Last updated: May 2026
Ashes Hub is an independent, non-commercial passion project. We collect only what we need to run the service and improve it. We do not advertise, sell data, or use third-party trackers of any kind. This policy is written in plain English - no legal fog.
Chat interactions
Every question you send to the Ashes Bot, the AI-generated SQL query, and the answer returned are stored in our database. This is used exclusively to detect incorrect answers, improve accuracy, and build the typeahead suggestion list. Chat logs contain no personally identifiable information unless you voluntarily include personal details in your message.
Conversation history upcoming
We plan to add session-based conversation history so the bot remembers the context of your current visit. This history will be tied to a randomly generated session ID (not to your name, email, or device). You will be able to request deletion at any time.
Contact form submissions
If you use the Contact Us form, we store your name, email address, subject, and message to respond to your query and track reported data errors.
IP address
Your IP address is recorded by our servers and used for two purposes: standard server access logs (retained for up to 30 days) and in-process rate limiting to prevent a single user from overloading the AI API. IP data is not stored in our application database and is not linked to your chat questions.
Analytics events consent required
With your consent, we record first-party analytics events - page views, feature interactions (e.g. opening the bot, refreshing a stat), and page-exit signals. These events are sent to our own server via a lightweight signed beacon. No third-party analytics platform (Google Analytics, Mixpanel, etc.) is ever used. You can withdraw consent at any time using the banner at the bottom of any page.
Theme preference
Your light/dark mode choice is saved in your browser's localStorage.
It never leaves your device and is not transmitted to our servers.
The Support Us page lets you make a voluntary contribution (capped at ₹420 / ~$5) to help cover server and API costs. Payments are processed by Razorpay (a PCI-DSS Level 1 compliant payment processor). We do not store any card numbers, bank details, or UPI IDs on our servers - all payment data is handled entirely by Razorpay under their own privacy policy.
We receive only a transaction confirmation and the amount paid. No payment information is linked to your chat history or contact form data.
• Chat logs - reviewed by the site owner to fix wrong answers and
retrain query patterns. Never used for marketing.
• Contact form - used solely to reply to your message and fix
reported data errors.
• IP address - rate limiting and standard server security only.
• Analytics events - understanding which features are used so we
can prioritise improvements. Aggregated; not used to profile individuals.
• Payments - confirming receipt of voluntary contributions.
All data is stored in secured, access-controlled databases on private infrastructure. We apply industry-standard security practices including encrypted connections (HTTPS), parameterised queries (no SQL injection), and HMAC-signed analytics beacons.
We will NEVER:
• Share, sell, rent, or trade your data with any third party
• Use your data for advertising or marketing to you
• Embed third-party tracking scripts, advertising pixels, or social media widgets
• Spam your inbox - your email is used only to reply to your specific query
We do not set any browser cookies. The only browser storage we
use is localStorage for two keys:
• theme - your light/dark preference. Functional; no consent required.
• cookie_consent - your analytics consent choice ("accepted" or "declined").
Strictly necessary to honour your preference.
The first-party analytics beacon (page views and interactions) fires only if you have accepted analytics via the consent banner. You can change your choice at any time by clicking "Cookie settings" in the page footer, or by clearing your browser's localStorage for this site.
• Chat audit logs - retained indefinitely for service improvement.
You can request deletion by quoting your question text and approximate date.
• Contact form data - retained until your query is resolved or you
request deletion.
• Server access logs (including IP) - automatically deleted after
30 days.
• Rate-limiting data (in-process IP cache) - cleared whenever the
server restarts; maximum retention 1 hour per entry.
• Analytics events - retained for trend analysis; not linked to
individual identities.
We will email you only if you contacted us first and we are replying to your specific query. We do not send newsletters, promotional emails, or automated marketing of any kind. You will never receive unsolicited email from us.
Under GDPR, UK GDPR, and equivalent privacy laws, you have the right to:
• Access - request a copy of data we hold about you
• Correction - ask us to fix inaccurate data
• Deletion - ask us to delete your data ("right to be forgotten")
• Restrict processing - ask us to pause use of your data
• Withdraw consent - opt out of analytics at any time via the
banner at the bottom of any page
• Portability - receive your data in a machine-readable format
To exercise any right, email howzat@ashes.in with the subject line "Privacy Request". We will respond within 30 days.
The only third-party service we integrate with is:
• Razorpay (payment processing, upcoming) - data shared is limited
to what is required to process a payment. Governed by
Razorpay's privacy policy.
• Google Fonts (Material Symbols) - loaded from Google's CDN.
Google may log the request IP to serve the font file; this is governed by
Google's privacy policy.
No other third-party scripts, SDKs, pixels, or APIs are loaded on this site.
Privacy questions, data requests, or concerns: howzat@ashes.in - or use the Contact Us form.
This policy may be updated as new features are added. The "Last updated" date at the top reflects the most recent revision. Significant changes will be noted in the site's changelog.