Introduction
This Privacy Policy applies to the Askly chat widget, voice agent, and automated customer-support web service, which are owned and operated by Askly OÜ.
By using our service, you agree to the principles described in this Privacy Policy. The purpose of this Privacy Policy is to help you understand how we collect, disclose, and protect the information we hold about you when you use our services.
Askly OÜ acts in two roles. With respect to our own marketing and website data, Askly OÜ is the data controller. With respect to our clients' end-user data (the personal data of prospective and existing customers), Askly OÜ acts as a data processor, processing data on the documented instructions of the client (the controller). To provide certain services, we use trusted sub-processors (see "Sub-processors and data location").
Askly is committed to processing our clients' personal data, client email-list data, and the data of our public website's users in accordance with the General Data Protection Regulation (GDPR) 2016/679 and all applicable Estonian and European laws and regulations on the protection of individuals with regard to the processing of personal data.
We operate in compliance with the GDPR
The GDPR is Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, repealing Directive 95/46/EC (the General Data Protection Regulation).
Data controller and contact
Askly OÜ is headquartered in Tallinn, Estonia.
Registration code: 14507205
Registered address: Tartu mnt 82, 10112, Estonia
If you have questions about this Privacy Policy, or if you would like to correct or delete the personal data we hold about you, please contact us using the details below.
For privacy-related matters, you can reach us at info(at)askly.me
What we do
We provide our clients (e-commerce and online-service providers) with multilingual customer-support solutions to help them grow. We improve our clients' customer service by making it more user-friendly and faster, and we remove language barriers in customer service using our software solutions: the chat widget and AI Assistant chatbot, and the voice agent (AI-powered phone support).
To provide, improve, and protect our services, we process:
(as controller) the Internet Protocol (IP) address, browser type, device name, email address, and location of anyone who visits our service or sends us messages ("visitor").
(as controller) the personal data of our clients (the name, domain, and email address provided), referred to as "you."
(as controller) usage information related to your service-usage patterns or the actions taken in your account (sharing, editing, viewing, and moving files or folders), which we use to improve our services and protect our clients.
(as processor, on your behalf) our services allow you to manage your multilingual files, documents, and other data ("your items") and to collaborate with others to achieve your goals.
(as processor, on your behalf) the personal data of prospective or existing customers.
Voice-agent data processing
The voice agent answers customer phone calls automatically using artificial intelligence. Through the voice agent, we collect and process the following data: call logs (call start, end, and duration), the caller's phone number, and the call transcription.
The audio file is not retained after transcription. At the client's request, recordings and transcriptions are routed directly to the client's own server, in which case Askly does not store them. Calls are processed within the European Economic Area (EEA) (see "Sub-processors and data location"); AI-response generation is carried out via the OpenAI service under Standard Contractual Clauses (SCCs) and a Data Processing Agreement (DPA).
Principles of personal-data processing
We respect every individual's right to the protection of their personal data, and we do our utmost to ensure the protection and confidentiality of the personal data submitted to and collected by us.
We apply internal policies and measures (physical, technical, and organizational) to protect personal data against unlawful or unauthorized destruction, loss, alteration, disclosure, acquisition, or access. These measures include HTTPS encryption across all data transmission, role-based access control (RBAC), two-factor authentication (2FA), and logging of all access.
When we process personal data on the basis of consent, the request for consent must be clearly distinguishable, intelligible, and clearly worded, and recorded in our logs and databases. We acknowledge that consent can be withdrawn at any time.
Under statutory requirements, we may be required to disclose personal data or to grant access to it to authorities or supervisory bodies.
We retain personal data only for as long as required by law or contract, or as necessary for our business operations. The retention period for personal data collected through the chat widget and voice agent at Askly OÜ is a minimum of 12 months, after which it is deleted automatically. Each client may, by agreement, choose a different suitable period after which we permanently delete the personal data.
Sub-processors and data location
To provide our services, we use trusted sub-processors who are subject to equivalent data-protection requirements and with whom we have entered into Data Processing Agreements (DPAs). Written conversations and attachments are processed within the European Economic Area (EEA) and do not leave it. Certain voice-agent processing (AI-response generation) takes place in the USA under Standard Contractual Clauses (SCCs).
Sub-processors:
Digital Ocean — server and data hosting (Frankfurt, Germany, EEA). ISO 27001, SOC 2 Type II, PCI-DSS.
Google Vertex AI / Gemini — AI-powered response generation (europe-west4, the Netherlands, EEA). Data does not leave the EEA; data is not used to train models.
Google Cloud Translation API — conversation translation when needed (EEA). ISO 27001, SOC 2, GDPR compliance.
Railway — voice-agent server and infrastructure (Europe, EEA). SOC 2 Type II, GDPR DPA.
Soniox — speech-to-text (Europe, EEA). SOC 2 Type II, ISO/IEC 27001, GDPR, HIPAA. Audio files are not used to train models.
