Astral
Sign inStart free

Privacy Policy

Last updated: 2026-05-15

This Privacy Policy describes how Astral ("we," "us," or "our") collects, uses, and shares information about you when you use our website, web application, and related services (collectively, the "Service"). By using the Service, you agree to the practices described here.

1. Information we collect

Account information. When you sign up, we collect your email address, name, and (if you join an organization) your organization affiliation. Authentication is handled by Clerk.

Content you upload. Files, text rows, project titles, column metadata, custom prompts, and any text you submit through the Service.

Derived data. Embeddings, cluster assignments, generated labels, and any analytical output produced by the Service from your content.

Usage data. Standard server logs (IP address, user agent, requested URLs, timestamps) and product telemetry (which features you use, latency, error rates). We use this to operate, secure, and improve the Service.

Billing data. If you upgrade to a paid plan, payment method and billing address are collected by our payment processor (Stripe, via Clerk Billing). We never see or store your full card number.

2. How we use your information

We do not sell your personal information. We do not train machine-learning models on the content you upload. We do not share your content with any third party other than the subprocessors listed below, who are contractually bound to process it only on our behalf.

3. Legal basis (for EEA / UK users)

We process personal data on the following legal bases under the GDPR: (a) performance of a contract, where processing is necessary to provide the Service you've requested; (b) legitimate interests, where we have a legitimate business interest that is not overridden by your rights; (c) consent, where you've given us specific consent; and (d) legal obligation.

4. Subprocessors

The Service relies on the following subprocessors to operate. Each is contractually obligated to maintain reasonable security and to process data only on our instructions.

5. Data retention

We retain content you upload for as long as your account is active. You can delete a project or your entire workspace at any time; deletions cascade to derived data (states, clusterings, embeddings). Backups are purged within 30 days of deletion. Server logs are retained for up to 90 days.

6. Your rights

Depending on where you live, you may have the right to: access, correct, delete, or export your personal data; object to or restrict processing; and lodge a complaint with a supervisory authority. You can exercise most of these rights directly in the Service. For anything you can't self-serve, contact us via the contact form.

7. International data transfers

The Service is hosted in the United States. If you access it from outside the US, your data will be transferred to and processed there. Where required, we rely on Standard Contractual Clauses for such transfers.

8. Security

We use industry-standard practices to protect your data: encryption in transit (TLS) and at rest, scoped access tokens, per-workspace isolation, and routine vulnerability monitoring. No system is perfectly secure — promptly report suspected incidents via the contact form.

9. Children

Astral is not intended for use by anyone under 16. We don't knowingly collect personal information from children.

10. Changes to this policy

We may update this policy from time to time. If we make material changes, we'll notify active users by email or in-product notice. The "Last updated" date above always reflects the current version.

11. Contact

Privacy questions, requests to exercise your rights, or anything else: use the contact form and select "Other."