Legal

Privacy Policy

Last Updated: January 15, 2026

This Privacy Policy explains how Astral Trading, Inc. (“Astral,” “we,” “us,” or “our”) collects, uses, shares, and retains information when you access or use our websites, applications, and related products and services (collectively, the “Services”). This Privacy Policy is incorporated by reference into Astral’s Terms of Service. If there is a conflict between this Privacy Policy and the Terms of Service regarding privacy, this Privacy Policy controls as to privacy practices.

If you do not agree with this Privacy Policy, do not use the Services.

U.S.-Only Services. The Services are offered and intended for use only within the United States. We do not direct the Services to individuals located outside the United States, and we do not intend to offer the Services outside the United States at this time. If you are located outside the United States, do not access or use the Services.

1. Scope and Definitions

1.1 Scope

This Privacy Policy applies to information we process in connection with the Services, including information collected through our website(s), web application(s), mobile experiences (if any), and support channels.

1.2 Definitions

  • Personal Data (or Personal Information) means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked with an identified or identifiable individual or household, as defined under applicable law.
  • Sensitive Personal Information has the meaning given under applicable law (including California law), and generally includes certain categories of information that are subject to additional protections.
  • De-Identified Data means data processed so it cannot reasonably be used to identify an individual, consistent with applicable law and commercially reasonable practices.
  • Processing means any operation performed on data (e.g., collection, storage, use, disclosure, analysis, deletion).

2. Children’s Privacy; Age Requirement

The Services are not directed to children. You must be at least 18 years old (or the age of majority in your jurisdiction) to use the Services. We do not knowingly collect Personal Data from anyone under 18 (or under the age of majority in their jurisdiction).

If you believe that a minor has provided us Personal Data, please contact us at legal@heyastral.ai. We will take reasonable steps to investigate and, where appropriate, delete such Personal Data and terminate the associated account.

3. Information We Collect

We collect information from (a) information you provide, (b) information collected automatically when you use the Services, and (c) information from third parties you choose to connect.

3.1 Information You Provide Directly

Depending on how you use the Services, you may provide:

  • Account and profile data (e.g., name, username, email, phone number, preferences, notification settings)
  • User Content (e.g., strategies, prompts, watchlists, notes, uploads, feedback, and other content you submit)
  • Communications (e.g., messages to support, surveys, bug reports, customer service interactions)
  • Any other information you choose to provide in connection with your use of the Services

3.2 Information We Collect Automatically

When you use the Services, we (and our service providers) may automatically collect:

  • Identifiers and device/network data (e.g., IP address, device identifiers, cookie IDs, browser type, operating system, language, timezone, carrier, approximate location derived from IP)
  • Usage and telemetry data (e.g., pages/screens visited, time spent, click paths, feature usage events, in-app interactions, session metadata such as timestamps and session duration)
  • Diagnostics and security data (e.g., crash logs, performance metrics, error reports, fraud/abuse signals, log files, access times)

3.3 Cookies, SDKs, and Similar Technologies

We may use cookies, pixels, SDKs, local storage, and similar technologies for purposes such as:

  • Authenticate users and maintain sessions
  • Remember preferences
  • Perform analytics and measurement
  • Prevent fraud and maintain security

If and when we enable advertising or marketing measurement technologies that trigger additional legal notice/choice obligations, we will update this Privacy Policy and provide any required notices and choices.

3.4 Strategy and Product Analytics Data

We may collect and generate data about how the Services are used and how features perform, including:

  • Feature usage metrics
  • User retention and engagement statistics
  • Strategy creation counts (aggregate)
  • Indicator usage patterns (aggregate)

3.5 AI Interaction Data; Prompts, Inputs, Outputs, and Token Metrics

If you use AI Features, we may process and store:

  • Inputs you provide (including prompts, context, instructions, and strategy parameters)
  • Outputs generated by the Services
  • Interaction signals (e.g., ratings, corrections, accept/reject events, follow-on edits)
  • Safety and quality signals (e.g., detected abuse patterns, policy enforcement events)

Separately, we may collect information such as token counts and similar usage measurements related to AI Features. Token counts are quantitative usage metrics (e.g., counts, rates, or limits) and are distinct from the substantive text of your prompts or outputs. Token counts may be stored and analyzed in De-Identified and/or aggregated form for analytics, capacity planning, product improvement, and billing (if applicable).

3.6 Brokerage Connectivity / Integrations

If you choose to connect third-party services (including brokerage connectivity providers or execution-related services), we may receive and process data as authorized by you and the integration permissions you grant. We may also generate technical telemetry about the connection (e.g., connection status, connection usage, and aggregate latency/lag metrics) to operate, secure, and improve the integration experience.

3.7 Derived and Inferred Data

We may derive or infer information from the above categories (e.g., likely feature interests, estimated sophistication level, churn propensity) to personalize and improve the Services, as well as for other related purposes subject to applicable law and any required opt-outs.

