Privacy Policy

Last updated: June 8, 2026

This Privacy Policy is for Asa Team, remote workplace management tool as well as the Asa bot on Microsoft Teams, Slack, Telegram and WhatsApp by CORPORATE WELLNESS TECHNOLOGIES PTE. LTD.

This page is used to inform visitors regarding our policies with the collection, use, and disclosure of Personal Information if anyone decided to use our Service. If you choose to use our Service, then you agree to the collection and use of information in relation to this policy. The Personal Information that we collect is used for providing and improving the Service. We will not use or share your information with anyone except as described in this Privacy Policy.

Information Collection and Use

For a better experience, while using our Service, we may require you to provide us with certain personally identifiable information, including but not limited to e-mail, first name, last name, gender, profile picture, company membership, team membership, project information, tasks, timesheets, leave records, mood check-ins, files you upload or share with Asa, and messages or commands you send to Asa through connected platforms. The information that we request will be retained by us and used as described in this privacy policy. The app does use third party services that may collect information used to identify you.

Link to privacy policy of third party service providers used by the app:

Project Intelligence and Connected Conversations

If a company administrator enables Project Intelligence for a project, Asa may process messages from connected Slack channels, Microsoft Teams conversations, Telegram groups, or WhatsApp groups that are linked to that project. This may include message text, sender names or identifiers, timestamps, mentions, reply or thread information, conversation names, and attachment metadata. Asa uses this information to create project summaries, blockers, decisions, risks, health indicators, and task suggestions.

If users upload or share documents in watched project conversations, Asa may process those files when needed for Project Intelligence. This may include file names, file types, file metadata, and content extracted from supported documents such as PDF files, Word documents, text files, spreadsheets, or similar work files. Asa uses this information to identify project-relevant requirements, decisions, deadlines, blockers, action items, and other project signals.

Raw conversation messages and extracted document content may be buffered temporarily so they can be converted into project signals. These raw buffers are usually kept for about one week and may remain slightly longer until scheduled cleanup runs. Extracted project signals, summaries, and approved or dismissed task suggestions may be retained as part of the company's project records until they are deleted, the related project data is removed, or a deletion request is processed.

Project Intelligence uses AI service providers, including OpenAI, to analyze relevant project conversation data and document content. We do not sell conversation content or uploaded documents. AI providers may process submitted data to provide the Service and may retain limited data for security, abuse monitoring, or legal reasons according to their own terms and privacy policies.

When a conversation source is linked to a watched project, Asa may post a short notice in Slack, Microsoft Teams, or Telegram to tell participants that the conversation is contributing to project summaries. WhatsApp project sources are used for group ingestion only and Asa does not post watcher announcements in WhatsApp groups.

Log Data

We want to inform you that whenever you use our Service, in a case of an error in the app we collect data and information (through third party products) on your phone called Log Data. This Log Data may include information such as your device Internet Protocol ("IP") address, device name, operating system version, the configuration of the app when utilizing our Service, the time and date of your use of the Service, and other statistics.

Cookies and Similar Technologies

Cookies and similar technologies are small files or storage entries placed on your device. Asa uses only strictly necessary cookies and local storage required to operate the Service — for example, to keep you securely signed in and to maintain your session. We do not use advertising or cross-site tracking cookies, and we do not run third-party web analytics on this website. Because we rely only on essential cookies, we do not display a separate cookie consent banner. You can still block or delete cookies through your browser settings, although some features, such as staying signed in, may stop working.

Service Providers

We may employ third-party companies and individuals due to the following reasons:

  • To facilitate our Service;
  • To provide the Service on our behalf;
  • To perform Service-related services; or
  • To assist us in analyzing how our Service is used.

We want to inform users of this Service that these third parties have access to your Personal Information. The reason is to perform the tasks assigned to them on our behalf. However, they are obligated not to disclose or use the information for any other purpose.

Security

We value your trust in providing us your Personal Information, thus we are striving to use commercially acceptable means of protecting it. But remember that no method of transmission over the internet, or method of electronic storage is 100% secure and reliable, and we cannot guarantee its absolute security.

Links to Other Sites

This Service may contain links to other sites. If you click on a third-party link, you will be directed to that site. Note that these external sites are not operated by us. Therefore, we strongly advise you to review the Privacy Policy of these websites. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.

Children's Privacy

These Services do not address anyone under the age of 13. We do not knowingly collect personally identifiable information from children under 13. In the case we discover that a child under 13 has provided us with personal information, we immediately delete this from our servers. If you are a parent or guardian and you are aware that your child has provided us with personal information, please contact us so that we will be able to take necessary action.

Our Role: Controller and Processor

For the information used to create and operate your individual account — such as your name, email address, and billing details — Corporate Wellness Technologies Pte. Ltd. ("Asa", "we", "us") acts as a data controller. For workplace content that a customer organisation manages through Asa — including the team conversations processed by Project Intelligence, and the projects, tasks, timesheets, leave records, and mood check-ins of that organisation's members — the customer organisation (your employer or the administrator who configured the workspace) is the controller, and Asa acts as a processor that handles such data on the organisation's documented instructions. If you are a member of an organisation that uses Asa, please also review your organisation's own privacy notice and direct requests about your workplace data to your administrator; we will support them in responding as their processor. Business customers can review the terms on which we process workplace data in our Data Processing Addendum.

Legal Bases for Processing (GDPR / UK GDPR)

Where the European Union or United Kingdom General Data Protection Regulation applies, we, or the customer organisation acting as controller, rely on the following legal bases:

  • Performance of a contract — to provide the Service that you or your organisation have requested.
  • Legitimate interests — to operate, secure, maintain, and improve the Service, prevent abuse, and communicate with you, balanced against your rights and freedoms.
  • Consent — for example, when an administrator enables Project Intelligence on a connected conversation, when you voluntarily submit optional wellness or mood check-ins, or for optional marketing communications. You may withdraw consent at any time.
  • Legal obligation — where we must process data to comply with applicable law.

