Assilek
Iniciar sesión

Política de Privacidad

Effective as of May 3, 2026

Assilek is operated by Lemus Digital LLC ("we," "us," or "our"). This Privacy Policy explains how we collect, use, disclose, and safeguard your and your clients' personal information when you use the Assilek platform and related services (the "Service"). Please read it carefully.

1. Data Controller and Representatives

1.1 Data Controller

The data controller responsible for your personal data is:

Lemus Digital LLC 7901 4th St N STE 300 St. Petersburg, FL 33702 United States Email: legal@assilek.com

1.2 Data Protection Contact

We have designated a privacy contact responsible for overseeing compliance with this Privacy Policy and applicable data-protection laws. You may reach this contact at legal@assilek.com. (We are not currently required by GDPR Art. 37 to appoint a formal Data Protection Officer based on our size and processing activities; if that changes, we will publish DPO contact details here.)

1.3 EU/UK Representative

For users in the European Economic Area, the United Kingdom, or Switzerland, we are in the process of designating a representative under Article 27 of the General Data Protection Regulation. Until that designation is published in this section, EU/UK users may contact us directly at legal@assilek.com for any GDPR-related request, and we will respond within statutory timelines.

For privacy-related requests (access, deletion, portability, etc.), use legal@assilek.com or the contact details at the end of this policy.

2. Information We Collect

2.1 Information You Provide

  • Account and profile: Name, email address, password (stored in hashed form), preferred language, and organization name when you register or update your profile.
  • Billing: If you subscribe to a paid plan, we or our payment processor (e.g., Stripe) collect billing details such as name, address, and payment method information. We do not store full credit card numbers on our servers; payment data is processed by our payment provider in accordance with their privacy policy.
  • Content you upload: Photos, gallery names, client names, client email addresses (e.g., for sending gallery links or delivery notifications), session and package information, and any other data you or your team members enter into the Service. You are responsible for ensuring you have a lawful basis to process your clients' personal data and for complying with applicable data-protection laws in your relationship with your clients.
  • Communications: When you contact support or send us feedback, we collect the content of your messages and contact details.

2.2 Information Collected Automatically

  • Usage and logs: We collect information about how you use the Service, such as actions performed (e.g., creating galleries, uploading images), IP address, browser type, device type, and approximate location (e.g., country or region) for security, fraud prevention, and improving the Service.
  • Cookies and similar technologies: We use cookies and similar technologies as described in our Cookie Policy (e.g., session and authentication cookies, preference cookies). You can manage your preferences as set out in that policy.

2.3 Information from Third Parties

  • Payment provider: When you subscribe, we may receive limited information from our payment provider (e.g., subscription status, customer identifier) to sync your plan and billing with the Service.
  • Authentication: If you use a third-party login in the future (e.g., Google), we may receive basic profile information (e.g., email, name) from that provider in accordance with your consent there.

We do not buy or sell your personal information to third parties for marketing purposes, and we do not "share" your personal information for cross-context behavioral advertising as that term is defined under the California Privacy Rights Act (CPRA).

3. How We Use Your Information

We use the information we collect to:

  • Provide the Service: Create and manage your account, host your galleries, send delivery and notification emails, process payments, and allow team collaboration.
  • Support and communication: Respond to your requests, send service-related emails (e.g., password reset, verification, subscription and billing notices), and, if you have opted in, send marketing or product updates (you can opt out at any time).
  • Security and compliance: Protect the Service from abuse and fraud, enforce our terms, and comply with legal obligations.
  • Improvement and analytics: Analyze usage in an aggregated or pseudonymized way to improve the Service, fix errors, and understand how features are used. Where we use analytics that involve personal data, we do so in accordance with this policy and, where required by law, with your consent.

We do not use your photos, client data, or gallery contents to train artificial intelligence or machine learning models. See Section 5.2 of the Terms of Service for the corresponding contractual commitment.

4. Legal Basis for Processing (EEA/UK Users)

If you are in the European Economic Area or the United Kingdom, we process your personal data on the following bases:

  • Performance of a contract: To provide the Service and manage your subscription.
  • Legitimate interests: To operate, secure, and improve the Service, prevent fraud, and communicate about the Service, where not overridden by your rights.
  • Legal obligation: To comply with applicable law (e.g., tax, retention).
  • Consent: Where we rely on consent (e.g., optional marketing, non-essential cookies), you may withdraw it at any time without affecting the lawfulness of processing based on consent before its withdrawal.

