Privacy Policy
Last updated: 2026-02-10
At Asynq, we believe good decisions require trust — and trust starts with privacy.
This Privacy Policy explains what data we collect, why we collect it, and how we protect it.
1. Who we are
Asynq is a product operated by Asynq Labs (“we”, “us”, “our”).
If you have any questions about privacy or data protection, you can contact us at:
2. What data we collect
2.1 Account and workspace data
When you create an account or workspace, we collect:
- Email address
- Name
- Workspace name and slug
- Decisions, options, comments, and notes you create
- Slack ID (if you connect your Slack account)
This data exists only so the product can function.
2.2 Authentication data
We use one-time verification codes sent via email for authentication.
- No passwords are stored.
- Authentication sessions are handled via a secure, essential session cookie.
2.3 Usage analytics (minimal & privacy-first)
We use PostHog to understand how Asynq is used and to improve the product.
Important details:
- Analytics are first-party and served from our own domain.
- We do not use cookies for analytics.
- Analytics data is stored in memory only and is not persisted across sessions.
- We do not use:
- Session replay
- Heatmaps
- Advertising or cross-site tracking
- We track product-level events only, such as:
- Decision created
- Decision finalized
- Revisit completed
These events may include internal identifiers (e.g. workspace or decision IDs) but never contain personal content (decision text, comments, emails, etc.).
2.4 Emails
We send transactional emails related to:
- Sign-in verification
- Invitations to decisions
- Revisit reminders
We do not send marketing emails.
Occasional emails about new features or important product changes may be sent to you.
3. What data we do not collect
We do not collect:
- Advertising identifiers
- Behavioral profiles across websites
- Data for marketing or resale
- Third-party tracking data
- Sensitive personal data (unless you choose to put it into a decision)
4. Cookies
We use one essential cookie only:
- A secure session cookie required for authentication
Because this cookie is strictly necessary for the service to function, no cookie consent banner is required.
5. How we use your data
We use your data only to:
- Provide and operate Asynq
- Enable collaboration within your workspace
- Improve product usability and reliability
- Send necessary transactional emails
We do not use your data for advertising or profiling.
6. Data storage and security
We store data in our application database and logically separate it by workspace using access controls.
In the current version, workspaces share a database, but data access is strictly enforced at the application and query level to ensure users can only access content from workspaces they belong to.
Security measures include:
- Encrypted connections in transit (HTTPS/TLS)
- Strict access controls for production systems
- Workspace-based authorization for all reads and writes
- Audit logging for key security-relevant events (e.g. authentication, invitations)
We may introduce stronger physical isolation (e.g. separate databases per workspace or tenant) in the future, but it is not required for the service to enforce workspace separation today.
7. Data retention
- Data remains stored as long as a workspace exists.
- Draft decisions and other non-finalized content can be deleted by workspace members according to their permissions.
- Finalized decisions cannot be deleted individually, as they serve as an immutable record of decisions made within a workspace.
Workspace deletion
- A workspace can be deleted by its owner at any time.
- When a workspace is deleted, it enters a 30-day recovery period.
- During this period, the workspace and its data are no longer accessible but can be restored if requested.
- After the 30-day recovery period expires, the workspace and all associated data are permanently deleted and cannot be recovered.
8. Sharing of data
We do not sell or share your data with third parties.
We only use trusted service providers for essential infrastructure, such as:
- Email delivery - Resend.com
- Analytics - PostHog.com
- Hosting and database infrastructure - Cloudflare.com
These providers act strictly as data processors.
9. Your rights (GDPR)
If you are located in the EU (or similar jurisdictions), you have the right to:
- Access your data
- Correct inaccurate data
- Delete your data
- Export your data
- Object to or restrict processing
You can exercise these rights by contacting privacy@asynq.org.
10. Public links and shared content
If you choose to share a decision via a public link:
- The content is read-only
- Anyone with the link can view it
- You can revoke access at any time
11. AI Assistant Integrations (MCP)
Asynq offers integration with AI assistants through the Model Context Protocol (MCP). When you use Asynq through an AI assistant like Claude:
What data is accessed
The AI assistant can access the same data you would see in the Asynq app:
- Your workspace information
- Decisions, variants, and comments you have access to
- Your user profile information
How data flows
- Commands you give to the AI assistant are processed by that assistant (e.g., Anthropic's Claude)
- The AI assistant calls Asynq's servers to read or write data on your behalf
- Asynq receives only the specific API requests, not your full conversation with the AI
Your control
- You must explicitly install and authorize the Asynq MCP extension
- The extension operates with your existing Asynq permissions
- You can disconnect the integration at any time
Data storage
- Asynq does not store your AI assistant conversations
- Standard Asynq data retention policies apply to any decisions, comments, or other content created via the AI assistant
12. Changes to this policy
If we make meaningful changes to this Privacy Policy, we will update the date at the top and notify users when appropriate.
13. Contact
If you have any questions or concerns about privacy, reach out anytime:
Asynq — decisions, calmly.