Data Protection Policy

We process personal data lawfully, fairly and transparently; for specified, explicit and legitimate purposes; ensuring it is adequate, relevant and limited to what is necessary; accurate and kept up to date; kept no longer than necessary; and processed securely.

For website visitors, newsletter subscribers and direct customers, AsronsWorld Ltd is the Data Controller. When we process data on behalf of business customers (e.g. running an AI workforce against their CRM), we act as a Data Processor under a written Data Processing Agreement (DPA).

• Encryption in transit (TLS 1.2+) and at rest where supported by the underlying platform.
• Least‑privilege access, MFA on administrative accounts, audit logging.
• Segregated environments for development, staging and production.
• Vendor due diligence and signed DPAs with sub‑processors.
• Regular backups, restoration testing and incident response planning.

Current sub‑processors include Lovable.dev, Replit.com and Cloudflare. We maintain a list of sub‑processors and notify business customers of material changes.

We support access, rectification, erasure, restriction, portability and objection requests. Requests are answered within one month (extendable by two months for complex cases).

Suspected breaches are triaged within 24 hours. Notifiable breaches are reported to the ICO within 72 hours and to affected individuals where required.

All team members complete data protection training. We keep records of processing activities (ROPA) and review this policy at least annually.

Data protection enquiries: dpo@asronax.com.