Privacy Statement
This Privacy Statement describes how Astra LLC ("Astra," "we," "us," or "our") collects, uses, stores, and shares information in connection with the Astra platform. We are committed to handling your data transparently and with respect for your privacy.
1. Information We Collect
1.1 Information You Provide Directly
When you create an account and use Astra, you provide:
- Account information: name and password
- Business information: your startup idea description, company name, intended entity type, business address, and co-founder details
- Payment information: processed and stored by Stripe, Inc. Astra does not store raw payment card data
- Contact lists: email lists and audience data you upload for use by the Marketing Agent
- Communications: messages sent to individual agents via the Agent Chat interface
1.2 Information Generated by Agent Activity
As the Agent Stack operates on your behalf, Astra generates and stores:
- Legal documents: founder agreements, NDAs, IP assignments, and other drafts produced by the Legal Agent
- Market research reports: TAM analyses, competitor landscapes, customer personas, and go/no-go summaries produced by the Research Agent
- Website content: landing page copy, value propositions, and product descriptions generated by the Web Agent
- Marketing content: cold email sequences, ad copy, and social media posts generated by the Marketing Agent
- Technical specifications and code: feature specifications and software code generated by the Technical Agent
- Operational records: task lists, approval queue history, weekly digests, and decision logs maintained by the Ops Agent
- Entity formation records: filing confirmations, EIN records, and related documents produced through Legal Agent interactions with state filing portals and IRS.gov
1.3 Company Memory
All agent outputs, decisions, and document history are stored in Astra's cloud-hosted vector database as your Company Memory. Company Memory accumulates over the lifetime of your account and is accessible to all agents to provide contextually aware responses. See Section 4 for details on how Company Memory is used.
1.4 Automatically Collected Information
When you use the Astra dashboard, we automatically collect:
- Usage data: features accessed, agents activated, approval queue interactions, and session duration
- Technical data: IP address, browser type, device type, and operating system
- Performance data: agent task completion rates, processing times, and error logs
2. How We Use Your Information
2.1 Platform Operation
We use your information to:
- Operate and maintain the Agent Stack on your behalf
- Execute agent tasks you authorize through the Approval Queue
- Process payments and manage your subscription
- Deliver your Company Memory to agents to provide contextually informed responses
- Send platform notifications, approval alerts, and the weekly Ops Digest
2.2 Platform Improvement
We may use aggregated, de-identified usage data to improve agent performance, develop new features, and train or fine-tune AI models. We will not use your identifiable business content — including your Company Memory, specific documents, or business strategy data — to train AI models without your explicit, separately-obtained consent. Any such opt-in program will be clearly labeled and voluntary.
2.3 Legal Compliance
We use information as necessary to comply with applicable laws, enforce our Terms of Service, prevent fraud, and respond to lawful requests from governmental authorities.
3. Contact List Data
When you provide contact lists for use by the Marketing Agent (for cold email campaigns or other outreach), Astra acts as a data processor on your behalf. You are the data controller for this information. Astra:
- Uses contact list data solely to execute the outreach tasks you authorize
- Does not sell, share, or use your contact list data for Astra's own marketing purposes
- Retains contact list data only for the duration of the campaigns you authorize, after which it may be stored in Company Memory for reference unless you request deletion
- Does not combine your contact list data with data from other Astra founders
You represent and warrant that you have obtained lawful permission to contact all individuals in any list provided to Astra, and that your use of the Marketing Agent complies with applicable anti-spam laws (CAN-SPAM, CASL, GDPR, and others).
4. Company Memory — Storage, Retention, and Deletion
4.1 Storage
Company Memory is stored in a cloud-hosted vector database. Data is encrypted at rest and in transit. Access is restricted to the authenticated agents operating within your account.
4.2 Retention During Active Accounts
Company Memory persists for the lifetime of your active account. There is currently no automatic expiration of stored memory data while your account remains in good standing.
4.3 Account Termination and Data Deletion
Upon account termination (whether initiated by you or by Astra), we will delete your Company Memory data within 60 days of the termination date. Deletion requests for specific data categories may be submitted via the contact form on our waitlist page. Certain data may be retained beyond 60 days where required by applicable law (e.g., financial records required for tax compliance).
4.4 Data Export
Astra does not currently offer a structured export of your full Company Memory. Individual documents and reports generated by agents can be downloaded directly from the Company Timeline in your dashboard. We plan to introduce comprehensive data portability features in a future platform version.
5. Information Sharing
Astra does not sell your personal information. We share your information only in the following circumstances:
5.1 Sub-Processors
We use the following categories of third-party sub-processors who may handle your data in order to provide the platform:
- Cloud infrastructure provider: Hosting, vector database, and AI services
- Stripe, Inc.: Payment processing and subscription management — United States
- Website deployment platforms: Landing page and product website deployment
- Email delivery provider: Dispatch of Marketing Agent email campaigns — United States
Each sub-processor is bound by a data processing agreement consistent with applicable privacy law. We will update this list as our sub-processor relationships change.
5.2 Legal Requirements
We may disclose your information if required to do so by law, court order, or in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
5.3 Business Transfers
If Astra is involved in a merger, acquisition, or sale of all or substantially all of its assets, your information may be transferred as part of that transaction. We will provide notice of any such transfer via dashboard notification.
6. Data Security
Astra implements industry-standard security measures to protect your data, including:
- Encryption of data at rest (AES-256) and in transit (TLS 1.2+)
- Access controls limiting agent access to Company Memory to authenticated sessions
- Regular security evaluations of cloud infrastructure
- No storage of raw payment card data (handled exclusively by Stripe)
No security system is impenetrable. In the event of a data breach affecting your personal information, we will notify you as required by applicable law.
7. Your Privacy Rights
Depending on your location, you may have certain rights with respect to your personal information:
- Access: Request a copy of the personal information we hold about you
- Correction: Request correction of inaccurate information
- Deletion: Request deletion of your personal information, subject to legal retention requirements
- Portability: Request your data in a machine-readable format (see Section 4.4 regarding Company Memory)
- Objection: Object to certain processing activities, including the use of your data for model training (see Section 2.2)
To exercise any of these rights, contact us via the contact form on our waitlist page. We will respond within 30 days. We may need to verify your identity before processing certain requests. If you are located in California, you may have additional rights under the California Consumer Privacy Act (CCPA). If you are located in the European Economic Area, you may have additional rights under the General Data Protection Regulation (GDPR).
8. Cookies and Tracking
The Astra dashboard uses essential cookies necessary for authentication, session management, and platform functionality. We do not use third-party advertising tracking cookies. We use analytics tools to understand aggregate usage patterns. You may disable non-essential cookies through your browser settings, though this may affect certain dashboard functionality.
9. Children's Privacy
Astra is intended for use by founders who are at least 18 years of age. We do not knowingly collect personal information from individuals under 18. If we become aware that we have collected information from someone under 18, we will delete that information promptly.
10. Changes to This Privacy Statement
We may update this Privacy Statement from time to time. When we make material changes, we will notify you via dashboard notification at least 14 days before the changes take effect. Your continued use of Astra after the effective date of any update constitutes your acceptance of the revised Privacy Statement.
11. Contact
For privacy-related questions, requests, or concerns, please use the contact form on our waitlist page.