Privacy Policy

Last Updated: December 8, 2025

At ASTIA, we are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your data when you use our platform.

1. Information We Collect

1.1 Account Information

When you create an account, we collect:

• Email address
• Password (encrypted)
• Name (if provided)
• Profile information from Google OAuth (if used)

1.2 Instagram Account Data

When you link your Instagram account, we access:

• Instagram username and profile information
• Profile picture
• Account bio
• OAuth access tokens (stored securely and encrypted)
• Direct message content (for AI character responses)

1.3 Character Data

Information you provide when creating characters:

• Character names and profiles
• Personality descriptions and backstories
• Example dialogues
• Response configurations and settings

1.4 Conversation Data

We collect conversation data including:

• Messages exchanged between Instagram users and your characters
• Conversation metadata (timestamps, message counts)
• Content moderation flags and safety filter triggers

1.5 Usage Data

We automatically collect:

• Log data (IP address, browser type, device information)
• Platform usage patterns and feature interactions
• Performance metrics and error logs

2. How We Use Your Information

2.1 Service Delivery

• Provide and maintain the ASTIA platform
• Process and respond to Instagram direct messages through your characters
• Enable character creation, testing, and deployment
• Display conversation history and analytics

2.2 AI Processing

• Generate character responses using AI language models
• Improve response quality and character consistency
• Apply content moderation and safety filters

2.3 Platform Improvement

• Analyze usage patterns to improve our services
• Develop new features and functionality
• Debug and fix technical issues

2.4 Communication

• Send service-related notifications
• Respond to support inquiries
• Provide updates about platform changes

2.5 Safety and Compliance

• Enforce our Terms of Service
• Detect and prevent fraud or abuse
• Comply with legal obligations

3. Data Sharing and Disclosure

3.1 Third-Party Service Providers

We share data with trusted service providers who assist in operating our platform:

• Meta/Instagram: To enable Instagram integration and messaging
• AI Providers: To generate character responses (messages are processed but not stored by AI providers)
• Supabase: For database and authentication services
• Hosting Providers: For platform infrastructure

3.2 Legal Requirements

We may disclose your information if required by law, court order, or government request, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

3.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your data may be transferred to the acquiring entity.

3.4 What We Don't Do

• We do not sell your personal information to third parties
• We do not share your data for third-party advertising purposes
• We do not use your character configurations to train AI models without consent

4. Data Security

We implement industry-standard security measures to protect your data:

• All data transmitted over HTTPS/TLS encryption
• Sensitive data encrypted at rest
• Instagram OAuth tokens stored with encryption
• Regular security audits and updates
• Access controls and authentication requirements
• Rate limiting to prevent abuse

While we strive to protect your information, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.

5. Data Retention

5.1 Account Data

We retain your account information for as long as your account is active. Upon account deletion, we will delete or anonymize your personal data within 30 days, except where retention is required by law.

5.2 Conversation Data

Conversation logs are retained for a limited period (typically 90 days) to provide conversation history features and for moderation purposes. You may request earlier deletion of specific conversations.

5.3 Character Data

Character configurations are retained until you delete them or your account. Deleted characters are permanently removed within 30 days.

6. Your Rights and Choices

6.1 Access and Portability

You can access your account information, character configurations, and conversation data through your dashboard. You may request a copy of your data in a portable format.

6.2 Correction

You can update or correct your account information and character configurations at any time through the platform.

6.3 Deletion

You can delete individual characters, unlink Instagram accounts, or delete your entire account. Account deletion will remove all associated data.

6.4 Instagram Disconnection

You can unlink your Instagram account at any time, which will stop all character messaging activity and revoke our access to your Instagram data.

6.5 Communication Preferences

You can opt out of non-essential communications through your account settings. Service-related notifications cannot be disabled while your account is active.

7. GDPR Rights (European Users)

If you are located in the European Economic Area (EEA), you have additional rights under the General Data Protection Regulation (GDPR):

• Right to Access: Request a copy of your personal data
• Right to Rectification: Request correction of inaccurate data
• Right to Erasure: Request deletion of your data ("right to be forgotten")
• Right to Restrict Processing: Request limitation of data processing
• Right to Data Portability: Receive your data in a structured format
• Right to Object: Object to certain types of data processing
• Right to Withdraw Consent: Withdraw previously given consent

To exercise these rights, please contact us at privacy@astia.ai.

8. CCPA Rights (California Residents)

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA):

• Right to Know: Request information about data collection and sharing practices
• Right to Delete: Request deletion of your personal information
• Right to Opt-Out: Opt out of the sale of personal information (we do not sell your data)
• Right to Non-Discrimination: We will not discriminate against you for exercising your rights

9. Children's Privacy

ASTIA is not intended for users under 18 years of age. We do not knowingly collect personal information from children. If we become aware that we have collected data from a minor, we will take steps to delete that information promptly.

10. International Data Transfers

Your data may be processed and stored in countries outside your country of residence. We ensure appropriate safeguards are in place, such as Standard Contractual Clauses, to protect your data during international transfers.

11. Cookies and Tracking

We use cookies and similar technologies to:

• Maintain your session and authentication
• Remember your preferences
• Analyze platform usage and performance

You can manage cookie preferences through your browser settings. Disabling essential cookies may affect platform functionality.

12. Third-Party Links

Our platform may contain links to third-party websites or services. We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page and updating the "Last Updated" date. We encourage you to review this policy periodically.

14. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

• Privacy Inquiries: privacy@astia.ai
• General Support: support@astia.ai
• Data Protection Officer: dpo@astia.ai

By using ASTIA, you acknowledge that you have read and understood this Privacy Policy.