Privacy Policy

Last updated December 2025

1. Introduction

Astro is built with a simple philosophy: keep your money data private, secure, and in your control. This Privacy Policy explains what we collect, what we do not collect, and how your information is used.

2. Data We Store Locally

By default, all your financial data stays on your device. This includes:

  • Transactions
  • Categories & custom categories
  • Subscription entries
  • Account balances
  • App preferences & settings

Astro cannot access or view this data.

3. Optional Daily Cloud Backups

If you subscribe to daily cloud backups, Astro exports your local data, encrypts it on your device, and uploads the encrypted file to Supabase Storage (Singapore region).

Astro cannot decrypt your backup data.

4. Google Login Information

When you log in using Google, we store:

  • Google user ID
  • Email address
  • Name (if available)
  • Profile picture URL (if available)

This data is used only to manage your Astro account and enable backups. We do not access contacts, Drive files, calendar data, or location.

5. Login Metadata (IP & User-Agent)

To prevent abuse, fraud, and unauthorized access, we store limited metadata when you log in or perform sensitive actions:

  • IP address (stored in inet format)
  • User-Agent string (device + browser)

This data is used strictly for security and rate limiting. Astro does not use this data for analytics, advertising, or tracking.

6. Website Email Collection

When you enter your email on the Astro website, we store:

  • Email address
  • IP address
  • User-Agent

This is used only for sending launch updates and preventing abuse. You may unsubscribe at any time.

7. Data We Do Not Collect

  • No bank credentials
  • No SMS data
  • No financial identifiers
  • No ads or tracking identifiers
  • No location data
  • No contacts or files

8. Data Retention

  • Local app data: remains on your device until you delete the app
  • Cloud backups: stored until deleted or subscription expires
  • Waitlist emails: stored until you unsubscribe
  • Login metadata: retained only for security purposes

9. GDPR & DPDP Compliance

Astro follows global privacy standards including:

  • GDPR (Europe)
  • UK GDPR
  • DPDP Act (India)

You may request access, deletion, correction, or export of your data at any time.

10. Third Parties

Astro uses a minimal set of third-party services:

  • Supabase (encrypted backup storage)
  • Google Play Billing
  • Google OAuth

We do not sell or share your data with advertisers.

11. Your Rights

  • Access your data
  • Request deletion
  • Request correction
  • Export your data

12. Contact

For privacy, data requests, or support:
astrocares@proton.me