← Back to ASTRA
Privacy Policy
Last updated: 24 May 2026
Transparency notice. ASTRA is a monitored platform. Your interactions with the AI
(the prompts you send and the responses you receive) are logged and may be reviewed by
administrators for security, abuse-prevention, compliance, infrastructure protection,
and quality-improvement purposes. We do not automatically block or restrict your prompts —
monitoring is for logging and review only, and you continue to receive AI responses normally.
1. Who we are
ASTRA ("we", "us", "the platform") provides an AI assistant powered by locally-hosted
language models. This policy explains what we collect, why, and how we protect it.
2. Information we log
For each interaction we securely store:
- Your user ID and username
- The full text of your prompt and the AI's response
- Timestamp, session identifier and the AI model used
- Response timing and token-usage statistics
- A one-way salted hash of your IP address and device fingerprint
(we do not store your raw IP address or a reversible fingerprint)
- Your browser's user-agent string
3. Why we log it
- Security auditing & abuse investigation
- Infrastructure monitoring and protection
- Compliance and record-keeping
- Platform analytics and quality improvement
4. Who can access logs
Access to interaction logs is restricted to authorised administrators and auditors via
role-based access controls. Every administrative access to your data is itself recorded in an
internal audit trail. Real-time operational alerts may be delivered to administrators through
secure internal channels.
5. How we protect your data
- Prompt and response content is encrypted at rest (AES-256-GCM)
- IP addresses and device fingerprints are stored only as salted hashes
- Access is gated by authentication, encrypted sessions and role-based permissions
- Administrative actions are recorded in an audit trail
- Encrypted, access-controlled backups are taken regularly
6. Data retention
Interaction logs are retained for a limited operational period (by default 90 days) and then
automatically deleted, unless a longer period is required for security or legal reasons.
7. Your choices
Use of this platform is voluntary. By signing in and submitting prompts you acknowledge and
consent to the logging and review described above. If you do not agree, please do not use the
service. To request access to or deletion of your data, contact your administrator.
8. Contact
Questions about this policy can be directed to your platform administrator.
→ Read the Terms of Service