Privacy Policy

When you sign in with Google, we receive and store:

• Your name, email address, and profile picture from your Google account
• A Google OAuth refresh token, used to access Google services on your behalf
• Content from Gmail, Google Calendar, and Google Drive — only when you explicitly ask Astro to access them
• Messages you send to Astro and the AI responses generated
• Connected app credentials for any third-party integrations you choose to enable

We also collect operational data to run the service:

• Conversation history — your messages and Astro's responses are stored to provide context across a conversation
• Tool call logs — records of which tools Astro used (e.g. "read 5 emails", "created a calendar event"), including the results returned. This is used for conversation summaries and billing.
• Token and credit usage — the number of AI tokens consumed and estimated cost per session, used to manage your credit balance and prevent runaway costs
• Language preference — stored in your browser's local storage to remember your chosen language

We do not collect payment information, sell your data, or share it with advertisers.

Your data is used exclusively to:

• Authenticate you and maintain your session
• Fulfill your requests — reading emails, checking your calendar, sending messages, creating documents, etc.
• Track credit usage so you stay within your plan limit and we can show you accurate usage warnings
• Generate conversation summaries you can review at any time
• Operate, maintain, and improve Astro

We do not use your email content, calendar data, or conversation history to train AI models without your explicit consent.

Every message you send to Astro goes through the following steps — we want you to understand this clearly:

• Intent classification — before your message reaches the main AI, a lightweight model (Anthropic Claude Haiku) reads it to classify the type of request: research, writing, action, or simple question. This takes under a second and costs a fraction of a cent.
• Main AI response — your message, conversation history, and relevant context are sent to Anthropic's Claude API to generate a response. The AI may call tools (e.g. read your emails, search the web) in multiple steps before responding.
• Runaway protection — if a request triggers an unusually long chain of AI processing (well beyond what any normal task requires), it is automatically stopped. This is a failsafe against infinite loops, not a limit on complex tasks. Normal multi-step requests always complete.
• All AI calls go to Anthropic — both the classifier and the main response use Anthropic's API. Your messages may be processed by Anthropic according to their privacy policy.

We do not send your messages to any AI provider other than Anthropic, except where you explicitly enable a third-party AI tool integration.

Astro requests the following Google API scopes when you connect your account:

• Gmail — read and send emails on your behalf
• Google Calendar — read and create calendar events
• Google Contacts — read contacts to help compose messages
• Google Drive / Docs — create documents when requested

Astro's use of data received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. We only access Google data when you explicitly ask Astro to, and we never use Google data to serve advertising.

Your data is stored in Supabase, a secure cloud database hosted in the United States. OAuth tokens are encrypted at rest. We use HTTPS for all data in transit.

Conversation history is retained for as long as your account is active. You can delete individual conversations at any time from within the app. You can request full account deletion by contacting us.

Credit and token usage records are retained for billing and support purposes even after conversation deletion.

Astro integrates with services you explicitly connect (Slack, Notion, GitHub, etc.). We only access these services when you instruct Astro to do so, and we do not share your data with them beyond what is required to complete your request.

Key third-party processors we use:

• Anthropic — AI responses. Your messages are processed per their privacy policy.
• Supabase — database and authentication infrastructure
• Vercel — frontend hosting
• ElevenLabs — text-to-speech (only when you use the voice/listen feature)
• Tavily — web search (only when Astro performs a web search on your behalf)

You have the right to:

• Access the data we hold about you
• Request correction or deletion of your data
• Revoke Google OAuth permissions at any time via your Google Account settings
• Delete individual conversations directly from the app
• Request full account deletion, which removes all stored personal data

To exercise any of these rights, email us at hello@astrovision.app.

We use a single session cookie to keep you logged in. We do not use tracking cookies or third-party advertising cookies.

We store your language preference in your browser's local storage (key: astro-locale). This never leaves your device.

Astro is not directed at children under 18. We do not knowingly collect data from anyone under 18. If you believe a minor has created an account, contact us and we will delete it promptly.

We may update this policy from time to time. If we make material changes — especially to how we process your data or which third parties we share it with — we will notify you by email or by a prominent notice in the app at least 7 days before the change takes effect. Continued use of Astro after that date constitutes acceptance of the updated policy.

Questions about this policy, or want to exercise your data rights? Reach us at hello@astrovision.app. We aim to respond within 48 hours.