Asono
Back to Home

Privacy Policy

How Asono collects, uses, shares, and protects personal data across our website and application.

Last updated: 25 June 2026

Asono (“Asono”, “we”, “us”, or “our”) provides a white‑label sales platform for real‑estate developments — a buyer‑facing project explorer together with a CRM and sales workspace for real‑estate teams. This Privacy Policy explains how we collect, use, disclose, and protect personal data when you visit asono.ai, use the application at app.asono.ai, submit an enquiry on a project published with Asono, connect a mailbox or calendar, or otherwise interact with our services (together, the “Services”).

1. Who we are

The controller responsible for the processing described in this policy is:

Miloslav Cvetkovic, trading as “Asono”

Pauline-Staegemann-Straße 2, 10249 Berlin, Germany

Email: legal@asono.ai

For data‑protection questions or to exercise your rights, contact us at legal@asono.ai.

2. Our role: controller and processor

Asono acts in two distinct roles depending on the data:

  • As controller — for personal data of website visitors, people who register an Asono account, users who connect a mailbox, and people who submit enquiry forms, we determine the purposes and means of processing and act as controller.

  • As processor — our business customers (real‑estate developers, agencies, and sales teams) use Asono to manage their own contacts, leads, deals, enquiries, emails, and documents. For that customer content we act as a processor on the customer’s instructions; the customer is the controller. This processing is governed by our Data Processing Agreement (DPA). If your personal data sits inside a customer’s workspace, please address your requests to that customer; we will assist them as required by law.

3. Personal data we collect

Account and profile data. Name, email address, profile image, organisation name, role, and authentication identifiers. Sign‑in and credentials are handled by our authentication provider (Clerk); we do not store your password.

Customer (CRM) content. Contacts, leads, deals, tasks, notes, enquiries, and uploaded documents that customers add to their workspace. This content may include personal data of third parties and is processed on the customer’s behalf (see Section 2).

Enquiry data. When you submit an enquiry on a project published with Asono, we collect the information you provide (such as name, email, phone number, and message) together with your consent and, where relevant, the project and unit you enquired about.

Connected mailbox and calendar data. If you connect an email account (Google or Microsoft) we process your messages and related metadata to provide the connected‑inbox features (see Section 4).

Media and documents. Images, floor plans, brochures, and PDFs uploaded to projects, stored on our cloud infrastructure (AWS, Frankfurt / eu‑central‑1).

Usage, device, and log data. IP address, browser and device information, pages viewed, and actions taken, collected through cookies and similar technologies and through our analytics and error‑monitoring providers.

Billing data. Where you subscribe to a paid plan, billing and payment details are processed by our payment provider (Stripe). We do not store full card numbers.

4. Connected mailboxes (Google and Microsoft)

Connecting a mailbox is optional and initiated by you from within the app. We use Aurinko, a third‑party email connectivity provider, to establish the OAuth connection and synchronise messages. When you connect a Google or Microsoft account, you grant Asono access to read and modify messages and to send messages on your behalf, so that we can show your conversations alongside the relevant contact or deal and let you reply from within Asono.

We process this data only to provide and operate the connected‑inbox features you have enabled. Access tokens are stored encrypted (AES‑256‑GCM). You can disconnect a mailbox at any time in the app, which revokes our access and stops further synchronisation.

Google API Services — Limited Use disclosure

Asono’s use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

  • We use Google user data only to provide and improve the connected‑inbox features you have requested.

  • We do not sell Google user data, and we do not use it for advertising.

  • We do not transfer Google user data to others except as necessary to provide or improve these features, to comply with applicable law, or as part of a merger or acquisition.

  • We do not allow humans to read your Google user data unless we have your consent for specific messages, it is necessary for security or to comply with applicable law, or the data is aggregated and anonymised for internal operations.

  • We do not use Google user data to train generalised artificial‑intelligence or machine‑learning models.

We process personal data on the following bases under the GDPR (Art. 6(1)):

  • Performance of a contract — to create and operate your account, deliver the Services, sync connected mailboxes, and provide support.

  • Consent — for optional cookies / analytics, enquiry submissions, and connecting a mailbox or calendar. You may withdraw consent at any time.

  • Legitimate interests — to secure, maintain, and improve the Services, prevent abuse, and communicate about the product, balanced against your rights.

  • Legal obligation — to meet accounting, tax, and other statutory requirements.

6. Cookies and analytics

We use strictly necessary cookies to run the Services and, subject to your choices, analytics and product‑measurement cookies to understand usage and improve the product. You can manage non‑essential cookies through your browser and any consent controls we provide.

7. Sharing and subprocessors

We do not sell personal data. We share it only with service providers (“subprocessors”) who process it on our behalf under appropriate agreements, including:

  • Clerk — authentication and account management

  • Aurinko — email / calendar connectivity for connected mailboxes

  • Google / Microsoft — where you connect those accounts

  • Stripe — subscription billing and payments

  • Amazon Web Services (AWS) — hosting, file storage, and email delivery (Frankfurt, eu‑central‑1)

  • Vercel — application hosting

  • Upstash — caching and rate limiting

  • Resend — transactional email

  • Knock — notifications

  • PostHog — product analytics

  • Sentry / BetterStack — error monitoring and uptime

We may also disclose personal data where required by law, to protect our rights or the safety of others, or in connection with a business transfer.

8. International transfers

We aim to keep data within the EU / EEA. Where a subprocessor processes data outside the EEA, we rely on an adequacy decision or appropriate safeguards such as the EU Standard Contractual Clauses.

9. Data retention

We keep personal data only as long as needed for the purposes above: account data for the life of your account and a reasonable period afterwards; customer content until deleted by the customer or on termination per the DPA; connected‑mailbox data until you disconnect; and billing records for as long as required by law. We then delete or anonymise it.

10. Security

We use technical and organisational measures appropriate to the risk, including encryption in transit (TLS) and at rest, encryption of mailbox access tokens (AES‑256‑GCM), access controls, and tenant isolation. No system is perfectly secure, but we work continuously to protect your data.

11. Your rights

Subject to the GDPR, you have the right to access, rectify, erase, restrict, or object to processing of your personal data, to data portability, and to withdraw consent at any time. To exercise these rights, contact legal@asono.ai. You also have the right to lodge a complaint with a supervisory authority; in Germany this is the data‑protection authority of your federal state (Land).

If your data is held within a customer’s workspace, we act as processor and will forward your request to the relevant customer (controller).

12. Children

The Services are intended for business users and are not directed to children under 16. We do not knowingly collect personal data from children.

13. Changes to this policy

We may update this Privacy Policy from time to time. We will post the updated version here and adjust the “Last updated” date; material changes will be communicated where appropriate.

14. Contact

Questions about this policy or our data practices? Email legal@asono.ai or write to the address in Section 1.