How we handle your data
This page is maintained by Asia2EU to answer common security and privacy questions about our website and client dashboard. It is editable project content and is not an independent certification.
Shared responsibility
Asia2EU is a Thailand-based agency helping Asian manufacturers enter the European market. Our website and client dashboard run on the Lovable Cloud platform. Platform-level capabilities (hosting, managed database, authentication infrastructure) are provided by Lovable; how we collect, use, and retain data inside the app is our responsibility as the app owner.
Access & authentication
Client dashboard access requires sign-in. We support email/password and Google sign-in. Each account only sees its own reports, invoices, leads, documents, and bookings — admin accounts have broader access to administer the service. Sessions are managed by the authentication system and can be ended by signing out.
What data we collect
Visitors: we collect what you submit through the contact form (name, email, message) and basic technical request data.
Clients: we collect the profile information you enter (company, contact name, phone, country), files you upload to your dashboard, leads we generate on your behalf, booking details, and billing data needed to issue invoices.
We do not sell personal data, and we do not use client dashboard data to train third-party AI models.
Subprocessors & integrations
We rely on a small set of vendors to operate the service: Lovable Cloud for application hosting, database, and authentication; Stripe for payment processing when invoices are paid online; and email and analytics tools used to communicate with prospects and clients. These vendors process data on our behalf under their own terms.
Cookies & analytics
We use the cookies and local storage required to keep you signed in and to remember your language preference. We may use privacy-respecting analytics to understand how the website is used. We do not use cross-site advertising trackers.
Retention & deletion
We keep client account data while the account is active and for a reasonable period afterward to comply with legal, accounting, and audit obligations. You can request deletion of your account and associated personal data by contacting us at the address below; some records (for example, issued invoices) may need to be retained where required by law.
Security practices
Data is transmitted over TLS. Access to client data in the dashboard is enforced per-account on the server, not only in the browser. Sensitive identifiers such as payment-provider IDs are not exposed to regular client accounts. We follow the principle of least privilege for admin and backend access.
No service can guarantee absolute security. We do not claim certification under standards such as SOC 2, ISO 27001, GDPR, HIPAA, or PCI; if you need contractual terms for a specific framework, please contact us.
Privacy requests & security contact
For privacy requests (access, correction, deletion) or to report a security concern or suspected vulnerability, email support@asia2eu.eu. Please include enough detail for us to reproduce and respond.
This page is app-owned editable content maintained by Asia2EU. It describes current practices and may be updated as the service evolves.