5. Sharing and Disclosure

We may share your information only in the following circumstances:

  • Service providers (processors): We use trusted third parties to operate the Service, such as cloud hosting (e.g., Google Cloud), payment processing (e.g., Stripe), and email delivery. These providers act on our instructions and are contractually required to protect your data and use it only for the purposes we specify. The list of subprocessors and how to request a data processing agreement is available here (or upon request at legal@assilek.com).
  • Legal and safety: We may disclose information if required by law, court order, or government request, or when we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others, or to detect or prevent fraud.
  • Business transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change and any choices you may have.

We do not sell or share your personal information for cross-context behavioral advertising.

6. International Transfers

Your information may be processed in the United States or other countries where we or our service providers operate. If you are in the EEA or UK, such transfers are carried out with appropriate safeguards (e.g., standard contractual clauses approved by the European Commission or equivalent) as required by applicable law. You may request more information about these safeguards by contacting legal@assilek.com.

7. Data Retention

  • Active accounts: We retain your data while your account is active and as needed to provide the Service and comply with our legal obligations.
  • After account closure: After you close your account, we retain your data for thirty (30) days to allow you to export it. After that period, we delete or anonymize your data, except where we must retain it for legal, tax, or dispute-resolution purposes (e.g., invoices for the period required by tax law, typically up to seven years in the United States).
  • Logs and security: We retain access and security logs for up to eighteen (18) months for security, audit, and compliance.
  • Backups: Data may persist in encrypted backups for up to ninety (90) days after deletion from the live system before being overwritten.

8. Your Rights and Choices

Depending on your location, you may have the following rights:

  • Access: Request a copy of the personal data we hold about you.
  • Rectification: Request correction of inaccurate or incomplete data.
  • Erasure: Request deletion of your personal data, subject to legal exceptions (e.g., retention for tax or legal claims).
  • Restriction: Request that we limit how we use your data in certain circumstances.
  • Portability: Request a copy of your data in a structured, machine-readable format where technically feasible.
  • Objection: Object to processing based on legitimate interests; we will consider your objection and stop processing unless we have compelling legitimate grounds.
  • Automated decision-making: Right not to be subject to a decision based solely on automated processing producing legal or similarly significant effects. The Service does not currently make such decisions.
  • Withdraw consent: Where we rely on consent, you may withdraw it at any time.
  • Complaint: You have the right to lodge a complaint with a supervisory authority (e.g., in the EEA, your local data-protection authority; in the UK, the ICO; in Spain, the AEPD).

To exercise any of these rights, contact us at legal@assilek.com. We will respond within the time required by applicable law (e.g., one month under GDPR, extendable by two months for complex requests). We may need to verify your identity before processing your request.

8.1 California Residents (CCPA / CPRA)

If you are a California resident, you have the right to:

  • Know the categories and specific pieces of personal information we collect, use, disclose, and (where applicable) sell or share.
  • Delete your personal information, subject to certain exceptions.
  • Correct inaccurate personal information.
  • Limit use of sensitive personal information to purposes specified by the CPRA.
  • Opt out of "sale" or "sharing" of personal information. As stated in Section 5, we do not sell or share personal information for cross-context behavioral advertising.
  • Non-discrimination for exercising any of these rights.

To submit a verifiable consumer request, email legal@assilek.com. You may use an authorized agent; we will request reasonable verification.

8.2 Global Privacy Control (GPC)

We honor the Global Privacy Control (GPC) signal as a valid opt-out request to the extent required by the CPRA and similar laws. When your browser sends a Sec-GPC: 1 header (or equivalent signal) in a request to the Service, we treat it as an opt-out of any future "sale" or "share" of personal information associated with that browser session, in addition to honoring the absence of such activity by default.

9. Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction, including encryption in transit (TLS), at-rest encryption for stored objects, hashed password storage, role-based access controls, audit logging, and secure development practices. No method of transmission or storage is 100% secure; we cannot guarantee absolute security but we work to maintain a high level of protection. In the event of a personal-data breach affecting your data, we will notify you and applicable supervisory authorities as required by law.

10. Children

The Service is not intended for individuals under 18, and registration requires affirmative confirmation of age. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us at legal@assilek.com and we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on the Service and by sending an email to the address associated with your account at least thirty (30) days before the changes take effect. The "Last updated" date at the bottom will reflect the effective date. We encourage you to review this policy periodically. Your continued use of the Service after the effective date constitutes acceptance of the updated policy, except where your consent is required by law.

12. Contact

For privacy-related questions, to exercise your rights, or to request a data processing agreement or list of subprocessors:

Lemus Digital LLC 7901 4th St N STE 300 St. Petersburg, FL 33702 United States Email: legal@assilek.com Website: https://assilek.com

Last updated: May 3, 2026