Privacy Policy

Privacy Policy

Last updated: April 25, 2026

Astero Digital Ltd (“Astero Digital”, “we”, “us”, or “our”) is committed to protecting and respecting your privacy.

This Privacy Policy explains how we collect, use, disclose, store, and otherwise process personal data when you visit astero.in, create an account, place an order, use our content management system and related software-as-a-service platform, communicate with us, or otherwise interact with our products and services (together, the “Services”).

This Privacy Policy is intended to comply, where applicable, with the UK General Data Protection Regulation (“UK GDPR”), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations 2003 (“PECR”), as amended.

This Privacy Policy should be read together with our Terms and Conditions and Cookie Policy.

1. Identity of the Controller

Astero Digital Ltd is the controller of personal data processed under this Privacy Policy, except where we expressly state that we act as a processor on behalf of a customer.

Astero Digital Ltd
71-75 Shelton Street, Covent Garden, London, WC2H 9JQ
Email: contact@astero.in
Website: astero.in

If you have any questions about this Privacy Policy or our data protection practices, you may contact us using the details above.

2. Scope of This Privacy Policy

This Privacy Policy applies to personal data that we collect and process in connection with:

  • visits to our website;
  • account registration and authentication;
  • orders, subscriptions, and billing;
  • use of our CMS SaaS platform and related tools;
  • marketing communications;
  • support requests, contact forms, and chat interactions;
  • use of analytics, advertising, and similar technologies;
  • AI-enabled features and third-party integrations made available through our Services.

This Privacy Policy does not apply to third-party websites, services, or platforms that we do not control, even where accessible through our Services.

3. Categories of Personal Data We Collect

We may collect and process the following categories of personal data.

3.1 Information you provide directly

  • full name;
  • email address;
  • telephone number;
  • company or business name;
  • postal or billing address;
  • login credentials and account details;
  • information submitted through forms, support tickets, chat, email, or other correspondence;
  • order details and service selections;
  • content, files, images, text, settings, prompts, and other material uploaded or submitted through the Services.

3.2 Account, transaction, and subscription data

  • account registration records;
  • subscription status;
  • order history;
  • billing records;
  • payment status and invoice data;
  • customer service history;
  • records of product usage associated with your account.

3.3 Technical and usage data

  • IP address;
  • browser type and version;
  • device identifiers;
  • operating system;
  • time zone and locale settings;
  • referral source;
  • pages viewed;
  • clickstream data;
  • session and interaction data;
  • diagnostic information;
  • crash reports, logs, and performance data.

3.4 Marketing and communications data

  • newsletter subscription preferences;
  • records of consent or opt-out;
  • email engagement metrics, including opens and clicks where lawful;
  • advertising attribution and campaign interaction data.

3.5 Data from third parties

We may receive personal data from third parties such as:

  • payment processors including Stripe;
  • analytics and advertising providers including Google Analytics, Meta, and Microsoft Clarity;
  • support, communications, CRM, or chat providers;
  • integration partners and authentication providers;
  • other third parties where you choose to connect or enable an integration.

3.6 AI-related data

Where we offer AI-enabled functionality, we may process prompts, instructions, uploaded content, metadata, and related inputs and outputs for the purpose of providing, securing, maintaining, improving, or supporting those features, subject to applicable law and our contractual obligations.

4. How We Collect Personal Data

We collect personal data:

  • directly from you;
  • automatically when you use our website or Services;
  • from cookies and similar tracking technologies;
  • from payment, analytics, advertising, communication, support, and integration providers;
  • from other sources where lawful and appropriate.

5. Purposes of Processing and Lawful Bases

Under the UK GDPR, we must have a lawful basis for processing your personal data. Depending on the context, we rely on one or more of the following lawful bases:

  • performance of a contract;
  • compliance with a legal obligation;
  • legitimate interests;
  • consent.

We process personal data for the following purposes.

5.1 To provide and administer the Services

This includes creating and managing accounts, authenticating users, processing orders, enabling website creation and CMS functionality, and providing access to subscriptions and purchased services.
Lawful basis: performance of a contract; legitimate interests.

5.2 To process payments, invoices, and billing records

This includes payment administration, fraud prevention, subscription management, and maintaining accounting and tax records.
Lawful basis: performance of a contract; compliance with legal obligations; legitimate interests.

5.3 To provide customer support and respond to enquiries

This includes contact forms, chat, support systems, troubleshooting, and service communications.
Lawful basis: performance of a contract; legitimate interests.

