Privacy Policy

Last updated: May 4, 2026

Information We Collect

When you create an Alset account, we collect your email address and display name. When you use the platform, we collect:

  • Account information: email, display name, and profile preferences you provide.
  • Site content: the sites, projects, and code you build using Alset, stored in our database.
  • Usage data: page views, feature usage, and interactions with the platform for analytics and improvement.
  • Payment information: processed by Stripe. We do not store your credit card number, expiration date, or CVV. We receive only a confirmation of payment status.
  • Authentication events: login timestamps and session metadata for security purposes.

How We Use Your Information

  • To provide and operate the Alset platform and its features.
  • To process payments and manage your subscriptions and course purchases.
  • To send transactional emails (account verification, password resets, purchase confirmations).
  • To improve the platform based on usage patterns and feedback.
  • To detect and prevent fraud, abuse, and security incidents.

We do not sell your personal data to third parties. We do not use your data for advertising.

AI-Generated Content

Alset uses AI models (via OpenRouter) to generate site content, code, and recommendations. Your prompts and project context are sent to these AI providers to generate responses. We do not use your content to train AI models. AI providers may have their own data retention policies — we use providers that do not train on customer data.

Third-Party Services

Alset uses the following third-party services to operate:

  • Supabase: database and authentication.
  • Stripe: payment processing.
  • Vercel: hosting and deployment.
  • OpenRouter: AI model access.
  • Resend: transactional emails.
  • Cloudflare: CAPTCHA verification.
  • Serper: web search for content generation.

Each provider processes data according to their own privacy policies. We select providers with strong data protection practices.

Site Visitor Data

When visitors create accounts on sites you publish through Alset, their credentials are stored securely using PBKDF2 password hashing. No passwords are stored in plaintext. As a site owner, you are responsible for informing your visitors about data collection on your published site.

Cookies

We use cookies for authentication sessions and language preferences. Published sites use per-site cookies for visitor sessions. We do not use tracking cookies or third-party advertising cookies.

Data Retention

Your account data and site content are retained as long as your account is active. If you delete your account, we will delete your personal data within 30 days. Anonymized usage data may be retained for analytics purposes.

Your Rights

You have the right to:

  • Access the personal data we hold about you.
  • Request correction of inaccurate data.
  • Request deletion of your account and personal data.
  • Export your site content and project data.

To exercise any of these rights, contact support@alset.app.

Data Security

We use industry-standard security measures including encrypted connections (TLS), secure password hashing, and role-based access controls. Despite our efforts, no method of transmission over the Internet is 100% secure.

Changes to This Policy

We may update this Privacy Policy as the platform evolves. Material changes will be communicated via email or platform notification. Continued use of Alset after changes constitutes acceptance of the updated policy.

Contact

For privacy-related questions or requests, contact support@alset.app.