Privacy Policy

Last Updated: July 25, 2022

INTRODUCTION

We, at Astra, aim to adhere to the ethical standards pertaining to collection, usage and safeguarding of the information provided by You during the use of the Application and the Website and We do not sell any User information or data.

Astra IT Inc. is a Delaware corporation having its address at 2093 Philadelphia Pike #4080, Claymont, Delaware, 19703, USA and Czar Securities Private Limited is a private limited company incorporated under the Companies Act, 2013, having its office at SCO-830, second floor, above RBL Bank, NAC, Manimajra, U.T. Chandigarh, India 160101 ("Company"; "We"; “Our”; “Astra"). We operate and manage the website getastra.com (“Website”) and the mobile application  for mobiles, smart devices and any other compatible device (“Application”) (collectively referred to as the ‘Platform’) under this brand ‘Astra’ and ‘Astra Security Suite’. We respect Your privacy while You access the Website and Application and other associated applications, devices, products, online marketplace and services managed by us that reference to this Privacy Policy . 

For the purposes of this privacy policy the term “User(s)” and wherever the context so requires “You”, “Your”, “Yourself” shall mean any natural or legal person who accesses or uses the Platform and in the event that a natural person is representing a business entity, reference to such terms shall include a reference to such business entity as well. The term “Users” “You” or “Your” shall mean and include any other persons/entity who has not created a User Account and are accessing the Platform without such a User Account. 

We, at our Company, aim to adhere to the ethical standards pertaining to collection, usage and safeguarding of the information provided by You during the use of the Website.

We have adopted this privacy policy (“Privacy Policy”) to inform You of: (i) the information We collect from You through the Platform; (ii) the manner of collection and processing of such information; (iii) use of such information;  (iv) the steps We take to protect it; (v) what technology We use; and (vi) what data protection rights You have and how You can exercise it. Capitalized terms not defined herein shall have the meaning ascribed to them in the Terms and Conditions specified at https://www.getastra.com/legal/terms. By using the Platform, You unconditionally agree to the terms and conditions of this Privacy Policy and consent to collecting, usage, storage, processing, handling, transferring and sharing of the information submitted by You in accordance with the terms contained hereunder. Please read the Privacy Policy before using the Platform and if You do not agree with the terms and conditions of this Privacy Policy, please do not proceed further to use this Platform. Please note that the capitalized terms not defined under this Privacy Policy shall have the same meaning as assigned to such terms in the Terms of Service.

  1. USER INFORMATION

The Platform collects certain information and data when You register via the Application or the Website. There are two types of information being collected: (i) User Provided Information; (ii) Automatically Collected Information during the usage of the Service. 

(i) User Provided Information and Access

(a) We collect the User Information when You successfully submit information while creating Your account and/or while availing Our Services on Our Platform. While doing so, We may collect data that can be used to uniquely identify or contact a person and/or the business entity that a person represents and shall include, but not be limited to, information regarding Your name, name of the business entity that You represent, address and telephone number of the business entity, Your e-mail address, information associated to Your social networking platform and such other information for the purposes of identification and verification. We may also ask You to share the OTP sent via SMS or a password or to verify a link sent on Your e-mail address. While You are using Our Platform, We record Your responses and activity data, including but not limited to, textual and voice responses and session details. We do not directly process any payments and do not store Your debit/credit card information. Secured socket layer technology is used for processing payment transactions with third party service provider partners. When You submit User Information on the Platform, it shall be deemed that You have granted Us the right to collect, store, process, handle and use such User Information, in accordance with this Privacy Policy (as amended from time to time).

(b) While availing certain Services, We may ask permission to access the microphone and the camera for providing better services and products. We may ask for permission to access Your data storage. However, the data storage access shall be limited to the access to store the data downloaded or saved during the usage of the Platform or the products directly in the User’s device for ensuring easy storage and access to the User. We shall not utilize this permission to access any other data on the User’s device, except as expressly mentioned in this Privacy Policy.

(c) While availing the Services, You may be required to share certain files or attachments with Us in order to enable us to provide You seamless and best possible Service. We shall not utilize the files in any other manner, except as expressly mentioned in this Privacy Policy.

(d) The said information collected from the Users could be categorized as (i) “Personal Information”, “Sensitive Personal Information” (as defined under the IT Rules) or other information; or (ii) “Personal Data” as defined under the General Data Protection Regulation (“GDPR”) and would be governed in accordance with the GDPR, Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011 (the “IT Rules”) and other relevant applicable laws of the jurisdiction. Any such information collected from the Users shall collectively be referred to as “User Information” in this Policy.

(e) We may use the User Information to contact You from time to time, to provide You with the services We offer through the Platform, important information and circulate marketing and promotional material in relation thereto. We may ask You for more information for identification purposes, if required (personal information). The User shall be permitted to access the Platform via any device provided that the log in/access credentials match with the User credentials. In the event the User uses a new device to access or log-in to the Platform, the User shall be required to grant access for the new device, as may be required. 

(f) You may visit the Platform and browse the Platform without having to provide User Information. We will, at all times, provide the option to You to not provide the User Information, which We seek from You. Where possible, We indicate which fields are mandatory and which fields are optional to be filled on the Platform. You always have the option to not provide User Information by choosing not to submit particular information or feature on the Platform. In such event, however, the Company fully reserves the right not to allow further usage of the Platform or provide any services/products thereunder to You. 

(g) In the event the User is an intermediary handling the websites or platforms or infrastructure on behalf of certain third parties and have availed the Services extended by the Company for such third parties, the User is liable to intimate the owner of the infrastructure the terms specified under this Privacy Policy and secure prior permission and approval as required. The Company shall not be held liable in any manner whatsoever, in the event the User (intermediary) fails to intimate the terms of the Privacy Policy to the end user or obtain the requisite approvals.

(h) While accessing the Platform and using the Services, we may have access to (i) the details of the threats removed or stopped by Our plug-in service on Your Covered Platform; (ii) the details of the User’s end customers accessing the Covered Platform; and (iii) the vulnerability report details collected by Our scanners or collected by Our employees in Your Covered Platform.

(i) By using this Platform, You consent to the collection, storage, use and transfer of the User Information that You provide in connection with any of the services that We offer through our Platform, and You consent to Our collection of any changes or updates that You may provide to the User Information. We collect only such User Information that We believe to be relevant for the purpose of identification and verification and is required to understand You or Your interests. It is clarified that We shall not be liable, for any reason whatsoever, for the authenticity of any User Information provided by You to Us. You hereby confirm that the User Information provided by You is and shall continue to be valid, true and accurate to the best of Your knowledge.

(j) We may also collect information regarding Your location, age and gender. This information will not be sold to, or shared with, any unaffiliated third party. 

(k) Any portion of the User Information containing personal data relating to minors or a person of unsound mind provided by You shall be deemed to be given with the consent of the legal guardian. Such consent is deemed to be provided by Your registration with us.

(ii) Information We collect

(a) Your name, mobile number and email address;

(b) Account, purchase and payment information;

(c) Candidate information (for job applicants);

(d) Access to Your server credentials to log into Your site as and when requested by you;

(e) The credentials/delegated access related to Your hosting account portal, or (s)FTP or SSH details in connection with any Malware Removal Request;

(f) The login credentials to Your testing accounts for dashboards/admin panels/third party accounts;

(g) Other data collected that could directly or indirectly identify You.

(iii) Automatically Collected Information 

When You visit the Platform, We may collect certain non-personal information such as Your internet protocol address, operating system, browser type, and internet service provider. We record the User session and collect the user browsing patterns through the following third party software used by the Company: (i) Microsoft Clarity (ii) Hubspot (iii) Google Analytics. This type of information does not identify You personally during Your visit to the Platform. We can identify You only after You submit User Information at the time of registering Yourself with the Platform.

  1. COLLECTION OF INFORMATION

(i) The User Information is being collected by the Company and the Company will delete any User Information upon the User withdrawing the consent in writing, however, upon the withdrawal of the consent by the User, the Company may, at its option, not provide any services for which the User Information was sought and the User shall not claim deficiency of services on the basis of such non provision of goods and services. 

(ii) To enhance Your use of the Platform, certain information may be collected each time You visit the Platform which are saved in server logs. It is clarified that these statistics help Us in improving the efficiency of the Platform by giving Us information relating to Your use of the Platform. Such User Information may include details of the server from where the Platform is being accessed, the browser and operating system used to browse the Platform, details of Your last visit to the Platform, including time, date and the duration of Your session on the Platform. This User Information is used by us to understand the number of users visiting the Platform and gather broad demographic information for aggregate use of the Platform. While collecting such User information, Your anonymity shall be maintained at all times and at no time can We identity You personally, unless You submit the User Information on the Platform or through the e-mail feature. We reserve the right to share such general information to any person on its discretion.

(iii) You acknowledge that apart from Your User Information, if You upload or exchange any data, content, information, pictorial representations and/or images including post any comments on the Platform (collectively referred to as the “Content”), such Content may contain information including User Information and the same may be available to the other Users of the Platform. We will not be liable for the disclosure and dissemination of such User Information on the Platform.

  1. COOKIES

Like most other Platforms, We use data collection devices known as cookies to collect and store information of Users visiting the Platform. A cookie is a small amount of data that is sent to a User's browser from a web server/mobile application and is eventually stored on a User's computer hard drive/mobile device. Cookies are a reliable mechanism for Platforms to remember the activities of the User on the Platform and helps in improving Your experience on the Platform. This anonymous information is maintained distinctly and is not linked to the User Information You submit to us. The option of accepting cookies is up to You, however certain features of the Platform including Content and the forms may not be accessible without accepting cookies.

To browse anonymously, You may set Your browser to disable cookies or delete cookies. Additionally, You may encounter cookies or other similar devices on certain pages of the Platform that are placed by third parties. We do not control the use of cookies by third parties and shall not be liable for any reason whatsoever for these third party cookies.

We use the following cookies:

 

Functional Cookies: To provide you with a great experience on this Website, we provide the functionality to set your preferences for how this site runs when you use it. To remember your preferences, we need to set cookies so that this information can be accessed whenever you interact with a page that is affected by your preferences.

Strictly Necessary or Essential Cookies: These cookies are necessary for the Site to function and cannot be switched off in our systems. For example, we use cookies to authenticate you. When you log on to our websites, authentication cookies are set which let us know who you are during a browsing session. We have to load essential cookies for legitimate interests pursued by us in delivering our Site's essential functionality to you.

Performance and Analytics Cookies: These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our Site. They help us to know which pages are the most and least popular and see how visitors navigate the Site. Performance cookies are used to help us with our analytics, including to compile statistics and analytics about your use of and interaction with the Site, including details about how and where our Site are accessed, how often you visit or use the Site, the date and time of your visits, your actions on the Site, and other similar traffic, usage, and trend data.

  1. DATA NOT PROCESSED 

We do not process personal data revealing Your racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.

  1. USER RIGHTS- FOR CITIZENS OF THE EUROPEAN UNION

In the event You are a citizen of the European Union, You may contact us at any time if there are any queries pertaining to the data privacy rights or if You wish to exercise any of the following rights afforded to You under the GDPR. You have the following broad rights under the GDPR:

(i) Right to withdraw Your consent: You shall have the right to withdraw Your consent at any time with regard to the processing of the User Information in accordance with Article 7 para. 3 GDPR.

(ii) Right to access Your data: You have the right to obtain confirmation as to whether or not personal data concerning You is being processed, and, where that is the case, access to the User Information specified under the Article 15 of the GDPR.

(iii) Right to rectification: You shall have the right to rectify any inaccurate data in accordance with the Article 16 of the GDPR. For instance, You can contact us if Your contact details have changed and You would like us to update the details that have been stored with us.

(iv) Right to erasuer: In accordance with Article17 of the GDPR, You can contact us to delete or erase any personal data concerning You that has been stored with us.

(v) Right to restrict processing: You can contact us to restrict the processing of certain data in certain situations such as in the event We no longer need the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims; in accordance with Article 18 of the GDPR.

(vi) Right to data portability: In accordance with Article 20 of the GDPR, You can contact us to receive Your data in a commonly used and machine-readable format if You want to transmit or upload it to another website.

(vii) Right to object how Your data is handled: If You do not agree with the processing of Your personal data at any time (for instance analytical proposes), You can contact us to discontinue the same in accordance with Article 21 of GDPR.

(viii) Right to lodge a complaint: You may lodge a complaint with the supervisory authority in accordance with Article 77 para. 1 of the GDPR, if You feel that the processing of the data relating to You infringes the GDPR.

(ix) Right to effective judicial remedy: You shall have the right to an effective judicial remedy where You consider that Your rights under the GDPR have been infringed as a result of the processing of Your personal data and the same is in non-compliance with the GDPR.

  1. USE OF THE USER INFORMATION 

(i) We collect the User Information provided by You for the reasons including but not limited to the following:

(a) To analyse and draw trends from the aggregated statistics of the User activity

(b) To provide personalised recommendations and maintain general and personalised content

(c) Identification and authentication of Your use of Company Services 

(d) To improve Our features and provide seamless service

(e) To conduct research, to administer the Services

(f) To undertake promotional activities and/or contest

(g) To send You relevant notifications through e-mails and SMS which add to the effectiveness of the service

(h) To help in detecting and preventing of fraud 

(i) To analyse and monitor activity on Our Platform

(j) To protect the integrity of Our Platform

(k) To respond to any queries/doubts raised by You

(l) To protect against imminent harm to the rights, property or safety of the Platform / Company or its users or the public as required or permitted by law

(m) To send periodic emails for sharing information and updates pertaining to Your order, occasional company news, updates, related product or service information, etc.

(n) Verifying Your identity.

  1.      DISCLOSURE OF USER INFORMATION

(i) The User Information may be disclosed to affiliated companies within Our corporate family, with third parties with which We have partnered to allow You to integrate their services into Our own Services, and with trusted third party service providers as necessary for them to perform services such as: 

Processing credit/debit card/PayPal payments

Serving advertisements

Conducting contests or surveys

Performing analysis of Our Services and customers demographics

Communicating with You, such as by way email or survey delivery

Customer relationship management

Security, risk management and compliance

Recruiting support and related services.

In view of the same, You may be subject to the practices of such third parties as well. 

(ii) You acknowledge and agree that in the event You have availed Our Services through a third party partner, We may disclose the User Information to such partner for the purpose of account management. Further, such a third party affiliate will have access to the account of the end User.

(iii) In the event the User comments on any vulnerability report on the Platform, the name and e-mail address  of the User will be visible to the other users of the Platform. 

(iv) Except as provided under this Privacy Policy, We shall disclose the User Information only under the circumstances where the User has provided express instructions or consent towards such disclosure.

  1. THIRD PARTY PAYMENT SERVICES AND USER INFORMATION COLLECTION

(i) We use a third party payment platform and payment aggregator services to bill You for Our services. We may use and share the User Information with reliable and reputed third-party payment gateway to whom We are associated in order to ensure swift and comfortable payment mechanism for the User. The third party service providers shall provide the Company the name of the User, phone number, tax number, subscription details, details of the last four digits of the credit card used for payment, email ID and the address of the User as utilized by the User while completing the payment transaction. 

(ii) Notwithstanding any other provision of this Privacy Policy, You agree that the Company may not redirect You to a third party service provider website and the User may undertake the payment via the Website. However, the Company uses the third payment provider's library to load their checkout flow in an overlay manner. The overlay is entirely controlled and managed by the third party payment provider and We do not capture or modify any data entered into by the User in the overlay. 

(iii) After either the User is directed to the payment mechanism and the payment gateway or the payment is undertaken via the Website as specified in sub-clause (ii) above, the Company is not liable for any data stored, used or accessed by such a third party service provider and the User Information is no longer governed by this Policy or Our Website’s Terms of Service. The same shall be subject to the terms and conditions and privacy policy of the third party service provider. For these third party service providers, we recommend that You read their privacy policies in order to understand the manner in which Your User Information and Your credit/debit card details will be handled by these providers. 

(iv) We have affiliated with the following third party payment providers for the above mentioned purposes: (i) paddle.com; (ii) fastspring.com (iii) paypal.com.

  1. SHARING OF DATA WITH THIRD PARTIES

(i) We will share Your User Information with third parties (including Sub-processors) only in the ways that are described in this Policy. We may use the individual data and behaviour patterns combined with User Information to provide You with personalized content, and better Your experience. 

(ii) The Company may provide and utilise the User Information and data collected to certain third parties for undertaking data analysis via third party analytical tools. The third party analytical tools are utilised in order to analyse the data and information to personalize, drive insights and thereby provide a better performance, improve the quality of features and provide seamless services to the User.

(iii) The Company does not sell, trade or rent the User Information to any third party unless, we have been expressly authorized by You either in writing or electronically to do so

(iv) In some cases, Company may share your information with third parties & sub-processors listed here but not limited to, to the extent permitted by applicable law for the above mentioned purposes. Each of these sub-processors are limited to accessing or using this information to provide our services only and must provide reasonable assurances that they will appropriately safeguard any customer data provided by Company.

  1. SECURITY PRECAUTIONS 

(i) To prevent any form of unlawful interception or misuse of User Information, We use reasonable physical, electronic, and managerial procedures to safeguard and secure the User Information collected. We use reasonably secure and technologically appropriate measures, in compliance with the relevant applicable laws of the jurisdiction to protect You against loss or misuse of Your User Information including internal reviews of data collection, storage and processing practices and other reasonable security measures which are equivalent to security measures that We use to protect Our own confidential information. We have in place a secure servers for all Your transactions on the Platform, which, if required to be accessed, are accessible only by Our authorized personnel. However, as You are aware, no internet site/mobile based application is completely free of security risks and We do not make any representation in respect of the same.

(ii) We do not warrant that Our Platform or any electronic communication made by Us is free from virus or other harmful effects. In the event of any errors in transmission or in the event of Our Platform being inaccessible due to an act of any third party or due to any outage, or any technical or technological failure, or similar reasons beyond Our control, We shall not be held liable or responsible for any losses/ damages incurred by You, and You agree that you will not have any claims against us regarding the same. You explicitly agree that Your use of the Platform and/or services is at Your own individual risk. You agree and confirm that Your User Information may be collected, used, transferred, processed and stored in the manner stipulated in this Privacy Policy. You hereby confirm that You have been made aware of the security measures undertaken by Us and You expressly consent to Us collecting, storing, handling, processing and using Your User Information.

(iii) All supplied sensitive User Information is transmitted via Secure Socket Layer (SSL) technology and then encrypted into Our Payment gateway providers database only to be accessible by those authorized with special access rights to such systems and are required to keep the information confidential. After a transaction, Your User Information (credit cards, social security numbers, financials, etc.) will not be stored on Our servers. While We have mechanisms in place to safeguard Your User Information after We receive it, no transmission of data over the internet can be fully secure and We make no representation in respect of the same.

  1. LINKS TO OTHER THIRD PARTY SITES

The Platform may provide third party information and links to other platforms that are not affiliates of or operated or controlled by Us including but not limited to payment gateways or social networking platforms. We are not responsible for any form of transmission, whatsoever, received by You from any third party platform and accordingly do not make any representations concerning the privacy practices or other policies of such third party Platforms. Under no circumstances shall We be deem to control or guarantee the accuracy, integrity, or quality of the information, data, text, software, sound, photographs, graphics, videos, cookies, messages or other materials available on such platforms. Any User Information provided by You to such third party Platforms shall be governed in accordance with the privacy policies of such platforms and it is recommended that You review the privacy policy of such platforms prior to using such platforms.

  1. AGGREGATE STATISTICS

We may at times provide aggregate statistics about Our Users and their pattern in addition to certain related site information to certain third parties will be in an aggregate form and does not contain any of Your individual detailed User Information. 

  1. DATA SECURITY AND RETENTION

(i) We follow the required security measures specified under Article 32 of the GDPR and adopt the required processes to protect and safeguard the User Information and data provided to us. 

(ii) Once You delete the User Information such as name and e-mail address on the Website by raising a support ticket on the Platform or via Dashboard, We will notify You about the same through email and this deleted information is not stored in any form at Our end. You have every right to cease to hold an account with us. However, the past activity data associated with Your account is intact in anonymous form with us and We may utilise it for research and analysis purposes in order to improve the quality of Our Services.

  1. DATA BREACH

In case of any data breach of User Information/Website’s database / third-party data, processors is apparent, We will inform all relevant authorities within 72 hours about the same. Further, We shall inform You about the same without any undue delay, if required as specified under the Article 34 of the GDPR.

  1. CHILDREN’S PRIVACY PROTECTION

The Service is not for or directed Towards Children. While the Service is not intended for anyone under the age of eighteen (18) years, We do not intend to and will not knowingly collect any User Information from children under the age of thirteen (13) years. Children under the age of thirteen (13) years are prohibited from using the Service. If We learn that We have collected information from a child under the age of thirteen (13) years, We will remove that information immediately and delete it from Our servers (subject to applicable law and this Privacy Policy). If You believe content from a child under the age of thirteen (13) years has been posted to the Service, please notify us by contacting us at [email protected].

  1. CHANGE IN PRIVACY POLICY

We reserve the right to update, modify and amend any of the terms of Our Privacy Policy, at any time without prior intimation to You. We will post these changes on Our Platform for Your information. These changes will become effective immediately on posting. We shall not be liable for any failure or negligence on Your part to review the updated Privacy Policy before accessing or availing the Platform for availing the services. Your continued use of the Platform, following changes to the Privacy Policy, will constitute Your acceptance of those changes.

  1. DISCLOSURES REQUIRED BY LAW

We reserve the right to disclose User Information when required by any applicable law. We will disclose such User Information wherein We have a good-faith belief that it is necessary to comply with a court order, ongoing judicial proceeding, or other legal process served on Us from any jurisdiction as may have been applicable to Us by virtue of the location of the User of the services or to exercise Our legal rights or defend against legal claims.

  1. CONTACTING THE PLATFORM AND DATA PROTECTION OFFICER/ GRIEVANCE OFFICER

(i) If You have any questions or comments regarding (i) this Policy, or (ii) practices of this Platform, or (iii) Your dealings with this Platform or believe that We have not adhered to it or (iv) if You wish to exercise Your individual rights, please contact us using one of the following methods:

Name: Astra Security 

Email: [email protected]

Address: SCO-830, second floor, above RBL Bank, NAC, Manimajra, U.T. Chandigarh, India 160101 and 2093, Philadelphia Pike #4080, Claymont, Delaware, 19703, USA

Alternatively, You can chat with us on the help desk chat option available in the Application

(ii) Our Data Protection Officer/ Grievance Officer or another data protection relevant officer can be reached at the email provided above.

The Data Protection Officer/Grievance Officer is identified above pursuant to the provisions of applicable laws including but not limited to the GDPR, Information Technology Act, 2000 and the Consumer Protection Act, 2019, and the Rules enacted under those laws.

  1. INTERNATIONAL DATA TRANSFERS

We share the User Information with the entities situated outside the European Union. We ensure that the User Information is protected and the data recipient adopts an adequate level of data protection. Further, We ensure that effective legal remedies are available. The transfers shall be subject to the conditions specified under the GDPR.

  1. UPDATION/ DELETION OF THE USER INFORMATION

Once you update/delete Your personal User Information through Your account settings such as name and e-mail address on the Website or the Application, this old/deleted information shall be deleted from Our database within 60 (sixty) days from the date of the updation/ deletion. After expiry of the said period, the old/ deleted User Information is not stored in any form at Our end. You have every right to cease to hold an account with us. However, the past activity data associated with Your account is intact in anonymous form with us and We may utilise it for research and analysis purposes in order to improve the quality of Our Services.

  1. INFORMATION FOR CITIZENS OF THE EUROPEAN UNION

Our Policy is EU GDPR privacy regulations compliant. 

This Privacy Policy shall be read in conjunction with the Platform’s Terms of Service and all the relevant provisions of the Platform’s Terms of Service (including but not limited to indemnification, limitation of liability, governing law and dispute resolution) shall mutatis mutandis apply to this Privacy Policy and be deemed to be incorporated herein by reference.