OpenAI — response generation (USA, under SCCs/DPA). ISO/IEC 27001, SOC 2 Type II.
Stripe Technologies — payment processing. Askly does not store or process bank or card data on its own servers.
We notify clients of any change to our sub-processors at least 30 days in advance.
Children's online privacy
We do not market specifically to children under the age of 18.
Fair information practices
The Fair Information Practice Principles form the backbone of our privacy culture, and the concepts they contain have played a significant role in the development of data-protection laws worldwide. Understanding these principles and their implementation is essential to complying with the various privacy laws that protect personal data. To comply with Fair Information Practices, we take the following responsive measures in the event of a data breach:
We notify you without undue delay and no later than 72 hours after becoming aware of the breach, by email or on-site, in accordance with Articles 33–34 of the GDPR.
Personal data we collect
We collect and process only the following personal data, which is either publicly available or has been provided to us by you:
Your first and last name
Your email address
Your phone number
Your domain address, if you have a website or are associated with a company that owns a website
The sources of publicly available data we use:
Public websites
The Google search engine
Social media channels (Facebook, LinkedIn), Sales Navigator
Specialized tools (Hunter.io, Usebouncer.io, Rocketreach.co, Phantombuster)
We use tracking and analytics tools such as Google Analytics, and outreach tools such as GMass and Woodpecker to contact you.
We also collect data from you when you register on our site, place an order, subscribe to a newsletter, respond to a survey, fill out a form, use live chat, or enter information on our site.
We do not purchase databases containing personal data from third parties.
We reach out about new collaboration opportunities by phone or email so that prospective clients can get in touch with us. You may opt out at any time, and we will delete your personal data from all our databases within 3 days.
You can object to processing or withdraw your consent at any time simply by clicking the "Unsubscribe" button.
Who has access to your personal data
Your personal data is held behind secure networks and is accessible only to a limited number of individuals who have special access rights to such systems and who have signed a written agreement to keep the information confidential.
All sensitive/credit information you provide is encrypted and outsourced to Stripe Technologies. All payment transactions are processed through Stripe Technologies and are neither stored nor processed on our servers.
Legal bases for data processing
We process your data either on a contractual basis (processing is necessary to perform a contract or to take steps at your request prior to entering into a contract), or where you have given us your consent, or on the basis of Askly OÜ's legitimate interest — including the right to request your consent for further processing, as well as tracking website navigation for analytics and responding to messages sent via the contact form (GDPR Article 6(1)(b) and (f)).
To whom we disclose your data
We do not sell or share information that individually identifies our clients with companies, organizations, or individuals outside Askly OÜ, except where one of the following applies:
With your consent. We share information with companies, organizations, or individuals outside Askly OÜ where we have your consent to do so.
Analytics and business partners (limited, non-identifying information). We may share aggregated or pseudonymized information (including demographic information) with partners such as analytics providers and applications (social-media integration with our solution).
Sub-processors. We share data with the trusted sub-processors listed under "Sub-processors and data location," to the extent necessary to provide the service, always under a Data Processing Agreement (DPA) and, where required, Standard Contractual Clauses (SCCs).
If you use third-party applications or websites integrated with our service, they may collect information about your activity in accordance with their own terms and privacy policies.
We apply a range of security measures when a user places an order, enters, submits, or accesses their information, in order to keep your personal data secure.
Your personal data is not transferred outside Askly OÜ and the sub-processors listed in this Privacy Policy. Transfers outside the EEA occur solely for the voice agent's AI-response generation (OpenAI, USA) under Standard Contractual Clauses (SCCs) and a Data Processing Agreement (DPA).
Client data we collect
Client data we collect to improve the solutions we provide:
IP address
Date and time of the request
Time-zone difference from Greenwich Mean Time (GMT)
Content of the request
Access status / HTTP status code
Volume of data transferred in each instance
The website from which the request originates
Browser
Operating system
Browser software language and version
We use this information to help us design our website so that it better meets our clients' needs.
CAN-SPAM Act
The CAN-SPAM Act sets the rules for commercial email, establishes requirements for commercial messages, gives recipients the right to stop emails from being sent to them, and sets out strict penalties for violations.
We collect your email address in order to:
Send information, respond to inquiries and/or other questions
Process orders and send order-related information and updates
Send you additional information related to your product and/or service
Market to our mailing list or continue sending emails to our clients after the initial transaction
To comply with CAN-SPAM, we agree to the following:
Not to use false or misleading subject lines or email addresses
To identify the message as an advertisement in some reasonable way
To monitor third-party email-marketing services for compliance, if used
To honor opt-out/unsubscribe requests promptly
If you wish to unsubscribe from future emails at any time, please do the following:
Follow the instructions at the bottom of each email, and we will promptly remove you from ALL correspondence.
Other provisions
This website may contain links to other websites. Askly OÜ is not responsible for the content or security of other websites.
We continually develop our services and may amend the terms of this Privacy Policy at any time by updating them.