Privacy Policy.

This Privacy Policy explains how Astry handles personal data in connection with our website and our communications with you. It is written to be read, not decoded. Astry is an early-stage product, and we update this policy as the product evolves.

1. Who we are

Astry is a company brain built by a Paris-based team in France. We are the controller of the personal data described here. For any privacy question, write to privacy@astry.agency.

2. What this policy covers

This policy covers the public Astry website and our business communications, such as demo requests and email. It does not govern data inside the Astry product.

The product runs inside your own cloud. Astry holds no customer content and no credentials to your environment. How the product processes data on your behalf is set out in our Data Processing Agreement.

3. Data we collect

• Contact details you send us — your name, work email, company and anything you include in a message or demo request.
• Site analytics — basic, aggregated use of the website, such as pages viewed and approximate region.
• Email correspondence — the messages you exchange with our team.

We do not buy personal data, and we do not run advertising trackers on the site.

4. Why we use it

• To respond to your questions and arrange demos.
• To run and secure the website.
• To understand what is useful and improve it.

5. Legal bases

Under the GDPR, we rely on:

• Consent — where you opt in, for example to receive a reply or updates.
• Legitimate interest — to run the site, keep it secure and improve it.
• Contract — to take the steps you ask for before or during an engagement.

6. Sharing

We share personal data only with the providers that help us run the website and communicate with you, such as hosting, email and analytics. They act on our instructions and may not use your data for their own purposes.

Inside the product, the only sub-processors are the ones you choose for your own workspace. We do not add hidden recipients, and we do not sell personal data.

7. International transfers

Our website infrastructure may process data outside your country. Where data leaves the EU, we use recognized safeguards such as Standard Contractual Clauses.

For the product, a workspace can pin all inference to EU-only providers, so model processing stays within the EU.

8. Retention

We keep personal data only as long as we need it for the purpose we collected it, then delete it. Business correspondence is kept while a relationship is active and for a reasonable period afterwards. Analytics are kept in aggregate.

9. Your rights

Under the GDPR, you can ask us to:

• access the personal data we hold about you;
• correct it if it is wrong;
• erase it, under the right to erasure in Article 17.

In the product, erasure is provenance-tracked. Deletion runs through departure-kit tooling that records what was removed, so a request can be answered with a record. To exercise any right, write to privacy@astry.agency. You also have the right to complain to your local data protection authority.

10. How we protect data

We encrypt data in transit with TLS over HTTPS, and the product encrypts content at rest with AES-256-GCM, an authenticated cipher whose tag detects tampering. Inside the product, every question runs in its own throwaway sandbox that holds only the files the asker is cleared to see, so the model can never reference anything outside that clearance. Read more on our security page.

11. Contact

Questions about this policy or your data go to privacy@astry.agency. We note the date of the latest version at the top of this page.