At Astrah OS, privacy is a system principle, not a marketing claim.

Astrah OS is built to operate business systems, not personal lives. The platform is designed to minimize personal data exposure while enabling operational intelligence, accountability, and control. This Privacy Policy explains how information is collected, processed, stored, and protected when you interact with Astrah OS, our website, and our related services.

We collect only what is necessary to operate the system, secure customer environments, support users, and meet legal or contractual obligations. We do not sell personal data, trade it, or use it for unrelated commercial purposes.

This policy applies to all visitors, users, customers, partners, and authorized representatives who access Astrah OS through any interface, deployment model, or communication channel.

System Design Philosophy

Astrah OS is designed around restraint.

This means:

• Data is collected intentionally, not opportunistically
• Processing is purpose-bound, not exploratory
• Control remains with the customer, not the platform

Astrah OS is an operating system for revenue and operations. Privacy is enforced through system architecture, access controls, and process design — not slogans.

Information We Collect

We collect information in limited, clearly defined categories.

Information You Provide Directly

This includes information required to create and operate an Astrah OS workspace, such as:

• Name, work email address, and organization details
• User credentials and access configurations
• System setup inputs, preferences, and configuration data
• Information you choose to provide when contacting support or submitting feedback

Information Collected Automatically

To ensure security, reliability, and proper operation, Astrah OS collects certain technical data automatically, including:

• Device and browser information
• IP address and approximate geographic region
• Authentication, session, and access metadata
• Security and abuse-prevention signals

This data is used strictly for system operation, protection, and diagnostics.

System-Generated and Operational Data

During normal operation, Astrah OS generates internal metadata such as:

• Logs and audit trails
• Workflow execution signals
• System health and performance metrics

This data exists to support governance, reliability, compliance, and enterprise oversight.

Astrah OS does not intentionally collect sensitive personal data such as biometric identifiers, private financial information, or personal consumer data unless explicitly required by law, regulation, or a signed enterprise agreement.

Communication and Messaging Data

Astrah OS may process business communication data when customers connect supported communication channels (such as WhatsApp or email) to the platform.

Key principles:

• Astrah OS does not read, analyze, or act on communication data unless explicitly enabled by the customer
• During migration and onboarding, Astrah OS does not auto-send messages or initiate outbound communication
• Communication data is used to support customer-controlled workflows, visibility, and operational intelligence

Ownership and control of communication data remain with the customer.

AI and Automated Processing

Astrah OS uses AI-assisted features to support operational decision-making and system intelligence.

AI processing is subject to strict boundaries:

• AI operates on customer-authorized data only
• AI outputs are advisory unless explicitly configured otherwise
• Astrah OS does not train public or third-party models on customer data
• AI does not independently take external actions without user confirmation or system rules

AI usage is designed to enhance clarity and control, not remove human oversight.

How We Use Information

Information collected by Astrah OS is used solely for legitimate operational purposes, including:

• Operating and maintaining the platform
• Securing access and preventing misuse
• Monitoring system performance and reliability
• Supporting customers and responding to inquiries
• Communicating service-related updates
• Meeting legal, regulatory, or contractual obligations

We do not use collected data for targeted advertising, behavioral profiling, or resale.

Data Storage and Security

Astrah OS applies enterprise-grade security practices suitable for high-trust and regulated environments.

Protective measures include:

• Encryption of data in transit and at rest
• Role-based access controls
• Segmentation between customer environments
• Continuous monitoring and audit logging

Infrastructure is hosted in secure cloud environments within defined geographic regions. Access to data is restricted to authorized personnel with a legitimate operational need, and all access is logged and reviewed.

Security is treated as an ongoing system process, not a static feature.

Data Sharing and Disclosure

Astrah OS does not sell, rent, or trade personal or customer data.

Information may be shared only in limited circumstances, including:

• Operating core infrastructure and support services
• Complying with legal or regulatory obligations
• Honoring explicit customer authorization
• Protecting the security and integrity of Astrah OS and its users

All third-party service providers are vetted and contractually required to meet confidentiality and data protection standards consistent with this policy.

Data Retention

We retain information only for as long as reasonably necessary to:

• Provide and support Astrah OS
• Fulfill contractual and service obligations
• Comply with legal or regulatory requirements
• Resolve disputes or enforce platform agreements

Retention periods vary based on data type and customer configuration. When data is no longer required, it is securely deleted, anonymized, or archived in accordance with recognized industry practices.

Your Rights and Controls

Depending on jurisdiction and contractual relationship, users may have rights regarding their information, including:

• Access to personal data held by the system
• Correction of inaccurate or outdated information
• Deletion where legally and operationally permissible
• Restriction or objection to certain processing activities
• Data export or portability where applicable

Requests can be submitted through official Astrah OS support channels. We verify requests before processing and respond within legally defined timeframes.

Cookies and Tracking

Astrah OS uses a limited set of cookies and similar technologies strictly necessary for system operation, including:

• Authentication and session continuity
• Security and abuse prevention
• Basic performance measurement

We do not deploy third-party advertising cookies, cross-site tracking, or behavioral monitoring technologies.

Changes to This Policy

This Privacy Policy may be updated to reflect changes in system functionality, legal requirements, or operational practices.

Material changes will be communicated through the Astrah OS website or platform interface. Continued use of the services after changes take effect constitutes acceptance of the updated policy.

Contact

Questions or requests related to privacy or data protection may be submitted via email at:

legal@astrah.net

Trust is built through systems that respect boundaries. This policy is part of that commitment.