Privacy Policy

How ASH Technologies handles your data across our products and services.

Last updated: April 19, 2026

1. Introduction

ASH Technologies, LLC ("ASH Technologies," "we," "us," or "our") is a North Carolina-based company that builds desktop and web software for small businesses.

This Privacy Policy describes the information we collect, how we use it, and the rights you have regarding your information. It applies to our website at ashtech.io and to all products we offer, including Ember. Product-specific practices — including exactly what each product transmits — are detailed in Section 10: Product-Specific Practices.

By using our website or products, you agree to the practices described in this policy. If you do not agree, please do not use our website or products.

2. Information We Collect

The information we collect falls into a few categories. Exactly what is collected depends on which of our products or services you use.

Contact and Account Information

  • Email address (required for purchases, trials, and product delivery)
  • Name (optional, used to personalize emails and license records)

Purchase Information

  • Purchase details received from our payment processor, Zaprite: customer name, email, and transaction metadata (amount, product, timestamp)
  • We do not store full payment card numbers or bank account details; payment information is handled by Zaprite

License and Product Usage Information

  • License key and associated customer record
  • Machine identifier — a one-way SHA-256 hash of platform-specific hardware identifiers. This hash cannot be reversed to reveal the original identifier.
  • Machine name (the computer's hostname, e.g., "James-Desktop")
  • Activation, verification, and deactivation timestamps

Communications

  • Messages you send us through the contact form at ashtech.io/contact
  • Records of transactional emails we send you (license keys, receipts, service notices)

Website Technical Information

  • Basic server request logs (IP address, timestamp, requested URL, user agent) collected by our hosting provider. These are used for security and performance and are retained for a short period.

3. How We Use Information

We use your information to:

  • Deliver our products and services — issuing license keys, verifying activations, and making sure you can use what you paid for
  • Process purchases — via our payment processor, Zaprite
  • Send transactional emails — license keys, purchase receipts, trial notifications, and critical service notices
  • Respond to your questions — when you contact us through our contact form
  • Comply with legal obligations — tax records, fraud prevention, and responding to lawful requests
  • Maintain security — detecting abuse, investigating suspicious activity, and protecting our systems

We do not sell your personal information. We do not use your information for targeted advertising. We do not build profiles of users for third-party marketing.

4. How We Share Information

We share information only with the service providers we need to operate our products, and only with the minimum information necessary. Each provider is bound by its own privacy obligations.

Subprocessors

  • Zaprite — payment processing. Zaprite receives your name, email, and the purchase you're making.
  • A third-party transactional email provider — delivers license keys, payment links, receipts, and service notices to your inbox. The provider receives your email address and the contents of the message being delivered.
  • GitHub — hosts our public binary releases. Downloads are anonymous from our perspective; GitHub's own privacy policy applies to the download itself.
  • Vercel — hosts ashtech.io. Vercel processes server logs on our behalf.

Legal Requirements

We may disclose information if required to do so by law, valid legal process (such as a subpoena or court order), or to protect the rights, property, or safety of ASH Technologies, our users, or others.

Business Transfers

If ASH Technologies is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify affected users before their information becomes subject to a different privacy policy.

5. Data Retention

We retain information only as long as necessary for the purposes described in this policy and to comply with our legal obligations.

  • License records — for the life of the license, plus up to seven (7) years afterward for tax and legal recordkeeping
  • Email delivery logs — 90 days, for support and abuse investigation, then deleted
  • Deactivated machine activations — deleted immediately upon deactivation
  • Purchase records — retained as required by tax and accounting regulations (typically 7 years)
  • Website server logs — typically 30 days or less, depending on our hosting provider's defaults
  • Contact-form messages — retained as long as needed to resolve your inquiry, then archived or deleted

6. Your Rights

Depending on where you live, you may have specific rights regarding your personal information. The rights below are available to all users.

General Rights

  • Access — request a copy of the personal information we hold about you (license record, email log entries)
  • Correction — request that we correct inaccurate information
  • Deletion — request that we delete your personal information. Note: deleting your license record revokes the license, and the software will no longer activate.
  • Portability — request a machine-readable copy of the information you've provided to us
  • Opt-out of marketing — we currently do not send marketing emails. Transactional emails (license keys, receipts, service notices) are required to deliver our service and are not marketing.

To exercise any of these rights, please contact us. We will respond within 30 days. We may need to verify your identity before fulfilling a request.