4. How We Use Information

We may use information we collect for the following business and operational purposes such as:

  • Providing, operating, maintaining, and securing the Services (including authentication, account administration, support, and troubleshooting)
  • Personalizing content and user experience (e.g., preferences, layouts, feature suggestions)
  • Developing, testing, improving, and optimizing the Services and AI Features (including analytics, product improvement, model evaluation, tuning, and safety)
  • Measuring usage, performance, and reliability (e.g., debugging, crash analysis, latency and availability monitoring)
  • Preventing fraud, abuse, unauthorized access, and other harmful activity
  • Communicating with you (e.g., service-related notices, responses to support requests, updates)
  • Conducting research and analytics using De-Identified Data and aggregated metrics
  • Complying with legal obligations and enforce our Terms of Service

5. AI Training / Improvement and User Content

5.1 Use of User Content for Service Operation and Improvement

Consistent with our Terms of Service, we may process User Content (including AI Inputs and Outputs) to provide the Services and to develop, improve, and test the Services and AI Features, unless prohibited by law or restricted by settings we provide.

5.2 De-Identified and Aggregated Use

We may create and use De-Identified Data derived from User Content and your use of the Services for analytics, benchmarking, research, safety, and product improvement. We do not attempt to re-identify De-Identified Data except as permitted by law (for example, to test de-identification safeguards).

5.3 Strategy Content Commitments

We will not sell your identifiable strategy content to third parties. We will not use your identifiable strategy content to operate, seed, or manage a fund, ETF, or proprietary trading system without your explicit consent. We may use De-Identified Data and aggregated analytics derived from strategy usage and performance as described in this Privacy Policy and the Terms of Service.

6. How We Share Information

6.1 Service Providers and Processors

We share information with vendors and service providers that help us operate the Services (e.g., hosting, analytics, customer support, communications, security monitoring, infrastructure, error tracking). These parties are authorized to process information on our behalf consistent with this Privacy Policy.

6.2 Integrations You Enable

If you choose to connect third-party services, we will share and receive information with those services as necessary to provide the integration, consistent with your permissions and instructions.

6.3 Legal, Safety, and Compliance

We may disclose information to comply with law, respond to lawful requests, protect our rights, protect users, investigate fraud or security issues, and enforce our agreements.

6.4 Business Transfers

If we are involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, information may be disclosed and transferred as part of that transaction, subject to customary confidentiality protections.

7. Your Choices and Privacy Rights

Your choices and rights depend on your location and applicable law.

7.1 Account Controls

You may be able to access and update certain information through your account settings (e.g., profile details, notification preferences).

7.2 Cookies and Similar Technologies

Where required, we provide cookie consent controls. You can also manage cookies through your browser settings. Note that disabling certain cookies may affect functionality.

7.3 Marketing Communications

If we send marketing emails, you can opt out by using the unsubscribe link in those messages. We may still send non-promotional service communications (e.g., security or transactional notices).

8. Data Retention

We retain information for as long as reasonably necessary for purposes such as:

  • Providing and operate the Services
  • Maintaining security and prevent fraud
  • Complying with legal obligations
  • Resolving disputes and enforce agreements
  • Supporting legitimate business purposes (e.g., auditing, analytics, product improvement)

Retention periods vary depending on the nature of the data, your settings, and legal requirements. We may retain De-Identified Data for longer periods where permitted by law.

9. Security; Cybersecurity Practices

We implement reasonable administrative, technical, and organizational measures designed to protect information from unauthorized access, disclosure, alteration, and destruction. These measures are designed to include, as appropriate: access controls, encryption in transit, secure key/token handling, logging and monitoring, backups, and measures to detect and prevent abuse and fraud.

We also reserve the right to monitor, log, and analyze activity on the Services for security, fraud prevention, troubleshooting, compliance, and operational integrity.

However, no security measure is perfect, and we cannot guarantee absolute security.

10. International Data Transfers; Non-U.S. Access

Astral is based in the United States, and the Services are intended for use only in the United States. We primarily process information in the United States. However, we may use service providers that process information in other jurisdictions (for example, cloud hosting, customer support, analytics, or security providers). Where information is processed outside the United States, we take reasonable steps to implement safeguards appropriate to the transfer and as required by applicable law.

If you access the Services from outside the United States (for example, while traveling or through a VPN), you understand that (a) your information will be processed as described in this Privacy Policy, (b) such access may be restricted or terminated, and (c) Astral does not represent that the Services or this Privacy Policy are designed to meet non-U.S. legal requirements.

11. Contact Us

Astral Trading, Inc.

Principal office: 13300 Query Mill Road, North Potomac, MD 20878

Email: legal@heyastral.ai

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we will provide notice by updating the “Last Updated” date and/or through the Services as otherwise as required by law. Your continued use of the Services after changes become effective constitutes acceptance of the updated Privacy Policy.