Published policies · v1.0

Policies your audit committee actually reads.

Eight directly accessible public policies. Each is a counsel-ready v1.0 draft anchored to operational practice. For policy questions or operational disclosure requests, contact AssetShopCo@gmail.com.

Public · directly accessible

F-09 · PRIVACY Public
Privacy Policy
How AssetShop collects, retains, and processes personal data. GDPR · CCPA · CPRA disclosures and customer data rights.
View policy
F-10 · USE Public
Acceptable Use Policy
Prohibited uses, customer obligations, suspension and termination triggers. Misuse reporting workflow.
View policy
F-11 · PRIVACY Public
Sub-Processor List
All third parties that process customer data. 30-day notice on changes. Customer right to object.
View list
F-12 · SECURITY Public
Vulnerability Disclosure Policy
Coordinated disclosure terms. 90-day window. Researcher acknowledgments. Safe harbor scope.
View policy
F-01 · AI Public
AI Safety Operating Policy
NIST AI RMF · EU AI Act · ISO/IEC 42001 · OECD AI Principles · EO 14110 alignment. Customer rights.
View policy
F-14 · PRIVACY Public
Cookie Policy
Cookies and similar technologies on AssetShop properties. Consent management. Opt-out instructions.
View policy
F-15 · LEGAL Public
Data Processing Agreement (Template)
Standard DPA template per GDPR Article 28. SCCs (2021/914) for international transfers. Counsel-ready draft.
View template
F-19 · ACCESSIBILITY Public
Accessibility Statement
WCAG 2.1 AA target. Keyboard operability, visible focus, screen-reader labelling, known limitations, and how to request accommodations. VPAT on the roadmap.
View statement
F-16 · LEGAL Public
DMCA Takedown Policy
DMCA Section 512 takedown procedure. Designated agent contact. Counter-notice process.
View policy
F-17 · CONTINUITY Public
Founder Continuity Plan
4-tier custody chain. 24-hour activation. Drilled annually. Contractually bound in MSA §14, §15, Exhibit J, DPA §11. Most vendors hide this; we publish it.
View plan
F-18 · PRIVACY Public
Feedback Data Processing Addendum
Per-tenant adaptation + cross-tenant anonymized aggregates. K-anonymity floor K≥5, differential privacy epsilon=1.0, GDPR Article 7 consent procedure. Categorical buckets only; no PII collected.
View addendum
F-19 · LEGAL · IP Public
Terms of Use & IP Notice
Copyright, trademark, proprietary-architecture inventory, defensive-publication declarations, MIT licensing of verify-cli, acceptable-use rules, and reservation of patent-filing rights. The full IP framework.
View notice
Theme