5.4 To improve, monitor, and secure the Services

This includes analytics, diagnostics, service optimisation, abuse prevention, debugging, account protection, and platform reliability.
Lawful basis: legitimate interests; compliance with legal obligations where applicable.

5.5 To send service-related communications

This includes important notices about your account, orders, billing, technical issues, policy changes, and security matters.
Lawful basis: performance of a contract; compliance with legal obligations; legitimate interests.

5.6 To send marketing communications

This includes newsletters, product updates, promotional messages, and related marketing activity where permitted by law.
Lawful basis: consent where required by PECR; otherwise legitimate interests, where lawful.

5.7 To operate advertising and analytics technologies

This includes measuring traffic, conversions, user behaviour, and campaign performance using tools such as Google Analytics, Meta technologies, and Microsoft Clarity.
Lawful basis: consent where required; otherwise legitimate interests where lawful.

5.8 To provide AI-enabled features and integrations

This includes processing content and prompts submitted through AI features and third-party integrations connected to the Services.
Lawful basis: performance of a contract; legitimate interests; consent where required by law or product design.

5.9 To comply with law and protect legal rights

This includes complying with legal obligations, responding to lawful requests, enforcing our terms, investigating misuse, and protecting our business, users, and the public.
Lawful basis: compliance with legal obligations; legitimate interests.

6. Where We Act as Controller and Where We Act as Processor

For personal data relating to our own business operations, website visitors, account holders, billing contacts, marketing recipients, and support users, Astero Digital Ltd generally acts as a controller.

Where our customers use the CMS SaaS platform to create websites, collect personal data from their own end users, or manage content and submissions through the platform, Astero Digital may process personal data on behalf of the customer. In those circumstances, the customer is generally the controller and Astero Digital acts as a processor or sub-processor, depending on the arrangement.

If you are an end user of a website operated by one of our customers, and your data has been submitted to that customer through our platform, you should contact that customer directly in the first instance regarding your privacy rights.

7. Recipients of Personal Data

We may disclose personal data to the following categories of recipients where necessary:

  • payment processors, including Stripe;
  • hosting, cloud storage, and infrastructure providers;
  • analytics and advertising providers, including Google, Meta, and Microsoft;
  • email, CRM, customer support, helpdesk, and chat providers;
  • AI service providers and technical integration partners;
  • professional advisers, auditors, insurers, accountants, and legal counsel;
  • regulators, courts, law enforcement, and competent authorities where required by law;
  • actual or proposed purchasers, investors, or advisers in connection with a merger, acquisition, financing, or asset transfer, subject to appropriate confidentiality safeguards.

We do not sell personal data in the ordinary meaning of that term.

8. International Transfers

We serve customers internationally and may use service providers located in jurisdictions outside the UK. Accordingly, personal data may be transferred to and processed in countries that do not provide the same level of legal protection as the UK.

Where we transfer personal data outside the UK, we will take steps to ensure that appropriate safeguards are in place as required by applicable law. These safeguards may include:

  • adequacy regulations;
  • the UK International Data Transfer Agreement;
  • the UK Addendum to the EU Standard Contractual Clauses;
  • other lawful transfer mechanisms recognised under applicable law.

You may contact us for further information about the safeguards used for relevant transfers, where applicable.

9. Data Retention

We retain personal data only for as long as necessary for the purposes for which it was collected, including for the purposes of satisfying legal, regulatory, tax, accounting, reporting, security, and contractual requirements.

Retention periods may vary according to the nature of the data and the purpose of processing. In determining retention periods, we take into account:

  • the volume, nature, and sensitivity of the data;
  • the potential risk of harm from unauthorised use or disclosure;
  • the purposes for which we process the data and whether those purposes can be achieved by other means;
  • applicable legal and regulatory requirements.

Where personal data is no longer required, we will delete or anonymise it where reasonably practicable.

10. Data Security

We implement appropriate technical and organisational measures designed to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or unauthorised access.

Such measures may include access controls, encryption, authentication controls, secure hosting arrangements, logging, monitoring, and internal access restrictions. However, no transmission over the internet and no method of electronic storage is completely secure. We therefore cannot guarantee absolute security.

11. Cookies and Similar Technologies

11.1 Use of cookies

We use cookies and similar technologies, including pixels, tags, scripts, local storage, and analytics identifiers, on our website and Services.

Cookies are small text files placed on your device when you visit a website. Some cookies are necessary for the operation of the website, while others help us understand usage, remember preferences, deliver advertising, and improve performance.

11.2 Categories of cookies

We may use the following categories of cookies and similar technologies:

Strictly necessary cookies

These are required for the operation, security, and core functionality of the website and Services, such as authentication, session management, load balancing, and fraud prevention. These cookies do not usually require consent under PECR.

Preference and functionality cookies

These enable the website or Services to remember your choices, settings, and preferences.

Analytics cookies

These help us analyse traffic, understand how users interact with our website and platform, and improve performance. This may include technologies provided by Google Analytics and Microsoft Clarity.

Advertising and targeting cookies

These may be used to measure campaigns, build audiences, and deliver or evaluate advertising through services such as Meta and similar partners.

11.3 Legal basis for cookies

Where cookies are strictly necessary for the provision of the website or Services, we rely on our legitimate interests and the PECR exemption for necessary technologies.

Where cookies are not strictly necessary, we will seek your consent before placing them on your device, in accordance with PECR and, where applicable, the UK GDPR.

11.4 Managing cookies

You may be able to manage your cookie preferences through our cookie banner or settings tool, where available, and through your browser settings. Disabling certain cookies may affect the functionality or availability of parts of the Services.

11.5 Third-party technologies

Some cookies and similar technologies may be placed by third-party service providers. Those third parties may process personal data in accordance with their own privacy notices. We recommend that you review their policies where relevant.

12. Marketing Communications

Where permitted by law, we may send you marketing communications about our Services, offers, updates, and related content.

Where consent is required, we will rely on your consent. Where consent is not required, we may send marketing communications on the basis of our legitimate interests, subject always to your right to object.

You may opt out of marketing communications at any time by:

  • clicking the unsubscribe link in a marketing email; or
  • contacting us at contact@astero.in.

Opting out of marketing communications does not affect service or transactional communications that are necessary for account administration, billing, support, or legal compliance.

13. Data Subject Rights

Subject to applicable law, you may have the following rights in relation to your personal data.

13.1 Right of access

You have the right to obtain confirmation as to whether we process your personal data and, where that is the case, to request access to that personal data and related information.

13.2 Right to rectification

You have the right to request that inaccurate personal data be corrected and incomplete personal data be completed.

13.3 Right to erasure

You have the right, in certain circumstances, to request deletion of your personal data.

13.4 Right to restrict processing

You have the right, in certain circumstances, to request that we restrict the processing of your personal data.

13.5 Right to data portability

Where the legal conditions are met, you have the right to receive certain personal data in a structured, commonly used, and machine-readable format and to request its transmission to another controller where technically feasible.

13.6 Right to object

You have the right to object, on grounds relating to your particular situation, to processing based on legitimate interests. You also have the absolute right to object to the processing of your personal data for direct marketing purposes.

13.7 Right to withdraw consent

Where we rely on consent, you have the right to withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out before withdrawal.

13.8 Rights related to automated decision-making

You may have rights in relation to decisions based solely on automated processing, including profiling, where such decisions produce legal effects or similarly significant effects. If we engage in such processing in a manner that triggers these rights, we will provide appropriate information as required by law.

13.9 Exercising your rights

To exercise your rights, please contact us at contact@astero.in.

We may request information necessary to verify your identity before responding to your request. We will respond in accordance with applicable law. In some circumstances, rights may be limited or subject to exemptions.

14. Complaints

If you have concerns about how we process your personal data, we ask that you contact us first so that we may try to resolve the matter.

If you are in the UK, you also have the right to lodge a complaint with the Information Commissioner’s Office (“ICO”):

Information Commissioner’s Office
Website: ico.org.uk

If you are located outside the UK, you may have the right to complain to the supervisory authority in your country or region.

15. Third-Party Websites and Services

Our Services may contain links to third-party websites, products, or services. We do not control and are not responsible for the privacy practices of those third parties. You should review their privacy notices before providing them with personal data.

16. Children’s Data

Our Services are not directed to children under the age of 18, and we do not knowingly collect personal data from children. If we become aware that personal data relating to a child has been collected without appropriate authorisation, we will take reasonable steps to delete it.

17. Changes to This Privacy Policy

We may amend this Privacy Policy from time to time to reflect changes in law, regulation, business practices, technologies, or the Services. Any updated version will be posted on this page together with a revised effective date.

Where required by law, we will take appropriate steps to notify users of material changes.

18. Contact Details

If you have any questions about this Privacy Policy or wish to exercise your rights, please contact:

Astero Digital Ltd
71-75 Shelton Street, Covent Garden, London, WC2H 9JQ
Email: contact@astero.in
Website: astero.in