Skip to content

Privacy Policy

Version 2.0 | Effective: September 15, 2025

1. Scope & Introduction

Assay ("we," "us," or "our") operates as a global commercial truth infrastructure provider. This Privacy Policy outlines our uncompromising commitment to data stewardship, transparency, and regulatory alignment. This policy governs the processing of Personal and Organizational Data across the Assay Platform, our public-facing domains, and our research initiatives.

By using our services, you acknowledge the processing practices described herein. We have architected our platform to meet the rigorous standards of the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and the emerging requirements of the EU AI Act.

2. Information We Collect

2.1 Customer Relationship Data

We collect information necessary to establish and maintain your enterprise account, including but not limited to: individual names, corporate titles, business email addresses, and organizational hierarchies.

2.2 Commercial Truth Data (CTD)

Information uploaded by Customers into the Truth Graph is categorized as Commercial Truth Data. While CTD primarily consists of business claims and evidence, it may contain personal identifiers. Assay processes CTD solely under the instruction of the Customer (the Data Controller).

2.3 Technical Telemetry

To maintain infrastructure resilience and platform performance, we automatically capture metadata including IP addresses, browser fingerprints, and session telemetry. This data is used exclusively for fraud prevention and performance optimization.

3. Legal Basis for Processing

We process data under the following legal frameworks:

  • Contractual Necessity: Essential for the delivery of the Assay Platform services.
  • Legitimate Interest: Protecting the security of our infrastructure and identifying enterprise growth opportunities.
  • Regulatory Compliance: Fulfilling our transparency obligations under global algorithmic and AI governance frameworks.

4. Artificial Intelligence & Transparency

Assay utilizes a neuro-symbolic engine architecture. Our AI governance framework ensures:

  • Inference Isolation: Models are executed within your isolated tenant. No customer data is used to fine-tune or train global foundation models.
  • Explainability: Every verification output includes a confidence score and a source-linked audit trail, fulfilling "Human-in-the-Loop" requirements for high-risk AI systems.

5. International Data Transfers

Assay operates on globally distributed, ISO 27001-certified infrastructure. For data transfers between the EEA/UK and the US, we utilize Standard Contractual Clauses (SCCs) and adhere to the Data Privacy Framework (DPF) to ensure an equivalent level of protection.

6. Your Rights

Depending on your jurisdiction, you may have the right to access, port, rectify, or delete your personal information. Assay provides an automated Privacy Portal for Data Subject Access Requests (DSARs). For California residents, Assay does not "sell" or "share" personal information for cross-context behavioral advertising as defined by the CPRA.

7. Contact & DPO

For inquiries regarding our data practices, please contact our Data Protection Office at privacy@assay.wiki.