European Economic Area, United Kingdom, and Switzerland (GDPR)

If you are located in the EEA, UK, or Switzerland, the General Data Protection Regulation (GDPR) and equivalent laws give you additional rights.

  • Lawful basis — we process your personal information on the basis of (a) performance of a contract (providing the products and services you've purchased), (b) legitimate interests (security, preventing fraud, running our business), and (c) legal obligations (tax recordkeeping).
  • International transfers — ASH Technologies is based in the United States. Your information is processed in the U.S. and may be processed by our subprocessors in other jurisdictions.
  • Right to object — you may object to processing based on legitimate interests
  • Right to lodge a complaint — you may lodge a complaint with your local data protection supervisory authority

California (CCPA / CPRA)

If you are a California resident, the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA) give you the following rights:

  • Right to know what personal information we collect and how we use it
  • Right to delete your personal information
  • Right to correct inaccurate personal information
  • Right to opt out of the "sale" or "sharing" of personal information. ASH Technologies does not sell or share your personal information as defined under the CCPA.
  • Right to non-discrimination — we will not deny you products or services, charge different prices, or provide a different quality of service because you exercised your privacy rights

7. Cookies and Analytics

ashtech.io does not currently set tracking cookies, use third-party advertising pixels, or run third-party analytics trackers. Our hosting provider (Vercel) may collect basic server-side request logs as described in Section 2.

If we add analytics or cookies in the future, we will update this policy and provide the relevant consent mechanisms where legally required.

8. Security

We take reasonable steps to protect your information, including:

  • Transport Layer Security (TLS / HTTPS) for all connections to our servers
  • Encryption of sensitive data at rest
  • Limited employee access on a need-to-know basis
  • Regular review of our security practices

No system can be guaranteed 100% secure. If we become aware of a security incident that affects your personal information, we will notify you and any required authorities in accordance with applicable law.

9. Children's Privacy

Our products and website are not directed to children under the age of 13, and we do not knowingly collect personal information from children under 13.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us and we will take steps to delete it.

10. Product-Specific Practices

The following sections describe the data practices specific to each of our products. New products will be added here as they launch.

Ember

Ember is a desktop application for service businesses. Most of your business data — customers, properties, estimates, jobs, invoices, photos, notes — is stored locally on your computer and is never transmitted to ASH Technologies. The specific data that does leave your computer is listed below.

License Activation and Verification

  • License key (e.g., EMBER-XXXX-XXXX-XXXX-XXXX)
  • Machine identifier — a one-way SHA-256 hash of platform-specific hardware identifiers (Linux /etc/machine-id, Windows MachineGuid). This hash cannot be reversed.
  • Machine name (the computer's hostname)
  • Customer email (provided at purchase)
  • Customer name (optional, provided at purchase)
  • Activation, verification, and backup timestamps

The license is verified roughly every seven (7) days while the app is running. A 14-day offline grace period allows the application to continue working without an internet connection.

Ember Pro — Email Delivery (Optional Subscription)

When a Pro user emails an estimate or invoice from within Ember, the following data is transmitted to our email infrastructure to deliver the message:

  • Recipient email address and recipient name
  • Email subject line and message body
  • The PDF attachment being sent
  • The user's return email address
  • A document type and identifier (for logging and deduplication)

A log entry (sender, recipient, subject, delivery status, timestamp) is retained for 90 days for support, deliverability troubleshooting, and abuse investigation, then deleted.

What Ember Does Not Transmit

  • Your customers' names, addresses, phone numbers, or email addresses
  • Property information
  • Financial details (estimate/invoice amounts, tax rates, payment history)
  • Photos attached to properties, estimates, or jobs — unless you include them in an emailed invoice (in which case the PDF, including those photos, is transmitted to the email recipient)
  • Notes, descriptions, and other free-form business content

Analytics and Telemetry

Ember does not include analytics, crash reporting, or usage telemetry. The only network calls are the license verification pings described above and the optional Pro features you explicitly enable.

Additional products will be listed here as they launch.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or in applicable law. When we make material changes, we will update the "Last updated" date at the top of this page and, for significant changes, notify affected users by email or through a notice on our website.

Your continued use of our website or products after an updated policy takes effect constitutes your acceptance of the updated terms.

12. Contact

If you have any questions about this Privacy Policy or how we handle your information, please get in touch.

ASH Technologies, LLC

[COMPANY ADDRESS]

Website: https://ashtech.io

For privacy questions and rights requests: ashtech.io/contact