Privacy Policy

Last Updated: January 2026 | GDPR & CCPA Compliant

ASNSPY Privacy Policy

Effective Date: January 15, 2026 Version: 3.1.0 Legal Entity: Sole Proprietorship DBA ASNSPY Jurisdiction: Tucson, Arizona, United States

1. INTRODUCTION

ASNSPY ("we," "us," "our") operates as a sole proprietorship based in Tucson, Arizona. We are committed to protecting your privacy and being transparent about data collection and usage.

This Privacy Policy explains:

  • What data we collect
  • What data we DON'T collect
  • How we use data
  • Your rights and choices
Key Principle: ASNSPY is designed for LOCAL data processing. We minimize data collection and transmission.

2. WHAT WE COLLECT

2.1 Enterprise License Information

What: Name, email address, organization name, billing information When: Only when you purchase ASNSPY Enterprise license Purpose: License verification, support, billing Storage: Encrypted database Retention: Duration of license plus 7 years (tax/legal requirements)

2.2 Website Analytics

What: Page views, anonymized IP addresses, browser type, referrer When: When you visit www.asnspy.com Purpose: Improve website, understand user interest Tool: Cloudflare Analytics (privacy-preserving) Retention: 30 days

2.3 Support Communications

What: Information you voluntarily provide in support emails When: When you contact support@asnspy.com or legal@asnspy.com Purpose: Respond to your inquiries Retention: 2 years after ticket resolution

2.4 Beta Signup Information

What: Email address, name (optional), organization (optional), use case (optional) When: When you sign up for beta access via website forms Purpose: Send beta access invitations, product updates Storage: Supabase PostgreSQL (encrypted) Retention: Until you request deletion or unsubscribe

3. WHAT WE DON'T COLLECT

3.1 Scan Targets & Results

We DO NOT collect:
  • IP addresses you scan
  • Domain names you enumerate
  • ASN numbers you investigate
  • Vulnerability data you discover
  • Network topology information
  • Any reconnaissance results
Why: All scanning is performed LOCALLY on your systems. Data never leaves your environment.

3.2 Third-Party API Keys

We DO NOT collect:
  • Vulners API keys
  • NVD API keys
  • Database credentials
  • SIEM credentials
  • Webhook URLs
  • Any API keys you configure
Why: You configure these directly in ASNSPY. We never see or store your credentials.

3.3 System Information

We DO NOT collect:
  • Your operating system details
  • Installed software
  • System configurations
  • Running processes
  • Network configurations
Why: ASNSPY is a command-line tool with no telemetry.

4. HOW WE USE DATA

4.1 License Management

  • Verify your ASNSPY Enterprise license
  • Send license renewal reminders
  • Provide technical support

4.2 Product Improvements

  • Understand which features are most valuable (if you opt in to anonymized usage analytics)
  • Identify bugs and issues
  • Plan new features

4.3 Legal Compliance

  • Respond to valid legal requests
  • Prevent abuse and fraud
  • Enforce our Terms of Service

4.4 Marketing Communications (Optional)

  • Send product updates (if you opt in)
  • Share security research and blog posts
  • Announce new features
You can opt out any time by clicking "unsubscribe" in emails.

5. DATA SHARING & DISCLOSURE

5.1 We DO NOT Sell Your Data

We have never sold user data and never will.

5.2 Third-Party Service Providers

We may share limited data with:

  • Payment Processors (Stripe): For Enterprise license billing
  • Email Service (SendGrid or similar): For support and product emails
  • Cloud Infrastructure (Cloudflare, Supabase): For website and database hosting

These providers are contractually required to protect your data and use it only for specified purposes.

5.3 Legal Requirements

We may disclose data if required by:

  • Valid subpoenas or court orders
  • National security requests
  • Law enforcement (with proper legal authority)

We will notify you of legal requests unless prohibited by law or court order.

6. DATA SECURITY

6.1 Security Measures

  • Encryption: Data encrypted in transit (TLS 1.3) and at rest (AES-256)
  • Access Controls: Role-based access, multi-factor authentication
  • Security Audits: Regular security reviews and updates
  • Minimal Data: We only collect what's necessary

6.2 Local Data Processing

ASNSPY processes all reconnaissance data LOCALLY on your systems:

  • No scan results transmitted to our servers
  • No target information sent to us
  • All vulnerability data stays on your systems

6.3 Your Responsibility

You are responsible for:

  • Securing your API keys and credentials
  • Protecting your scan results
  • Encrypting sensitive data
  • Following your organization's data protection policies

7. YOUR RIGHTS

7.1 Access Your Data

Request a copy of all personal data we hold about you.

How: Email privacy@asnspy.com with subject "Data Access Request"

7.2 Correct Your Data

Request correction of inaccurate or incomplete data.

How: Email privacy@asnspy.com with subject "Data Correction Request"

7.3 Delete Your Data

Request deletion of your personal data (subject to legal retention requirements).

