Skip to main content

How does Assembled handle sensitive information?

  • Updated

Protecting your sensitive information — and that of your customers — is our priority. This article explains our privacy policies, how we handle customer data, and what options you have for controlling your information. If you're conducting a security review or need help with your own data request, you'll find the details here.

 

In this article:

 

What is Assembled's privacy policy?

To help you understand how we collect, use, and protect your information, we'll summarize the main points of our privacy policy in this article. For complete information about data handling, please read our full privacy policy

 

What data does Assembled collect?

We collect data about our users and anyone who visits our website. 

For example, we may collect:

  • Information about your device, such as IP address, browser or device type, operating system, or location data.
  • How you use our services and products, including pages you view, features you enable, and aggregated user behavior data that will help us provide a better experience.
  • We use cookies to maintain your authenticated user sessions, enable features, better understand how you interact with our services, and monitor usage patterns to improve your experience. 
  • Data from third parties, like tools you connect to our service. 

To learn more about the specific data we can access, review the details in our privacy policy

 

How does Assembled handle my data?

To help us keep your information safe:

  • All data is encrypted in transit using TLS 1.2 or above.
  • Data at rest is protected with AES-256 encryption.
  • We're SOC 2 Type II certified, demonstrating our commitment to security, availability, processing integrity, confidentiality, and privacy through independent third-party audits.
  • We comply with GDPR, the EU-U.S. Data Privacy Framework, the Swiss-U.S. Data Privacy Framework, and HIPAA.
  • We use industry-standard security protocols and best practices.

Please note: When you use our services as part of your company's account, your company (our customer) controls that data and we only process it according to their instructions. For questions about how your employer handles your data in Assembled, check your company's privacy policies.

Want to learn more about our security and compliance frameworks? Check out our security guide.

 

Does Assembled sell, train with, or share my information?

We do not sell your information. We also don't share, rent, or disclose customer data to third parties for marketing purposes.

We do not train other customers' AI models on your data, nor do we use your information to serve other customers. Each customer's data is completely isolated.

We do share information:

  • With service providers: We share the minimum necessary to deliver our services (hosting, analytics, customer support systems).
  • With your company: If your account was set up by your employer, they control access to that information.
  • For legal obligations: We may disclose information to comply with law enforcement requests, protect customer safety, or prevent fraud.
  • During business transactions: We may share information if we participate in a merger, acquisition, or bankruptcy proceeding.
  • With your consent: When you or your company administrator authorizes third-party integrations, we share your data with those third parties.

 

Can Assembled redact sensitive customer info?

Yes, we offer optional Personally Identifiable Information (or PII) redaction to protect sensitive data. We use Amazon Comprehend, AWS's security service, to automatically detect and remove PII before it reaches our servers or downstream AI vendors like OpenAI and Anthropic. Read about how it works.

If you'd like to turn this feature on, contact us for help.

Please note: PII redaction will reduce the performance of our AI agents. Because important context will be removed (like customer names or order IDs), our tools can only answer general questions and won't be able to personalize responses.

 

How do I request data deletion?

We keep your personal data only as long as necessary to provide services and comply with legal obligations. If you need to delete your data after your Assembled subscription ends, contact us at privacy@assembled.com

When you request data deletion, we will completely remove all your customer data from our systems and send you confirmation when this process is complete. Deletion requests will be processed within 1 month.

 

How do I get help with a privacy concern?

For specific questions or to exercise your privacy rights, please email us at privacy@assembled.com

Physical mail may be sent to:

Assembled Privacy Requests
2525 16th Street, Suite 310 
San Francisco, CA 94103
United States

For EU, UK, and Swiss residents: If we can't resolve your privacy complaint directly, you can file a complaint with BBB Data Privacy Framework Services at https://bbbprograms.org/programs/all-programs/dpf-consumers/ProcessForConsumers (at no charge).

For general support questions: Contact us at support@assembled.com for more help.

Related articles

Comments

0 comments

Please sign in to leave a comment.