Privacy Policy.

This website, ashmo.io, is operated by Ashraf Hassan ("Ashmo"), based in Dubai, United Arab Emirates. For any privacy matter, contact hello@ashmo.io. References to "we", "us", and "the platform" mean ashmo.io operated by Ashraf Hassan.

Analytics data (automatic) — pages visited, time on page, approximate location (country/city), device, browser, OS, referrer, scroll depth, outbound clicks, file downloads.

Contact form data — name, email, message, business context you choose to share.

Newsletter/email subscription data — email address and optional name.

Download form data — name and email submitted to access a guide, template, framework, or workbook.

Course or digital product purchase data — name, email, billing details (handled by the payment processor — we do not store full card data), order details.

Consulting inquiry data — name, email, company name (optional), phone (optional), business context.

Payment data — handled by third-party processors (e.g. Stripe, PayPal). We receive transaction confirmation, last 4 digits, and billing country only.

Analytics / cookie data — see Section 5.

CRM, email marketing, automation, retargeting data — engagement events (opens, clicks, page visits) associated with your email or anonymised cookie ID where you have consented.

• To respond to your enquiry, deliver a download, fulfil a purchase, or run a consulting conversation.
• To send notes, updates, and content you have subscribed to receive.
• To understand site usage, improve content, and prioritise what to publish next.
• To comply with legal, tax, accounting, and regulatory obligations.
• To protect the platform against fraud, abuse, scraping, or unauthorised access.

We do not sell personal data. We do not share it with third parties for their own marketing.

• Consent — newsletter subscription, marketing cookies, optional CRM tracking.
• Contractual necessity — replying to enquiries, delivering downloads, fulfilling purchases.
• Legitimate interest — site analytics, security, fraud prevention, service improvement.
• Legal obligation — tax records, statutory record-keeping, lawful requests by authorities.

This site uses essential cookies and analytics cookies. Marketing or retargeting cookies are only deployed where you have consented through the cookie banner. Full detail is in the Cookie Policy.

We use the following categories of trusted processors. Each operates under its own privacy policy and contractual safeguards:

• Hosting and CDN (Netlify, Cloudflare)
• Analytics (Google Analytics 4 via Google Tag Manager)
• Email and newsletter (transactional and broadcast email providers)
• CRM and marketing automation
• Payment processing (Stripe, PayPal, or equivalent)
• Form handling and inbox routing
• Customer support tooling

Some processors store or process data outside the UAE (commonly the EU, UK, or US). Where this happens, we rely on processors that publish recognised safeguards — Standard Contractual Clauses, adequacy decisions, or equivalent contractual commitments — so your data continues to receive appropriate protection.

• Analytics event data: retained up to 14 months.
• Contact and consulting enquiries: retained as long as needed to handle the conversation and any reasonable follow-up, then archived or deleted.
• Newsletter and CRM data: retained until you unsubscribe or request deletion.
• Purchase and tax records: retained for the period required by UAE law (typically 5 years).

As a UAE-based platform, we comply with Federal Decree-Law No. 45 of 2021 (UAE Personal Data Protection Law) and apply equivalent rights to all users worldwide:

• Right of access — request a copy of the personal data we hold about you.
• Right of correction — request that inaccurate data be corrected.
• Right of deletion — request deletion of your personal data, subject to legal retention.
• Right to restrict or object to processing.
• Right to withdraw consent at any time.
• Right to data portability where technically feasible.
• Right to lodge a complaint with the UAE Data Office or your local supervisory authority.

To exercise any right, email hello@ashmo.io. We respond within 30 days.

We apply reasonable technical and organisational measures: HTTPS across the site, restricted access to personal data, password hygiene, two-factor authentication where supported, vendor due diligence, and segregated environments for personal vs. public data. No system is 100% secure — see the Cybersecurity Policy for our incident-response approach.

If a personal data breach occurs that is likely to result in a risk to your rights, we will notify the relevant authority and affected users without undue delay, in line with UAE PDPL and international good practice. To report a suspected breach, email hello@ashmo.io with the subject line "Security concern".

This platform is intended for business owners, operators, and adult professionals. We do not knowingly collect personal data from individuals under 18. If you believe a minor has submitted personal data, contact us and we will delete it.

This site links to external platforms (LinkedIn, Instagram, YouTube, partner sites). We are not responsible for their privacy practices. Review their policies before sharing personal data.

We may update this policy. The "Last updated" date at the top of the page reflects the most recent revision. Material changes will be flagged on the homepage or by email where appropriate.

Privacy, data access, correction, deletion, or breach reports: hello@ashmo.io