How: Email privacy@asnspy.com with subject "Data Deletion Request"

7.4 Export Your Data

Request a machine-readable copy of your data.

How: Email privacy@asnspy.com with subject "Data Export Request"

7.5 Opt Out of Marketing

Unsubscribe from marketing emails any time.

How: Click "unsubscribe" in any marketing email, or email privacy@asnspy.com

8. DATA RETENTION

Data TypeRetention PeriodReason
License InformationDuration of license + 7 yearsTax and legal requirements
Support Emails2 years after resolutionHistorical support reference
Website Analytics30 daysCloudflare standard retention
Beta Signup DataUntil unsubscribe/deletion requestOngoing beta communications
Billing Records7 yearsTax and legal requirements

9. INTERNATIONAL DATA TRANSFERS

Our Location: United States (Arizona) Data Storage: Primarily United States servers EU/UK Users: By using ASNSPY, you consent to data transfer to the United States. We implement appropriate safeguards for international transfers. Privacy Shield: We comply with applicable data protection regulations including GDPR and CCPA where applicable.

10. CHILDREN'S PRIVACY

ASNSPY is not intended for users under 13 years old (or applicable age in your jurisdiction).

We do not knowingly collect data from children.

If you believe we have inadvertently collected data from a child, contact us immediately at privacy@asnspy.com.

11. COOKIES & TRACKING

11.1 Website Cookies

We use minimal cookies on www.asnspy.com:

CookiePurposeDurationRequired
Cloudflare AnalyticsAnonymized analytics30 daysYes
Session CookieBeta signup formSessionYes

We DO NOT use:

  • Advertising cookies
  • Social media tracking pixels
  • Third-party analytics (Google Analytics, etc.)

11.2 Command-Line Tool

ASNSPY command-line tool does NOT use cookies or tracking.

12. THIRD-PARTY PRIVACY POLICIES

When you use third-party integrations (Vulners, IPinfo.io, databases, SIEM), you are subject to their privacy policies:

  • Vulners: https://vulners.com/privacy
  • IPinfo.io: https://ipinfo.io/privacy
  • MaxMind: https://www.maxmind.com/en/privacy-policy
  • NIST NVD: https://www.nist.gov/privacy-policy
We recommend reviewing these policies if you use these services.

13. CALIFORNIA PRIVACY RIGHTS (CCPA)

If you are a California resident, you have additional rights under CCPA:

13.1 Right to Know

Request disclosure of personal data collected, used, or disclosed.

13.2 Right to Delete

Request deletion of personal data (subject to exceptions).

13.3 Right to Opt-Out

Opt out of sale of personal data (we don't sell data).

13.4 Non-Discrimination

We won't discriminate against you for exercising your rights.

How to Exercise Rights: Email privacy@asnspy.com with "CCPA Request" in subject line.

14. EUROPEAN PRIVACY RIGHTS (GDPR)

If you are in the EU/EEA/UK, you have rights under GDPR:

14.1 Legal Basis for Processing

  • Contract Performance: License management, support
  • Legitimate Interests: Product improvements, security
  • Consent: Marketing communications (opt-in)

14.2 Your Rights

  • Right to access
  • Right to rectification
  • Right to erasure
  • Right to restrict processing
  • Right to data portability
  • Right to object
  • Rights related to automated decision-making (we don't use automated decisions)
How to Exercise Rights: Email privacy@asnspy.com with "GDPR Request" in subject line.

14.3 Data Protection Officer

Contact: privacy@asnspy.com

14.4 Supervisory Authority

You have the right to lodge a complaint with your local data protection authority.

15. CHANGES TO THIS POLICY

We may update this Privacy Policy when:

  • We add new features
  • Legal requirements change
  • We improve our practices
Notification: We'll email Enterprise customers and post updates on www.asnspy.com/legal/privacy Material Changes: 30 days' notice for significant changes affecting paid customers Your Continued Use: Continuing to use ASNSPY after changes constitutes acceptance

16. CONTACT US

Privacy Questions

Email: privacy@asnspy.com Subject Line: "Privacy Inquiry" Response Time: Within 5 business days

Data Requests

Email: privacy@asnspy.com Subject Lines:
  • "Data Access Request"
  • "Data Deletion Request"
  • "Data Correction Request"
  • "CCPA Request"
  • "GDPR Request"
Response Time: Within 30 days (or as required by applicable law)

General Contact

Website: https://www.asnspy.com Support: contact@asnspy.com Legal: legal@asnspy.com

17. ACKNOWLEDGMENT

BY USING ASNSPY, YOU ACKNOWLEDGE THAT YOU HAVE READ AND UNDERSTOOD THIS PRIVACY POLICY.

Last Updated: January 15, 2026 Version: 3.1.0 © 2026 ASNSPY - Your Privacy Matters
Back to Legal Hub