SEO from $300/mo AI-powered, human-verified No agency markup Transparent platform included
/// Privacy Policy

Your data is yours. We protect it accordingly.

Last updated: February 28, 2026

1. Introduction

askotter LLC ("askotter," "we," "us," or "our") operates the askotter.ai platform. This Privacy Policy explains how we collect, use, disclose, and protect information when you use our website and platform services (collectively, the "Services").

By using our Services, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use the Services.

2. Information We Collect

Account Information

When you create an account or request access, we collect your name, email address, company name, and role. Authentication credentials (passkeys, MFA tokens) are managed through our identity provider and are never stored in plaintext.

Connected Data Sources

When you connect third-party tools (e.g., Shopify, Stripe, Google Analytics), we access and store the data you authorize through those integrations. This data is stored in your tenant-isolated data lake and is never shared with other customers or used to train AI models.

Usage Data

We collect information about how you interact with the Services, including chat queries, agent configurations, pages visited, features used, and timestamps. This data helps us improve the platform and provide support.

Chat Query Data and Data Lake Interactions

When you use the natural-language chat interface to query your data lake, we collect and retain the following:

  • Query text: The natural-language question you submit, retained for security auditing, debugging, and support purposes.
  • Generated query plans: The intermediate structured queries (e.g., SQL, API calls) the system constructs to fulfill your request, retained for audit and error diagnosis.
  • Result metadata: Aggregate statistics about query results (row counts, execution time, data sources queried) are logged. Full result payloads are not stored server-side unless you explicitly save or export them.
  • Chat session history: Conversation threads are retained within your tenant for the duration of the session and accessible to you in your chat history. Session logs are purged after 90 days unless you save them.
  • Error and anomaly logs: Failed queries, access denials, and anomalous patterns are logged for security monitoring and are reviewed by our team only when investigating a security incident or support request.

Query logs are stored within your tenant-isolated environment and are never accessible to other customers. askotter staff may access query logs only for the purpose of resolving a support request you have initiated, or investigating a security incident affecting your account, with access governed by our least-privilege access controls.

Website Analytics

Our marketing website uses Google Analytics 4 to collect anonymized browsing data including pages viewed, referral sources, and general device/browser information. This data is used for website improvement and marketing attribution.

3. How We Use Your Information

  • Provide the Services: Process your queries, run AI agents against your connected data sources, and deliver insights and recommendations.
  • Maintain your account: Authenticate your identity, manage sessions, and enforce security controls.
  • Improve the platform: Analyze usage patterns to improve features, performance, and reliability.
  • Communicate with you: Send service updates, security notifications, and (with consent) product announcements.
  • Ensure security: Detect and prevent fraud, abuse, and unauthorized access.

4. How We Protect Your Information

We implement enterprise-grade security controls to protect your data:

  • Encryption in transit: TLS 1.3 (preferred) and TLS 1.2 on all connections. AEAD-only cipher suites with Perfect Forward Secrecy.
  • Encryption at rest: Column-level encryption (Always Encrypted), Transparent Data Encryption, and AES-256 volume encryption. AWS Redshift data lake encrypted at rest.
  • Tenant isolation: Your data is stored in a logically isolated data lake. Agent flows execute in per-tenant isolated environments with no cross-tenant data access.
  • Access controls: Zero-trust architecture with MFA/passkey enforcement. Least privilege permissions for all service accounts.
  • Secrets management: All credentials stored in encrypted vaults or encrypted database columns. No secrets in source code or environment variables.

For complete details, see our Security page.

4a. Data Lake Security and Query Isolation

The data lake chat interface is designed with the following security controls to protect your data lake and the integrity of query results:

  • Tenant-scoped query execution: Every query generated by the chat interface is scoped to your tenant's data lake. Cross-tenant data access is architecturally prevented at the query execution layer.
  • Prompt injection protection: We apply safeguards to detect and block attempts to manipulate the AI translation layer through crafted query text intended to bypass data access controls or extract system information.
  • Result isolation: Query results are delivered only to the authenticated session that initiated the query. Results are not cached in shared infrastructure and are not accessible to other users or tenants.
  • Audit trail: All chat queries and data lake interactions are logged in an immutable audit trail within your tenant. Audit logs are available to account administrators and can be exported on request.
  • Rate limiting and anomaly detection: Unusual query patterns (e.g., high-volume data extraction attempts) trigger automated alerts and may result in temporary access suspension pending review.

Despite these controls, no system is perfectly secure. If you suspect unauthorized access to your data lake or unusual query activity, contact us immediately at security@askotter.ai.

5. Data Sharing and Disclosure

We do not sell your personal information. We do not use your connected business data to train AI models. We may share information only in these circumstances:

  • Service providers: We use Azure (front-end, identity, API) and Amazon Web Services (AWS Redshift data lake, compute) to host and operate the platform. These providers process data on our behalf under contractual obligations.
  • AI providers: Chat queries and relevant data lake result excerpts may be processed by third-party AI models (such as Anthropic Claude, Google Gemini, or OpenAI) solely to generate responses. We minimize the data sent to AI providers by passing only the portions of your data lake results necessary to fulfill the specific query. We do not send full dataset exports to AI providers. AI providers do not retain your data for model training under our enterprise agreements with them. Queries and results are transmitted over encrypted connections.
  • Legal requirements: We may disclose information if required by law, subpoena, or court order, or to protect the rights, safety, or property of askotter, our users, or the public.
  • Business transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.

6. Data Retention

We retain your account information and connected data for as long as your account is active. AI analysis nodes operate in-memory. No sensitive intermediate data is persisted beyond the flow lifecycle.

Specific retention periods for data lake chat activity:

  • Chat session history: Retained for 90 days from the date of the session, then automatically purged unless you save the conversation.
  • Query and audit logs: Retained for 12 months for security and compliance purposes, then purged. Enterprise customers may request extended retention periods.
  • Query result payloads: Not stored server-side. Results exist only in your active browser session and in any exports you choose to save.
  • Security incident logs: Retained for up to 3 years to support investigation and legal obligations.

If you close your account, we will delete your personal information, connected data, and query logs within 30 days, except where retention is required by law or for legitimate business purposes (e.g., fraud prevention, legal obligations). You may request a full export of your query history before closing your account.

7. Your Rights

Depending on your location, you may have the following rights regarding your personal information:

  • Access: Request a copy of the personal information we hold about you.
  • Correction: Request correction of inaccurate personal information.
  • Deletion: Request deletion of your personal information, subject to legal retention requirements.
  • Data portability: Request an export of your data in a machine-readable format.
  • Opt-out: Unsubscribe from marketing communications at any time.

To exercise any of these rights, contact us at brian@askotter.ai.

8. Cookies and Tracking

Our website uses:

  • Essential cookies: Required for authentication, session management, and security. These cannot be disabled.
  • Analytics cookies: Google Analytics 4 for understanding how visitors use our website. You can opt out using browser settings or the Google Analytics opt-out extension.
  • Preference cookies: Used to remember your settings (e.g., light/dark theme).

9. Third-Party Services

The Services may contain links to third-party websites or integrate with third-party tools at your direction. We are not responsible for the privacy practices of those third parties. We encourage you to review their privacy policies before connecting your accounts.

10. Children's Privacy

The Services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that a child has provided us with personal information, we will take steps to delete it.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date. Your continued use of the Services after changes constitutes acceptance of the updated policy.

12. Contact Us

If you have questions about this Privacy Policy or our data practices, contact us at:

askotter LLC
Email: brian@askotter.ai