail entries, used to keep the Service secure and improve it.
  • Billing information: handled entirely by Stripe — we never see or store full card numbers.
  • Device information for push notifications, if you opt in (browser push subscription tokens).

How we use it

We use your data to operate the Service: to authenticate you, power your assistant's answers with your business context, run the features you use (tasks, notes, incidents, handover, search), send transactional emails and notifications, process payments, and keep the platform secure. We also use aggregated usage patterns to improve the product — for example, spotting knowledge gaps or reliability issues. We do not use your workspace content to train AI models, and we do not sell personal data to third parties.

How and where it's stored

Your data is stored in Supabase, backed by a managed Postgres database hosted on UK and EU infrastructure. Row Level Security policies restrict every workspace's data so it's only ever readable by members of that workspace (or, in exceptional cases, platform administrators troubleshooting a support issue).

Third-party services

  • Anthropic — processes your messages and business context, via the Claude API, to generate the assistant's responses.
  • Stripe — processes subscription payments and stores payment card details on our behalf.
  • Resend — delivers transactional emails (welcome, invites, incident and announcement notifications).
  • Supabase — hosts our database and handles authentication.
  • Vercel — hosts the application itself.

Each of these providers processes data only as necessary to provide their service to us, under their own data processing agreements.

Your rights

Under UK GDPR you have the right to access, rectify, erase, or port your personal data. You can do all of this yourself, at any time, from your account settings:

  • Access & portability — download a full copy of your data from the Account page.
  • Rectification — update your display name and profile details directly.
  • Erasure — permanently delete your account and associated data from the Account page.

If you need help with any of these, or want to raise a wider data protection concern, contact us using the details below.

Cookies

We don't use tracking or advertising cookies. The only cookies we set are strictly necessary session cookies used to keep you signed in.

Data retention

We retain your account data for as long as your account is active, until you request deletion. Chat messages are retained for 12 months, after which they're automatically deleted. If you delete your account, your personal data and workspace content associated with you is permanently removed, other than records we're required to keep for legal or accounting purposes.

Contact

Questions about this policy or your data? Email us at hello@assistly.uk, message us on WhatsApp at +44 7535 542607 or via the contact form on our landing page. You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk.