Privacy Policy

Last Updated: May 23, 2018

 

ASTRA IT, Inc. (“Company,”, “Astra”, “we,” “us,” “our”) understands your privacy is important. This Privacy Policy describes how we collect, use, store, process, and share your information in relation to www.getastra.com (the “Site”) and the Astra services, including all media, document, updates, and support services associated with the Site and the Astra services (all collectively, the “Service”). By accessing or using the Service, including browsing the Site, you expressly consent to the collection, use, storage, processing, and disclosure of your information in accordance with this Privacy Policy. IF YOU DO NOT AGREE WITH THIS PRIVACY POLICY, YOU SHOULD NOT ACCESS OR USE THE SERVICE. Parts of the Terms of Use affect this Privacy Policy, so please be sure to review the Terms of Use prior to using the Site.

Key points

  • We don’t request access to you personal information unless we truly need it to provide the service eg: Your gender or income levels are irrelevant to us, so we don’t ask you for that information.

  • We don’t share your personal information with anyone except to comply with the law, develop our products, or protect our rights.

  • We don’t store personal information on our servers unless required for the on-going operation of one of our services.

  • We WILL NEVER sell your information to anyone.

What information do we collect?

General. When you visit the site, you can browse without submitting any personal information about yourself. We will, however, receive and store some non-personally identifiable information about you, as described below. In order to participate in certain functionalities, you may be asked to provide personally identifiable information. Personally identifiable information is information that can identify you, including, for example, your name or email address.

Account; Purchase; Payment Information. If you create an account or purchase paid features of the Service, we request certain personally identifiable information from you on our signup & payment form, including, but not limited to, name, email address, phone number and payment card information (including card number, expiration address, and verification code). We use a third party payment processor (currently Bright Market, LLC d/b/a FastSpring (“FastSpring”)) to assist in securely processing your personally identifiable payment information, including recurring charges (if any). The credit card information that you provide is encrypted and collected directly by FastSpring.com on it’s checkout page. We do not store your credit card information and do not control and are not responsible for FastSpring.com or its collection or use of your information. You may find out more about how FastSpring stores and uses your credit card information by accessing the Privacy Policy for FastSpring.com Services. FastSpring’s privacy policy applies to the information you provide on the FastSpring checkout page.

Communications; Email Address Collection. In order to receive certain communications from us, such as responses to user inquiries, you will be required to submit your email address to us. You may also provide your email address to us in order to receive security updates and news even if you do not sign up for an account or make a purchase. Any non-Service related email you receive from us will include an unsubscribe link that will allow you to opt-out of receiving future emails. It may be necessary to send you Service-related announcements. For example, if the Service is temporarily suspended for maintenance, we may send users an email. You may not opt-out of Service-related emails which are not promotional in nature.

User Content. The Service may allow you to post or submit comments or other information, such as in response to our blog content (www.getastra.com/blog), knowledge-base content (www.getastra.com/kb) (“User Content”). We may use User Content to improve the Service and we may save User Content or other content you post indefinitely.

Malware Cleaning Service. If you opt for our malware cleaning/removal service we may download portions of your site to secure servers in order to analyze and clean the site. As part of the service we also require: access to your database, access to your site control panel, and server credentials to log into your site. The server credentials are transmitted via an encrypted page and stored with industry standard encryption. We may also retain a backup of portions of your site for a limited amount of time after the cleaning for quality assurance purposes.

Automatically Collected Information. Similar to other websites, we may collect some information automatically from you and store it in log files. This collection may include, but is not limited to: your domain name and host for Internet access, the Internet address of the site from which you came, the date and time of your access, your computer’s IP address and information about its operating system, browser, and host, the date and time you access the Service and the pages you visit. We collect this non-identifying information in order to help diagnose problems and to administer the Service. We also use it to help identify you and to gather broad demographic information. We may automatically collect information using various mechanisms, including but not limited to cookies and pixels.

A “cookie” is a small text file that is stored on a computer for record-keeping purposes. We use cookies for analyzing trends, site administration, tracking user movement, and to gather demographic information from our base as a whole. Some cookies remain on your computer until you delete them. Others, like session ID cookies, expire when you close your browser. You may set your browser setting to attempt to reject cookies and you may still use the Service, however, certain features of the Service may not be available if your browser does not accept cookies. See “Do-Not Track Settings” below for more information on how use of the Service may or may not be affected by your browser settings. We do not control the use of cookies by third parties. Also see “Third Party Analytics Providers” below.

“Pixels” are tiny graphics with a unique identifier that are used to track the online movements of web users. Unlike cookies, which are stored on a computer’s hard drive, pixels are small graphics that are about the size of the period at the end of the sentence that are embedded invisibly on web pages or in HTML-based emails. Our third-party analytics providers may place pixels on the Site that track what other websites you visit (both before and after visiting the Site). Our third-party analytics providers use information obtained from pixels to help us improve our business and the Service. We do not control the use of pixels by third parties.

Third Party Analytics Providers. We use third parties to help us operate and improve the Service. In doing so, we may share with these third parties non-personally identifiable information about users’ use of the Service. These third party providers also use cookies. We use third party analytics providers, such as Google Analytics, Sumo.com (Sumo Group Inc.), to provide us with general demographic and interest-level information about our users and to help create a better user experience. We do not control information collected by third parties and are not responsible for their use of that information.

Google Analytics uses cookies and pixels in order to collect demographic and interest-level information and usage information from users that visit the Service, including but not limited to information about the pages where users enter and exit the Service and what pages users view on the Service, time spent, browser, operating system, and IP address. Cookies and pixels allow Google to recognize a user when a user visits the Service and when the user visits other websites. Google uses the information it collects from the Service and other websites to share with us and other website operators information about users including, but not limited to, age range, gender, geographic regions, general interests, and details about devices used to visit websites and purchase items. We take reasonable measures to prevent linking of information we receive from Google with any of your personally identifiable information. For more information regarding Google’s use of cookies and collection and use of information see the Google Privacy Policy. To opt out of Google Analytics, please visit the Google Analytics Opt-Out Page to learn about opting out and installing the appropriate browser add-on.

Tawk.to Inc. (Tawk.to) uses cookies & also collects non-personally-identifying information for to complete its promised service. tawk.to collects such information only insofar as is necessary or appropriate to fulfill the purpose of the visitor’s interaction with tawk.to. tawk.to also collects potentially personally-identifying information like Internet Protocol (IP) addresses for users that use the services and visitors. For more information regarding Tawk.to’s use of cookies and collection and use of information see the Tawk.to Privacy Policy.

Sumo Group Inc. (d/b/a "AppSumo","Sumo","Sumo.com", “SumoMe”) uses cookies to save your time while using the Website, remind us who you are, and track and target User interests in order to provide a customized experience. Non-Personally Identifiable Information may also be collected from you, such as but not limited to which pages you visited and what links you clicked on.

FreshWorks Inc. (d/b/a "FreshWorks","Freshdesk") may use cookies to save information to about your support ticket created in their system or through the widget embedded in your Astra dashboard. We are not responsible for Freshwork/Freshdesk's collection or use of your information.

“Do Not Track” Settings. Because we track website usage information as described above, your selection of the “Do Not Track” option provided by your browser may not have any effect on our collection of certain information. The only way to completely “opt out” of the collection of information through cookies or other tracking technologies is to actively manage the settings on your browser to delete and disable cookies and other tracking/recording tools. However, getting a “Do Not Track” signal to work as you might want is difficult. Using browsers as an example, not all tracking technologies can be controlled by browsers; unique aspects of your browser might be recognizable even if you disable a tracking technology; not all settings will necessarily last or be effective; even if a setting is effective for one purpose, data still may be collected for another; and even if one website observes a “Do Not Track” signal, that website may not be able to control other websites.

Linked Sites. The Site may contain links to third party websites (“Linked Sites”), including social media features such as Facebook, LinkedIn, Google+ or Twitter buttons. We are not responsible for the privacy practices or content of any Linked Sites and Linked Sites may collect personally identifiable information from you that is not subject to our control. The data collection practices of Linked Sites will be governed by that site’s privacy policy.

Log files. As is true of most websites, we gather certain information automatically and store it in log files. This information may include Internet protocol (IP) addresses, browser type, Internet service provider (ISP), referring/exit pages, operating system, date/time stamp and/or clickstream data. We use this information gathered about you from our Site to help personalize search results, diagnose problems with our server, and to administer our Site. We also gather broad demographic information from this data to help us improve our Site and make your browsing and purchasing experience more enjoyable. This is not linked to any personally identifiable information, except as necessary to prevent fraud or abuse on our system.

Testimonials. We may post your testimonials/comments/reviews on our Websites which may contain your Personal Data. Prior to posting the testimonial, we will obtain your consent to post your name along with the testimonial. If you want your testimonial removed, please contact us at [email protected]

You understand that we will not be liable to any person for unauthorized publishing of testimonials by other parties.

Marketing communications. We may use your e-mail address, collected as part of Collected Data, to send our newsletters and/or marketing communications about our products and services. Where you have so requested, we will also send you marketing communications about our third party partners. If you no longer wish to receive these communications, you can opt out by following the instructions contained in the e-mails you receive or by contacting us at [email protected].

Single Sign-on. You can log in to our websites & applications using sign-in services such as Google, Facebook Connect and LinkedIn. These services will authenticate your identity and provide you the option to share certain Personal Data with us such as your name and e-mail address. Services like Google, Facebook Connect, Twitter, LinkedIn give you the option to post information about your activities on our Websites to your profile page and to share information with others within your network.

What do we use your information for?

Any of the information we collect from you may be used in one of the following ways:

  • Maintain and provide our Site, products, and services

  • Fulfill the purpose for which you provide it

  • Personalize your experience

  • Improve our Site, products and services

  • Develop new products and services

  • Process transactions

  • Improve security

  • Detect and prevent fraud

  • Protect our and our visitors' safety

  • Analyze and monitor activity on our Site

  • Comply with our obligations

  • Marketing

  • Exercise our rights

  • Enforce our contracts

 

General. We will use your personally identifiable information to operate, manage and administer the Service; to fulfil your purchase of any paid features of the Service (if applicable); to provide you with support or a more personalized experience; to communicate with you; and to provide you information about products and services (including the products and services of third parties). We may also use personal information to resolve disputes; to detect and protect against errors, fraud, and criminal activity; to assist law enforcement; to enforce this Privacy Policy and the Terms of Use; or for any other purpose described in this Privacy Policy or that we describe to you at the time of collection.

Use of Non-Personally Identifiable and Aggregate Information. We may use non-personally identifiable information and aggregate information for any lawful purpose, including, but not limited to, analyzing trends, managing and administering the Service, tracking users’ movements, for research purposes, or to improve our business and the Service. In addition, we may share aggregate statistical information with our business partners. We may also combine your non-personally identifiable information and aggregate information with other non-personally identifiable information and aggregate information collected from other sources.

Your information, whether public or private, will not be sold, exchanged, transferred, or given to any other company for any reason whatsoever, without your consent, other than for the express purpose of delivering the purchased product or service requested.

Periodic emails. The email address you provide for order processing, may be used to send you information and updates pertaining to your order, in addition to receiving occasional company news, updates, related product or service information, etc.

Information Retention. We may retain your information for as long as your account is active or as needed to provide you services, comply with our legal obligations, resolve disputes, and enforce our agreements. We may dispose of any information in our discretion without notice, subject to applicable law. We do not undertake any retention obligations through this statement.

Under GDPR we will ensure that your personal data is processed lawfully, fairly, and transparently, without adversely affecting your rights.  We will only process your personal data if at least one of the following basis applies:

a) you have given consent to the processing of your personal data for one or more specific purposes;

b) processing is necessary for the performance of a contract to which you are a party or in order to take steps at the request of you prior to entering into a contract;

c) processing is necessary for compliance with a legal obligation to which we are  subject;

d) processing is necessary to protect the vital interests of you or of another natural person;

e) processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller; and/or

f) processing is necessary for the purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by the fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.

What is our legal basis for processing Personal Data ?

If you are a visitor from the European Economic Area, our legal basis for collecting and using the Personal Data described above will depend on the Personal Data concerned and the specific context in which we collect it.

However, we will normally collect Personal Data from you only where we need the Personal Data to perform a contract with you, or where the processing is in our legitimate interests or rely upon your consent where we are legally required to do so and not overridden by your data protection interests or fundamental rights and freedoms. In some cases, we may also have a legal obligation to collect Personal Data from you or may otherwise need the Personal Data to protect your vital interests or those of another person.

If we ask you to provide Personal Data to comply with a legal requirement or to perform a contract with you, we will make this clear at the relevant time and advise you whether the provision of your Personal Data is mandatory or not (as well as of the possible consequences if you do not provide your Personal Data).

Similarly, if we collect and use your Personal Data in reliance on our legitimate interests (or those of any third party), we will make clear to you at the relevant time what those legitimate interests are.

If you have questions about or need further information concerning the legal basis on which we collect and use your Personal Data, please contact us using the contact details provided below.

 

Data we process on your behalf: Service Data

If you are using our products/services, we only process Service Data as per our Customer's instructions. For purposes of the GDPR and the Swiss Federal Act on Data Protection, we are the processor and not the controller of the Service Data. Service Data, means all electronic data, text, messages or other materials, including Personal Data of Users and End-Users, submitted to the Service(s) by our Customers through Customer’s Account in connection with Customer’s use of the Service(s), including data collected for providing the service. Our EEA or Switzerland based Customers are the “controllers” of that data and are responsible for compliance with the applicable data protection law. We work with our Customers to help them provide notice to their customers concerning the purpose for which Personal Data is processed by Astra.

If you are our Customer from EEA or Switzerland, then in your role as a controller, you are authorizing, on behalf of you and your authorized agents and End-Users, and representing that you have the authority to provide such authorization to the processing and transfer of Personal Data in and to the United States and other countries which may have different privacy laws from your or their country of residence. We will take all steps reasonably necessary to ensure that the Service Data is treated securely and in accordance with this Notice.

We do not own, control or direct the use of Service Data, and in fact we are largely unaware of what information is being stored on our platform and only access such information as reasonably necessary to provide the Service(s) (including to respond to support requests), as otherwise authorized by Customers or as required by law.

As the controller, it shall be your responsibility to inform the End-Users about the processing, and, where required, obtain necessary consent or authorization for any Personal Data that is collected as part of the Service Data through your use of the Service(s). As the processors of Personal Data on behalf of our Customers, we follow Customer’s instructions with respect to the Service Data to the extent consistent with the functionality of our Service(s). In doing so, we implement technical, physical and administrative measures against unauthorized processing of such information and against loss, destruction of, or damage to, Personal Data.

How do we protect your information?

Keeping your information secure is of great concern to us. We exercise care in facilitating the transmission of information between your device or computer and our servers (or the third party servers that operate and store information for the Service). Any personally identifiable information collected by the Service is stored in operating environments that are not available to the public.

We implement a variety of security measures to maintain the safety of your personal information when you place an order or enter, submit, or access your personal information. We offer the use of a secure server. All supplied sensitive information is transmitted via Secure Socket Layer (SSL) technology and then encrypted into our Payment gateway providers database only to be accessible by those authorized with special access rights to such systems, and are required to keep the information confidential. After a transaction, your private information (credit cards, social security numbers, financials, etc.) will not be stored on our servers. While we have mechanisms in place to safeguard your personal information after we receive it, no transmission of data over the internet can be 100% secure.

Do we use cookies?

Yes (cookies are small files that a site or its service provider transfers to your computers hard drive through your Web browser (if you allow) that enables the sites or service providers systems to recognize your browser and capture and remember certain information.

We use cookies to help us remember and process the items in your shopping cart, chat preferences etc.

Do we disclose any information to outside parties?

We do not sell, trade, or otherwise transfer your personally identifiable information to outside parties. This does not include trusted third parties who assist us in operating our website, conducting our business, or servicing you, so long as those parties agree to keep this information confidential. We may also release your information when we believe release is appropriate to comply with the law, enforce our site policies, or protect ours or others rights, property, or safety. However, non-personally identifiable visitor information may be provided to other parties for marketing, advertising, or other uses.

Insolvency or Business Transition. If we should ever file for bankruptcy or engage in a business transition such as a merger with another company, or if we purchase, sell, or reorganize all or part of our business or assets, we may disclose your information, including personal information, User Content, and user data or information, to prospective or actual purchasers in connection with one of these transactions.

To Members of the Corporate Family. Astra may disclose your information to our parent, subsidiaries and other affiliates, and their agents and employees.

Disclaimer. Due to the complexity and open nature of the Internet, no transmission of data over the Internet can be 100% secure. There is always a risk that information collected by and/or displayed on the Service may be compromised or accessed notwithstanding the steps we take to secure your information. For example, a third party may unlawfully intercept or access transmissions or private communications, or other users of the Service may abuse or misuse your personal information. Accordingly, you agree that you are providing such information at your own risk.

How Can You Access, Update, or Delete Your Data &  Your Personal Information?

You have the legal right to ask for a copy of any of your personal data held by us (where such data is held).

Please contact us for more details at [email protected] or write us at the address mentioned in the contact section below. We will make good faith efforts to resolve requests to correct inaccurate information except where the request is unreasonable, requires disproportionate technical effort or expense, jeopardizes the privacy of others, or would be impractical.

Your right to withhold information and your right to withdraw information after you have given it.

How to manage, control and delete cookies, web beacons and similar technologies

You may block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) it may limit your use of certain features or functions on our website or service. Unless you have adjusted your browser setting so that it will refuse cookies, our system will issue cookies as soon as you visit our site. Please note, as further described in our Privacy Policy, we currently do not alter our practices when we receive a “Do Not Track” signal from a visitor’s browser.

Internet browsers allow you to change your cookie settings. These settings are usually found in the ‘options’ or ‘preferences’ menu of your internet browser. In order to understand these settings, the following links may be helpful. Otherwise you should use the ‘Help’ option in your internet browser for more details.

If you wish to withdraw your consent at any time, please email us at [email protected]

Visitor Consent

Information that you disclose in a public space, including on any blog, bulletin board, chat room, or website Astra may host for you as part of your Astra services, is available to anyone else who visits that space. Astra cannot safeguard any information you disclose in these locations.

If you voluntarily offer any feedback, data, answers, questions, comments, suggestions, ideas or the like, Astra will treat that portion of the information as non-confidential and nonproprietary and, except as otherwise expressed in this Policy, Astra assumes no obligation to protect such information from disclosure. To request removal of your personally identifiable information from our blog or community forum, contact us at [email protected] In some cases, we may not be able to remove your personally identifiable information, in which case we will let you know if we are unable to do so and why.

 

International Use

Our servers are located in the United States & offices located in India, so your information may be transferred to, stored, or processed in the United States. While the data protection, privacy, and other laws of the United States might not be as comprehensive as those in your country, we take many steps to protect your privacy, including offering a data processing agreement for European Union (“EU”) customers.

To comply with EU General Data Protection Regulation (“GDPR”), our EU customers must sign our Data Processing Agreement (“DPA”) and the Standard Contractual Clauses to establish the respective responsibilities between the Astra customer (as the data controller) and Astra itself (as the data processor).  If the GDPR applies to you please email us at [email protected] We will provide both the DPA and Standard Contractual Clauses for you to sign.

By using the Services, you understand and consent to the collection, storage, processing, and transfer of your information to our facilities in the United States & India and those third parties with whom we share it as described in this policy.

Our Commitment To Data Security

To prevent unauthorized access, maintain data accuracy, and ensure the correct use of information, we have put in place appropriate physical, electronic, and managerial procedures to safeguard and secure the information we collect online.

 

Childrens Online Privacy Protection Act Compliance

The Service is Not for or Directed Towards Children. While the Service is not intended for anyone under the age of 18, we do not intend to and will not knowingly collect any personal information from children under the age of 13. Children under the age of 13 are prohibited from using the Service. If we learn that we have collected information from a child under the age of 13, we will remove that information immediately and delete it from our servers (subject to applicable law and this Privacy Policy). If you believe content from a child under the age of 13 has been posted to the Service, please notify us by contacting us at [email protected]

Terms and Conditions

Please also visit our Terms and Conditions section establishing the use, disclaimers, and limitations of liability governing the use of our website at https://www.getastra.com/terms

 

Changes to our Privacy Policy

We reserve the right to revise this Privacy Policy by updating it and posting it at https://www.getastra.com/privacy, with the new terms taking effect on the date of posting. You should periodically review this Privacy Policy to ensure you are familiar with the most current version. Your use of the Service after the Effective Date posted above constitutes your acceptance of the updated Privacy Policy.

Contacting Us

If there are any questions regarding this privacy policy you may contact us at [email protected]

YOU ACKNOWLEDGE THAT YOU HAVE READ, UNDERSTAND AND CONSENT TO THE PRIVACY PRACTICES DESCRIBED IN THIS PRIVACY POLICY AND AGREE TO BE BOUND BY THE TERMS OF USE REFERENCED HEREIN.