Privacy Policy
Last updated: 2026-04-17
This policy describes how AshlrAI Inc (“ashlr”, “we”, “us”) handles information when you use the ashlr-plugin and the hosted services at api.ashlr.ai and plugin.ashlr.ai.
Controller: AshlrAI Inc, a Delaware corporation. Questions to support@ashlr.ai.
1. What the free tier collects
Nothing that leaves your machine. The free tier of ashlr-plugin runs entirely locally. Usage statistics (tool call counts, token totals, session durations) are written to ~/.ashlr/stats.json on your own filesystem. That file never leaves your computer unless you explicitly copy it somewhere.
We do not run analytics, we do not phone home, and we do not collect crash reports on the free tier. The plugin ships with zero telemetry hooks.
2. What the Pro tier collects
When you subscribe to ashlr Pro or Team, you create an account. We collect the minimum data necessary to operate the service:
- Email address — used for billing, magic-link sign-in, and transactional notifications (receipts, renewal reminders, material policy changes).
- Aggregated usage statistics — tool call counts and total token figures per session, uploaded so your dashboard and savings ledger work across machines. These are numeric counters only. No file contents, no file paths, no working directory, no code, no chat transcripts.
- Stripe payment metadata — subscription status, plan tier, billing interval, last-four digits of card, country. Stripe stores full card data; we never see or store raw card numbers.
- Audit log of gated tool calls — timestamp, tool name, and whether the call was allowed or rate-limited. Stored for compliance. No arguments or outputs are logged.
3. What we will never collect
Regardless of plan, we will never collect:
- File contents or code
- File paths or working directory
- Git history or diffs
- Environment variables or shell state
- Chat transcripts or LLM prompts/responses
- IP addresses (beyond what Fly.io logs at the TLS layer and discards)
- Any biometric, health, or financial data beyond what Stripe provides for billing
4. Third-party processors
We share limited data with the following sub-processors, each under a Data Processing Agreement (DPA):
| Processor | Purpose | Data shared |
|---|---|---|
| Stripe | Payment processing, subscription management | Email, billing address, payment method |
| Resend | Transactional email delivery | Email address, email content |
| Fly.io | API backend hosting | All API request data in transit |
| Neon | Postgres database (accounts, stats, audit logs) | All stored account data |
| Vercel | Marketing site hosting | Page request metadata (no user data stored) |
We do not sell your data to any third party. We do not use advertising networks.
5. Cookies
The ashlr marketing site does not set any cookies of its own. Stripe sets cookies on the checkout and billing portal pages only; those cookies are necessary for payment processing and fraud prevention. We display a notice on those pages before any Stripe script executes. We do not use advertising cookies, tracking pixels, or analytics cookies.
6. Data retention
- Aggregated stats uploads: retained for 365 days, then permanently deleted.
- Audit logs (gated tool calls): retained for 7 years in line with SOC 2 standards, then permanently deleted.
- Account data (email, subscription status): retained until you request deletion or 90 days after subscription lapse, whichever comes first.
- Stripe records: subject to Stripe’s own retention policy; typically 7 years for financial records.
7. Your rights
You may exercise the following rights at any time by emailing support@ashlr.ai:
- Access: request a copy of the data we hold about you.
- Correction: ask us to fix inaccurate data.
- Deletion: request erasure of your account and associated data. We will fulfill within 30 days, subject to legal retention obligations (audit logs).
- Portability: receive your data in a machine-readable format (JSON).
- Objection / restriction: object to processing or ask us to restrict use while a dispute is resolved.
We will respond to rights requests within 30 days. We do not charge a fee for reasonable requests.
8. Data residency
Data is stored primarily in US-East (iad) on Fly.io and Neon infrastructure. If you are an EU-based user or organization and require in-region data storage, contact support@ashlr.ai — we will stand up an EU region on demand. International transfers from the EU are governed by Standard Contractual Clauses (SCCs) under GDPR Article 46(2)(c).
9. Children
ashlr is not directed at children under 13. We do not knowingly collect personal data from anyone under 13. If you believe a child has provided us personal data, contact support@ashlr.ai and we will delete it promptly.
10. Changes to this policy
We will notify you by email at least 30 days before any material change to this policy takes effect. Non-material changes (typos, clarifications, updated sub-processor links) may be made without notice, and the “Last updated” date at the top of this page will reflect them. Continued use of ashlr Pro after a material change becomes effective constitutes acceptance of the updated policy.
11. Contact
Privacy inquiries: support@ashlr.ai
General inquiries: support@ashlr.ai