Privacy &
Data Policy
AstraSense is committed to responsible data stewardship. This policy governs how we collect, process, and protect information across our platform and public-facing services.
Overview
AstraSense (βAstraSenseβ, βweβ, βusβ, βourβ) operates the AstraSense platform and associated web properties. This Privacy Policy explains our practices regarding the collection, use, disclosure, and safeguarding of information when you interact with our services.
We act as a data controller for personal data collected through our website and platform. Where we process data on behalf of institutional clients, we act as a data processor under the terms of applicable data processing agreements.
Data We Collect
We collect information in the following categories:
| Category | Examples | Basis |
|---|---|---|
| Identity data | Name, job title, organisation | Legitimate interest / Contract |
| Contact data | Email address, phone number | Legitimate interest / Contract |
| Usage data | Pages visited, session duration, feature interactions | Legitimate interest |
| Technical data | IP address, browser type, device identifiers | Legitimate interest |
| Communications | Enquiry content, support messages | Contract / Consent |
| Credentials | Hashed passwords, authentication tokens | Contract |
We do not collect special category data (health, biometric, political opinions, etc.) unless explicitly required for a contracted service and with your express consent.
How We Use Data
Personal data is processed for the following purposes:
- Providing and maintaining access to the AstraSense platform
- Responding to enquiries, access requests, and support tickets
- Sending transactional communications (account alerts, security notices)
- Improving platform performance through aggregated analytics
- Complying with legal obligations and regulatory requirements
- Detecting and preventing fraud, abuse, or security incidents
- Conducting research and product development (anonymised data only)
We do not use personal data for automated decision-making that produces legal or similarly significant effects without human review.
Data Sharing
We do not sell, rent, or trade personal data. We may share data with the following categories of recipients under strict contractual and legal safeguards:
Service providers
Cloud infrastructure, email delivery, and analytics vendors operating under data processing agreements.
Institutional clients
Where you are a user provisioned by an organisation, that organisation may access usage data under their agreement with us.
Legal authorities
Where required by applicable law, court order, or regulatory obligation.
Business transfers
In the event of a merger, acquisition, or asset sale, subject to equivalent privacy protections.
International transfers are conducted under Standard Contractual Clauses or equivalent approved mechanisms.
Data Retention
We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law.
| Data type | Retention period | Rationale |
|---|---|---|
| Account data | Duration of account + 3 years | Contractual obligation |
| Communication records | 3 years from last contact | Legitimate interest |
| Usage & analytics logs | 24 months (anonymised after 6 months) | Service improvement |
| Security & audit logs | 12 months | Security & compliance |
| Financial records | 7 years | Legal obligation |
Upon expiry of the applicable retention period, data is securely deleted or irreversibly anonymised.
Your Rights
Under applicable privacy legislation, you have the following rights regarding your personal data:
Access
Request a copy of the personal data we hold about you.
Rectification
Request correction of inaccurate or incomplete data.
Erasure
Request deletion of your data where no overriding legal basis applies.
Restriction
Request that we limit processing while a dispute is resolved.
Portability
Receive your data in a structured, machine-readable format.
Objection
Object to processing based on legitimate interests or direct marketing.
Withdraw consent
Withdraw consent at any time where processing is consent-based.
Lodge a complaint
Complain to your local data protection supervisory authority.
To exercise any of these rights, contact our Data Protection Officer at privacy@astrasense.space. We will respond within 30 days.
Security
AstraSense employs technical and organisational measures commensurate with the sensitivity of the data we process:
- TLS 1.3 encryption for all data in transit
- AES-256 encryption for data at rest
- Role-based access controls and least-privilege principles
- Multi-factor authentication for all internal systems
- Regular penetration testing and vulnerability assessments
- Incident response procedures with 72-hour breach notification capability
- Annual security training for all personnel with data access
No transmission over the internet is 100% secure. We encourage users to use strong, unique passwords and to report any suspected security incidents to security@astrasense.space.
Compliance
AstraSense operates in compliance with the following regulatory frameworks:
EU GDPR
European Union General Data Protection Regulation β applicable to EU data subjects.
PECR
Privacy and Electronic Communications Regulations β governs cookies and electronic marketing.
ISO 27001
Information security management standard β target certification for 2026.
NIS2
EU Network and Information Security Directive β applicable to critical infrastructure clients.
Data Protection Principles
We adhere to internationally recognised data protection principles including lawfulness, fairness, transparency, and data minimisation.
This policy is reviewed annually and updated to reflect changes in applicable law, regulatory guidance, or our processing activities. Material changes will be communicated via email or prominent notice on our website.
Contact DPO
For all privacy-related enquiries, data subject requests, or to report a concern, contact our Data Protection Officer:
If you are unsatisfied with our response, you have the right to lodge a complaint with your local data protection supervisory authority.