Privacy policy

1. Information We Collect From You

The types of information we collect about you depend on your use of our products, services, and the ways that you interact with us.

The personal information we collect can include the following:

• Contact details such as your name, email address, mailing address, contact telephone numbers.
• Payment information to process payments, such as your payment instrument number (such as a credit card number) and the security code associated with your payment instrument.
• Account history information related to the products or services you purchase, and the activities associated with your account.
• Cookie and tracking information such as IP address, device identifier, browser type and other unique identifiers that may uniquely identify your device, system or browser.
• Troubleshooting and help information when you contact ASTRAVUE to make a purchase or for technical support or customer support services, phone conversations, or chat sessions with our representatives which may be monitored and recorded.
• Feedback and rating information you provide to us such as customer survey feedback and product reviews you write.

Hosted Data

Some of our Services include processing data on behalf of our customers in relation to applications, tools or software that we provide (“Hosted Data”). Save for the limited circumstances set out in this Notice, we are not the data controller of this Hosted Data as we do not determine the purposes or the means of the processing. If you believe your Personal Data is being processed by us in this way, you should refer to the privacy notice of the data controller on whose behalf we are acting. 

2. How We Use And Share Your Information?

We use and share your information to:

• Deliver and maintain our products and services.
• Establish and maintain your account.
• Measure credit and payment risk.
• Provide account related services and information.
• Help you with customer service and technical support issues or questions.
• Help us improve and personalize our products and services.
• Authenticate you.
• Detecting and preventing fraud.
• Manage and protect our networks, services, and customers.

3. Third-Party Use Of Cookies And Other Tracking

We may use technologies, such as cookies and other tracking technology, to customize content and advertising, to provide social media features and to analyze traffic to the Website.

Analytics and Monitoring Tools

• We may use analytics tools and other third-party technologies, such as Google Analytics, to collect non-personal information in the form of various usage and user metrics when you use the Website. These tools and technologies collect and analyze certain types of information, including cookies, IP addresses, device and software identifiers, referring and exit URLs, onsite behavior and usage information, feature use metrics and statistics, usage and purchase history, MAC Address, mobile unique device ID, and other similar information.

Third-Party Services

• AWS Services: We integrate with the following Amazon Web Services (AWS) for our infrastructure needs:
• EC2 (Elastic Compute Cloud): Provides scalable computing capacity in the cloud.
• SES (Simple Email Service): A cloud-based email sending service.
• S3 (Simple Storage Service): Provides scalable object storage for data backup, archiving, and analytics.
• OAuth APIs: We use OAuth APIs from Google and Microsoft to facilitate Single Sign-On (SSO) and to extract basic user information. This ensures a seamless and secure login experience for our users.
• New Relic: For application performance monitoring, we use New Relic. This tool helps us monitor and optimize the performance of our application, ensuring it runs smoothly and efficiently.

To improve the responsiveness of the Website for our users, we may use Cookies, or similar electronic tools to collect information to assign each visitor a unique, random number as a User Identification (User ID) to understand the user’s individual interests using the identified computer. Unless you voluntarily identify yourself (through registration, for example), we will have no way of knowing who you are, even if we assign a cookie to your computer. The only personal information a cookie can contain is information you supply. A cookie cannot read data off your hard drive.

Our advertisers may also assign their own cookies to your browser (if you click on their ads), a process that we do not control. We receive and store certain types of information whenever you interact with us via the website.

Types of cookies
Name of Cookie	Purpose of Cookie
Session cookies	Maintain user session state
httpOnly cookies	Improve website security
Secure cookies	Enhance data encryption

Your Choice In Information Use

• Opt out of non-essential electronic communications: You may opt out of receiving newsletters and other non-essential messages by using the ‘unsubscribe’ function included in all such messages. However, you will continue to receive essential notices and emails such as account notification emails (password change, renewal reminders, etc.), security incident alerts, security and privacy update notifications, and essential transactional and payment related emails.
• Disable cookies: You can disable browser cookies before visiting our websites. However, if you do so, you may not be able to use certain features of the websites properly.
• Optional information: You can choose not to provide optional profile information such as your photo. You can also delete or change your optional profile information. You can always choose not to fill in non-mandatory fields when you submit any form linked to our website.

4. How We Use Your Information

We use information that we collect about you or that you provide to us, including any personal

• To present our website and its contents to you.
• To fulfill any other purpose for which you provide it.
• To carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collection.
• To notify you about changes to our Website or any products or services we offer or provide through it.
• To contact you about our own services that may be of interest to you.
• In any other way we may describe when you provide the information.
• For any other purpose with your consent.
• To send notifications related to task and project completion.
• To provide reminders for upcoming deadlines and important milestones
• To ensure appropriate permissions and access levels for different users.
• To generate reports and insights for better decision-making and strategy development.

5. How We Share Your Data

• Employees and Independent Contractors: We may provide access to your service data to our employees and individuals who are independent contractors of the Astravue group entities involved in providing the services (collectively our “employees”) so that they can (i) identify, analyze, and resolve errors, (ii) manually verify emails reported as spam to improve spam detection, or (iii) manually verify scanned images that you submit to us to verify the accuracy of optical character recognition. We ensure that access by our employees to your service data is restricted to specific individuals and is logged and audited. Our employees will also have access to data that you knowingly share with us for technical support or to import data into our products or services. We communicate our privacy and security guidelines to our employees and strictly enforce privacy safeguards within the Astravue group.
• Third-Party Integrations You Have Enabled: Most of our products and services support integrations with third-party products and services. If you choose to enable any third-party integrations, you may be allowing the third party to access your service data and personal information about you. We encourage you to review the privacy practices of the third-party services and products before you enable integration with them. Please see clause 3 for detailed understanding about Third Party services and its integration.

6. Legal Basis Of Processing Personal Data 

UK, United States and EEA Region: -

• Contractual Performance: We process data to fulfill contractual obligations with data subjects.
• Legitimate Interests: We process data for legitimate business interests without overriding data protection rights. -
• Consent: Data processing is based on explicit consent for specific purposes, and individuals can withdraw consent at any time.
• Legal Obligations: We collect and process data to comply with legal requirements in the UK, US, and EEA.

India:

• Consent: Data processing is based on explicit consent provided by the Data Principal. The Consent must be freely given, unconditional, specific, informed, and unambiguous indication of the Data Principal's wishes by which he or she agrees to the processing of personal data relating to him or her.
• Personal data may only be processed by a person in accordance with the provisions of this policy and the applicable Rules for a lawful purpose for which the data principal has given or is deemed to have given consent.
• "Lawful purpose" refers to any purpose that is not expressly forbidden by law.
• Prior to requesting consent from a data principal, a data fiduciary must provide detailed notice in simple and clear language, including a description of the personal data to be collected and the purpose of processing such data.
• The policy also specifies certain grounds for processing personal data, such as public interest, fraud prevention, network and information security, credit scoring, and debt recovery.

Consent and its withdrawal:

• Obtaining Consent: We prioritize obtaining free, informed, specific, and withdrawable consent from data subjects before processing their personal data.
• Notice Before Consent: Detailed notice in clear and plain language, including a description of the personal data and processing purpose, must be provided before obtaining consent.
• Withdrawal of Consent: Data subjects have the right to withdraw their consent at any time, and such withdrawal does not affect the lawfulness of prior processing based on consent.
• Ease of Withdrawal: The process of withdrawing consent should be as simple as giving consent, enabling individuals to have control over their personal information.
• Special Categories of Data (if applicable in India): This policy acknowledges the significance of safeguarding sensitive personal data and establishes additional measures for its processing. "Sensitive personal data" is defined in this policy and the processing of such data is only allowed with explicit consent and must be stored separately. We recognize the need for enhanced protection of certain categories of personal information and provide specific provisions to ensure privacy rights are upheld.

7. Data Subject/Data Principal Rights

Data principals have the following rights under the Digital Personal Data Protection Act, 2023 (DPDPA):

• Right to Be Informed: To be informed about the processing of their personal data.
• Right of Access: To access their personal data.
• Right to Correction: To have their personal data corrected if it is inaccurate or incomplete.
• Right to Update: To have their personal data updated.
• Right to Erasure: To have their personal data erased.
• Right to Nominate: To nominate another person to exercise their data privacy rights.
• Right to Submit Grievances: To submit a grievance to the Data Fiduciary. Data principals can exercise their rights by the methods prescribed by the data fiduciaries. Once submitted, the data fiduciary must honor the request.

Exercising Your Rights

• As mentioned under Clause7 the Data Subjects are granted a specific set of Rights and the same can be invoked through Data Subject Request procedures set in place.
• For any requests to exercise your data protection rights, please contact us using the details provided in Clause 14 of our privacy policy.
• Upon receiving such a request, we ensure to take relevant steps to satisfy the request and close them within a reasonable timeline or as mentioned under the DPDPB or any other relevant laws and/or any other notification/gazette released under such law or as per other data privacy legislations and regulations.
• We respond to all requests from individuals wishing to exercise their data protection rights within a reasonable timeframe, in accordance with applicable data protection laws. We can only process requests after verifying your identity, which may involve requesting further information from you.

8. Children's Personal Information

Our products and services are not intended for children under 16 years of age in the EU, US, and UK, and under 18 years of age in India. We don't knowingly collect personal information from children under these ages. If we become aware of a child providing us with personal information, we will delete it. If you believe a child has provided personal information to us, please contact us at [contact information] with the details, and we will take the necessary steps to delete the information we hold about that child. While our products are not intended for use by children, there may be instances where users of our products collect information about children. If you process information relating to children, you acknowledge and agree that you are responsible for complying with all applicable laws and regulations regarding the protection of such personal information. Our sites are not directed to children under the specified ages, and we do not knowingly collect personally identifiable information from children or distribute such information to third parties. If we become aware that we have inadvertently received personally identifiable information from a child under the specified age, we will delete such information from our records. If our practices change in the future, we will obtain prior, verifiable parental consent before collecting any personally identifiable information from children. The company ensures the use of procedures/tools for age verification of anyone who fills in information on the site.(especially data principals from India )

9. Data Security And Confidentiality

• Implementation of Security Safeguards the Company has implemented comprehensive and reasonable security safeguards to prevent Data Breaches or any damage to the collected Data. These security safeguards encompass appropriate technical and organizational measures to ensure effective adherence to the provisions of the GDPR, CCPA, Digital Personal Data Protection Act 2023, and other relevant data privacy legislation and regulations. This includes, but is not limited to access controls, encryption, regular security assessments, and staff training on data security best practices.

Measures To Ensure The Security Of Customer Data During Transmission

•  Encryption of Data in Transit- We use SSL/TLS encryption to ensure the security of customer data during transmission. This means that any data sent between your browser and our servers is encrypted, protecting it from interception and unauthorized access.

Hashing of Passwords

We hash user passwords using the BCrypt algorithm. This robust hashing mechanism ensures that even if our database were to be compromised, user passwords would remain secure and protected

• We utilize SSL encryption, which provides a secure connection between the data subject's device and our systems. This encryption protocol helps protect the confidentiality and integrity of data during transmission and is a fundamental aspect of our commitment to maintaining data security and privacy.

10. Cross-Border Data Transfers

• Server Location and Data Processing Our Service is operated and managed on servers located within India and the United States. If you choose to use our Service from Europe, the UK, or other regions with differing data protection laws, you acknowledge that we will transfer, store, and process your personal information in India or the United States for the purpose of performing the Service according to our contract (e.g., our Terms of Service) and for any other purpose for which you provide explicit, informed consent. When Astravue processes Personal Data outside India, the US, the UK, or the European Economic Area (EEA), we ensure that the recipient of your Personal Data offers an adequate level of protection. This is achieved through measures such as entering into standard contractual clauses for the transfer of Personal Data as approved by the European Commission (Article 46 of the General Data Protection Regulation, 2016) or under Section 7 and 16 of the Digital personal Data Protection Act 2023 or obtaining your prior consent for such international data transfers and adhering to the applicable data protection laws.
• Data Transfers for UK and EEA Residents -If you are a resident of the UK or the EEA and your Personal Data is processed outside these regions, Astravue will ensure that the recipient of your Personal Data offers an adequate level of protection. This can include entering into standard contractual clauses approved by the European Commission or obtaining your explicit consent prior to the transfer. Astravue is committed to ensuring the privacy and protection of your Personal Data, regardless of where it is processed or stored. We implement appropriate safeguards and security measures to protect your data in compliance with applicable data protection laws and regulations.

11. Retention Of Information

We keep your personal information as long as needed for the purposes in this Privacy Policy and may do so for longer as allowed or required by law. We use effective measures for anonymization and retain deleted resources for up to 14 days before permanent deletion from the database. When a user is removed, their data is kept for 30 days before permanent deletion from our database.

12. Data Subjects/Data Principal Complaints

Data Subject Requests and Complaints: Data subjects have specific rights as outlined in Clause 7, which includes access, rectification, deletion, and objection to the processing of their personal data. To invoke any of these rights, data subjects must submit a request via email or post using the contact details provided under Clause 14 of this policy.

Upon receiving a request, we promptly take necessary actions to fulfill it within a reasonable timeframe in accordance with applicable data protection laws and regulations.

13. Data Subjects/Data Principal Complaints

We may update our privacy policy occasionally. We will notify you by posting the new policy on this page and through banners on our website. Before any change becomes effective, we will inform you via email and/or a noticeable notice on our service and update the "Last updated" date at the top of this privacy policy. You are advised to periodically review this privacy policy for any changes, as they become effective when posted on this page and communicated through website banners.

14. Contact Information

How to Contact Us

By email: security@astravue.com

Website: https://astravue.com/contact.html

Phone number: +919840486212

Address: Astravue Technologies Private Limited, Flat C,Plot No:110 AGS Colony, 2nd Avenue, 3rd Phase, Mugalivakkam, Chennai - 600125

DATA PROTECTION OFFICER - Rameshkumar R