Project Intelligence is enabled and configured by a customer organisation's administrator. That administrator is responsible for establishing a lawful basis for processing the conversations they connect and for informing participants. Mood and wellness check-ins are provided voluntarily; where such information is treated as health-related data, we rely on explicit consent.

Automated Processing

Project Intelligence and our AI assistant features use automated processing to generate summaries, blockers, decisions, risks, health indicators, and task suggestions. These outputs are advisory and are reviewed by people within your organisation; they are not used to make decisions that produce legal or similarly significant effects about you without human involvement. When you interact with our AI assistant or bot, we make clear that you are communicating with an automated system rather than a person, consistent with applicable AI transparency requirements such as the EU AI Act.

Your Data Protection Rights (EEA and UK)

If you are in the European Economic Area or the United Kingdom, you have the right to request access to, rectification of, erasure of, restriction of, or portability of your personal data, to object to certain processing, and to withdraw consent where processing is based on consent. You also have the right to lodge a complaint with your local data protection supervisory authority. To exercise these rights, contact us at support@asa.team or your workspace administrator. Where we act as a processor for workplace data, we will refer your request to the relevant controller and assist them in responding.

United States State Privacy Rights (California CCPA/CPRA and Other States)

If you are a California resident, you have the right to know what personal information we collect and how we use and disclose it, to access and delete it, to correct inaccurate information, to limit the use of sensitive personal information, and to not be discriminated against for exercising your rights. The categories of personal information we collect are described under "Information Collection and Use" above and include identifiers, professional or employment-related information, commercial information, internet or other electronic activity such as log data, and the content of the messages and files you choose to share with Asa.

We do not sell your personal information, and we do not share it for cross-context behavioural advertising, as those terms are defined under California law. We do not use sensitive personal information to infer characteristics about you. To submit a request, contact us at support@asa.team; you may use an authorised agent, and we will take steps to verify your request before responding.

Residents of other U.S. states with comprehensive privacy laws — including Virginia, Colorado, Connecticut, Texas, Oregon, and others — have comparable rights to access, correct, delete, and obtain a copy of their personal information, and to opt out of targeted advertising, the sale of personal information, and certain profiling. We extend these rights to residents of any U.S. state that grants them; to exercise them, contact us at support@asa.team.

Canadian Privacy Rights (PIPEDA)

If you are in Canada, we process your personal information on the basis of your consent — express or implied as appropriate to the sensitivity of the information — and in accordance with the Personal Information Protection and Electronic Documents Act. You may request access to your personal information, challenge its accuracy, and ask questions about our handling practices by contacting us at support@asa.team. You may also contact the Office of the Privacy Commissioner of Canada.

Singapore Personal Data (PDPA)

Asa is operated from Singapore. We handle personal data in accordance with the Personal Data Protection Act 2012, including obtaining consent where required, limiting use to the purposes described in this policy, protecting the data in our care, and providing rights of access and correction. You may reach our data protection point of contact at support@asa.team.

Health and Wellness Information; No PHI (HIPAA)

Asa is a workplace management tool. It is not a "covered entity" or "business associate" under the United States Health Insurance Portability and Accountability Act (HIPAA), the Service is not designed to create, receive, maintain, or transmit Protected Health Information (PHI), and we do not enter into Business Associate Agreements. Mood and wellness check-ins are voluntary, self-reported indicators of workplace well-being, and are not clinical or medical records. Please do not submit PHI or other regulated health information through Asa, including in any conversation connected to Project Intelligence.

International Data Transfers

Asa is operated from Singapore, and our service providers may process data in the United States and other countries. In particular, the Service is hosted on Google Cloud Platform and Firebase, and Project Intelligence and assistant features use OpenAI. Where personal data is transferred across borders, including out of the European Economic Area or the United Kingdom, we rely on appropriate safeguards such as the EU-U.S. Data Privacy Framework, together with its UK Extension and the Swiss-U.S. Data Privacy Framework, where our providers are certified; the European Commission's Standard Contractual Clauses with the United Kingdom International Data Transfer Addendum; or another lawful transfer mechanism.

Sub-processors

We rely on the following key sub-processors to provide the Service (the current list is maintained on our Sub-processors page):

  • Google Cloud Platform and Firebase — hosting, database, authentication, and error and analytics reporting.
  • OpenAI — AI processing for Project Intelligence and our assistant features.

Conversations and files reach Asa only from the platforms you choose to connect — Slack, Microsoft Teams, Telegram, and WhatsApp — each governed by its own privacy policy linked above. We aim to provide notice of material changes to the sub-processors we use.

Data Archival and Removal

We keep personal data only for as long as necessary to provide the Service and for the purposes described above, including account, workplace, project, bot, and Project Intelligence records. Raw conversation and document buffers used by Project Intelligence are retained only briefly — typically about seven days — before scheduled deletion, while extracted project signals, summaries, and approved or dismissed task suggestions are kept as part of your company's project records until the related project or data is deleted or a deletion request is processed.

Other account data is retained until you or your administrator request its deletion, after which we remove it from our active systems, subject to any retention required by law. You can request access to, correction of, or deletion of your data by contacting us at support@asa.teamor your workspace administrator.

Changes to This Privacy Policy

We may update our Privacy Policy from time to time. Thus, you are advised to review this page periodically for any changes. We will notify you of any changes by posting the new Privacy Policy on this page.

Contact Us

If you have any questions or suggestions about our Privacy Policy, do not hesitate to contact us at support@asa.team.