Privacy Policy

When you interact with AssetZentri — whether through our website, platform, or free trial form — we collect the following categories of information:

• Account & Contact Data: Full name, work email address, company name, and phone number provided during sign-up or contact form submission.
• IT Asset & Inventory Data: Device metadata, software inventory, license assignments, and SaaS application data discovered through integrations you authorize (e.g., Azure AD, Intune, Google Workspace).
• Identity & Access Data: User directories, role assignments, OAuth grants, and session activity synced from connected Identity Providers.
• Usage & Log Data: Feature usage, audit logs, API call records, and browser/device information collected automatically when you use the platform.
• Contract & Compliance Data: Vendor contract documents, Terms & Conditions URLs, and compliance framework mappings you upload or configure.

• To deliver, operate, and continuously improve the AssetZentri platform and its features.
• To respond to free trial requests and contact form submissions in a timely manner.
• To send transactional communications such as onboarding guides, trial confirmations, and important product updates.
• To power AI-assisted features — including the T&C Risk Scanner and Policy Comparison Engine — using the LLM provider you select. Your data is never used to train third-party AI models.
• To maintain platform security, detect anomalies, and enforce usage policies.
• To comply with applicable legal obligations and produce compliance evidence reports on your behalf.

AssetZentri is built with a multi-tenant architecture featuring row-level tenant isolation. Every database query is scoped to your organization — your data is never accessible to other tenants. Data never crosses tenant boundaries.

Device authentication uses Zero Trust mTLS with X.509 certificates issued by an internal Certificate Authority with HSM-backed private key storage. Mutual TLS ensures both the device and server authenticate each other — no trust is implicit. Certificates are automatically rotated, and compromised devices can be revoked instantly.

We share data only with trusted sub-processors required to deliver the platform:

• Cloud Infrastructure: Hosting and storage providers operating under strict data processing agreements.
• AI Providers (optional): OpenAI, Anthropic Claude, or self-hosted LLaMA — used only when you enable AI features. Data sent to these providers is governed by your configuration and their respective privacy policies.
• Payment Processors: Stripe and/or Razorpay for subscription billing. Payment card data is never stored on AssetZentri servers.
• Email Delivery: Transactional email providers used solely to deliver platform notifications and confirmation replies.

All sub-processors are bound by data processing agreements compliant with applicable privacy regulations including GDPR.

We retain your data for as long as your account is active or as needed to provide services. Upon account termination, data is purged within 90 days unless retention is required by applicable law.

Audit logs are retained for a minimum of 12 months to support compliance evidence requirements under SOC 2, ISO 27001, and other frameworks. You may request earlier deletion at any time — see Section 07 for how to exercise this right.

Our website uses essential cookies for session management and security only. We do not use third-party advertising cookies or behavioral tracking technologies.

Any analytics used are privacy-preserving and do not identify individual users. You can disable non-essential cookies through your browser settings without affecting core platform functionality.

Depending on your jurisdiction (including GDPR, CCPA, and similar regulations), you may have the right to:

• Access a copy of the personal data we hold about you.
• Correct inaccurate or incomplete information.
• Request deletion of your personal data ("right to be forgotten").
• Restrict or object to certain processing activities.
• Receive your data in a portable, machine-readable format.
• Withdraw consent at any time, where processing is based on consent.

AssetZentri's data practices are designed to support organizations operating under the following regulatory and security frameworks:

• GDPR — EU General Data Protection Regulation. Data Processing Agreements (DPAs) are available upon request.
• HIPAA — For healthcare-adjacent organizations handling PHI through integrations.
• SOC 2 Type I/II — Our platform's Compliance Automation module can generate evidence of these controls on your behalf.
• ISO 27001 — Information security management controls mapped and continuously monitored.
• PCI-DSS — For organizations in scope for payment card data security.
• SEBI-CSCRF — AssetZentri is the only platform with complete SEBI Cybersecurity and Cyber Resilience Framework coverage.

To request a DPA or compliance documentation, contact privacy@assetzentri.com.

We may update this Privacy Policy from time to time. Material changes will be communicated via email or an in-platform notice at least 14 days before taking effect. The "Last Updated" date at the top of this page reflects the most recent revision. Continued use of the platform after the effective date constitutes acceptance of the updated policy.

For any privacy-related inquiries or concerns, please reach out to us directly: