Privacy Policy.
Asthra AI is committed to protecting your personal data and ensuring transparency in how your information is collected, used, and safeguarded. This Privacy Policy explains how we handle your data when you use our website and AI-powered writing services. By using Asthra AI, you agree to the practices described here.
Introduction
We understand that when you use our services, you trust us with your information. We take this responsibility seriously and implement appropriate safeguards to protect your data.
Information we collect
We collect only the information necessary to provide and improve our services.
Personal information
- Name
- Email address
Client-provided content (source documents)
- Documents, text, prompts, or files uploaded by users for AI-assisted drafting
- These may include business, operational, or client-specific information
Usage and technical data
- IP address
- Browser and device information
- Pages visited and interaction data
Categories of personal data and processing activities
| Category of data | Purpose of processing |
|---|---|
| Name, Email | Account creation and communication |
| Source Documents / Uploaded Content | AI-based drafting and content generation |
| Usage Data | Service improvement, analytics, and security monitoring |
How we collect your data
We collect data when you:
- Register or use our platform
- Upload documents or input data for processing
- Contact us for support
We do not collect data from third-party sources without your knowledge.
Lawful basis for processing
We process personal data based on:
- Consent — when you voluntarily provide inputs or documents
- Contractual necessity — to deliver the services you request
- Legitimate interests — to improve service performance, ensure security, and prevent misuse
You may withdraw consent at any time.
How we use your data
We use your data to:
- Provide and operate the Asthra AI platform
- Process uploaded documents to generate AI-assisted drafts
- Manage your account and service experience
- Send service-related notifications and updates
- Improve system performance and reliability
AI processing and data usage
Asthra AI processes user-provided documents in a secure and controlled environment:
- All data is transmitted using secure HTTPS encryption
- Uploaded documents are processed only during the active session
- Content is not permanently stored, unless explicitly required for a feature
- Content is not accessed or reviewed by humans
- Content is not used for AI model training, unless explicitly disclosed
Users are responsible for ensuring they have the necessary rights and permissions to upload any documents.
Microsoft Word add-in data handling
When you use Asthra Writer AI as a Microsoft Word add-in, the following data handling applies:
- The add-in uses the Microsoft Office.js APIs to read and write content within the active Word document. Only content you explicitly select or generate is read or modified.
- Document content is transmitted over HTTPS to the Asthra backend (AWS US-East, Virginia) for processing.
- Document content is processed only during the active session. It is not retained beyond the session unless a feature explicitly requires it (such as the immutable transaction ledger embedded in the output document).
- Document content is never used to train AI models.
- Asthra personnel do not access or review document content in the normal course of operating the Service. Access for support purposes requires an explicit, customer-approved support ticket.
- The add-in does not access your Microsoft 365 mailbox, calendar, OneDrive files, or any other Microsoft service beyond the active Word document.
- The add-in does not collect Microsoft user account information. Authentication to the Asthra service uses Asthra credentials, not your Microsoft 365 identity.
Sensitive personal data
Asthra AI does not intentionally collect sensitive personal data, such as:
- Financial details
- Health information
- Government identification numbers
Users should avoid uploading sensitive personal data unless necessary and permitted.
Data sharing
We may share limited data with trusted service providers, including:
- Cloud hosting providers (AWS — Virginia region)
- PostHog Inc. — product analytics for this website. Pageviews, click events, scroll depth, and (when you fill a form) email address. Hosted in the EU. Data Processing Addendum.
- HubSpot Inc. — customer relationship management for our contact and whitepaper-companion forms. Form fields, page-visit attribution for filled-form contacts, and reverse-IP company-level lookups via the HubSpot Prospects feature. Hosted in the United States under Standard Contractual Clauses. Data Processing Addendum.
- Anthropic PBC — large language model processing for AI-generated drafts. Customer content sent to Anthropic is not retained beyond the request and is not used to train models, per Anthropic's commercial terms.
All partners are required to handle data securely and only for specified purposes.
International data transfers
Your data may be processed and stored in the United States (AWS — Virginia region) or the European Union (PostHog — Frankfurt region). We ensure that appropriate safeguards are in place to protect your data in accordance with applicable data protection laws, including Standard Contractual Clauses for transfers to the United States.
Data storage and retention
- Personal data is retained only as long as necessary to provide services
- Data is deleted within a reasonable period (typically within one month after service termination)
- Uploaded documents are not retained beyond the active session
Data breach notification
In the event of a data breach:
- We will investigate and contain the issue promptly
- Affected users will be notified without undue delay, where required
- Corrective measures will be implemented to prevent recurrence
Cookies and session management
We use a small number of cookies and similar browser-storage mechanisms to:
- Maintain user sessions and ensure site functionality (essential)
- Measure how visitors use the site so we can improve it — pages viewed, scroll depth, form interactions. Set by PostHog (EU-hosted analytics) and HubSpot (forms + contact attribution).
- Identify the company behind business IPs that visit our website (HubSpot Prospects). This is firmographic — the company name only, not the individual visitor.
Analytics and attribution cookies are not used to build advertising profiles or sold to third parties. We do not run third-party advertising trackers.
You can disable analytics cookies via your browser settings, by using browser-level Do Not Track / Global Privacy Control signals, or by emailing info@asthra-writer.ai to request removal of any data we hold about you.
Your data protection rights
You have the right to:
- Access your personal data
- Correct inaccurate or incomplete data
- Request deletion of your data
- Restrict processing of your data
- Object to processing
We respond to requests within one month.
Consent management
We provide full transparency and control over consent:
- Consent collection — clearly obtained before processing
- Consent storage — maintained securely
- Consent use — limited to defined purposes
- Consent modification — users can update preferences
- Consent withdrawal — users can withdraw consent at any time
- Consent restriction — processing can be limited upon request
Children's privacy
Asthra AI is not intended for individuals under 18 years of age (or under 16 where local data protection law applies a lower threshold, such as the EU under GDPR). We do not knowingly collect data from children. If such data is identified, it will be deleted promptly. Where required, parental consent must be obtained.
Geographic scope of data processing
Asthra AI is accessible globally. Users from different countries may use the platform, and data may be processed in regions where our infrastructure operates.
Third-party links
Our website may contain links to external websites. This Privacy Policy applies only to Asthra AI.
Data Protection Officer (DPO)
Name: P Guruprasad
Email: guru@asthra-writer.ai
Responsibilities
- Monitor compliance with data protection laws
- Conduct audits and risk assessments
- Oversee data processing practices
- Act as a contact point for data subjects
- Promote awareness of data protection practices
Changes to this Privacy Policy
We may update this Privacy Policy from time to time. Updates will be reflected on this page with a revised effective date.
Contact us
For questions or requests:
Email: guru@asthra-writer.ai
Website: https://www.asthra-writer.ai
Complaints
If you believe your data has not been handled appropriately, you may contact your local data protection authority.
Enforcement and compliance
We maintain internal controls, monitoring systems, and periodic reviews to ensure compliance with this Privacy Policy and applicable data protection regulations.