Data Policy.

This Data Policy explains what data ashmo.io stores, what users are not permitted to submit, how submitted data is classified and handled, and what happens when sensitive material is received unintentionally. It complements the Privacy Policy.

• Contact details voluntarily submitted via forms.
• Course or product purchase records.
• Consulting enquiry context shared in conversation.
• Newsletter subscription state.
• Analytics events (no personal identifiers).
• Audit logs for security and fraud prevention.

Do not upload, paste, share, or transmit to ashmo.io any of the following unless you own them or have written legal permission to share them:

• Confidential employer information.
• Trade secrets of any company.
• Private customer or client databases.
• Financial reports, P&L statements, or unpublished commercial figures.
• Signed or draft contracts of third parties.
• Payroll, salary, or employee personal data.
• Supplier or vendor agreements.
• Recipes, formulations, or production specifications.
• Franchise manuals, operations manuals, or SOPs.
• Internal strategy decks, board materials, or M&A material.
• Any document marked "Confidential", "Internal", "Restricted", or equivalent.

You are solely responsible for the lawfulness, accuracy, and ownership of any material you submit. By submitting data you confirm you have the right to share it. Ashmo accepts no liability for confidentiality breaches caused by user submissions.

Submissions may be reviewed manually by Ashraf Hassan or a small operations team for the purpose of responding to the request, identifying potential misuse, and ensuring nothing prohibited has been shared.

All submitted data is classified into one of five tiers:

• Public — content the user has authorised for publication.
• Internal — operational data used to deliver the service.
• Confidential — limited-access data such as purchase records.
• Highly Confidential — sensitive personal or financial detail; access tightly restricted.
• Restricted — material that should not have been shared; quarantined and addressed under Section 8.

Submitted data is retained only as long as needed to complete the conversation or transaction, or as required by law. To request deletion, email hello@ashmo.io.

If material is submitted that appears confidential, proprietary, or sensitive — including content that may belong to a third party — we will:

1. Stop processing the material immediately.
2. Quarantine it from working systems.
3. Notify the sender and ask whether the material should be deleted, returned, or escalated.
4. Delete the material on request, or by default within 30 days unless legal preservation applies.

We collect the minimum data needed to do the job. We do not request information we do not need. We do not ask users for confidential employer or client information at any point.

Some submitted data may be processed by trusted third-party tools (email, CRM, payment processing). See the Privacy Policy for the full list and safeguards.

To report a data concern or request a review of submitted material: hello@ashmo.io