Privacy policy.

Last updated: 04 August 2025

Welcome to the Astari ! 

This Privacy policy (“Policy”) explains all the privacy matters you may face when using our Services. The Policy, is an integral part of the Astari Terms of Service (“Terms”) and incorporated by reference into them Please read this Policy carefully and if you have any questions, feel free to contact us at support@grifaloplimited.com. In case you have any ongoing questions about how to exercise your rights, etc., you may also contact us at support@grifaloplimited.com.

By continuing to access or use our Services, you confirm that you are at least 18 years old and that you have read, understood, and agreed to the terms outlined in this Privacy Policy. If you do not accept these terms or cannot affirm the above, you are not permitted to use the Services. 

Please note that some external services—used either by Astari or by you in conjunction with our Services—may operate under their own independent privacy policies. If your personal data is handled by these third-party services, that processing will be governed by their respective privacy practices, not by this Policy.

For your ease of reference, translations of this Privacy Policy may be made available in various languages. However, in the event of any discrepancy between a translated version and the original English version, the English version shall take precedence.

1. MODIFICATIONS

We may update this Privacy Policy periodically in response to changes in applicable laws, regulatory requirements, technological advancements, or our internal data handling practices. We encourage you to review this Policy regularly to stay informed about any updates or modifications. Should we implement any changes that we, in our sole judgment, consider significant, you will be informed in advance through one or more of the following methods: (i) an email sent to the address linked to your account, (ii) message submitted through the Services. For less material updates, we may communicate the changes simply by publishing the revised Policy on our website or within the Services.

2. YOUR DATA CONTROLLER 

Data controller: The data controller is an entity which determines the purpose and means of processing the personal data. Here at Astari your data controller is Grifalop Limited, 705, Spyrou Araouzou & Koumantarias, Fayza House, 5th floor, office No.: 2, 3036, Limassol, Cyprus.

When necessary for the proper functioning and development of our Service, we may engage third-party vendors, contractors, or external service providers and share certain data with them. This collaboration enables us to operate, maintain, enhance, integrate, personalize, support, and promote our offerings more effectively. We may disclose data specifically for the purposes outlined in this Policy. The categories of third parties with whom we may share information include but are not limited to: providers of cloud infrastructure, analytics and performance measurement tools, marketing and advertising platforms, payment processors, and communication service providers.

3. PERSONAL DATA WE COLLECT

We may collect personal information directly from you, automatically through your use of the Services, and from third-parties.

Personal information we collect from you directly:

We collect several categories of personal data that you may choose to provide when using our Services. These are detailed as follows:

  • Account and Profile Details: Information submitted when creating or authenticating an Account, such as your name, company name, email address, physical address, phone number, calendar data, meeting data, related derivatives, account name, password, and any other details you choose to provide.

  • Use of the services: Information shared while using the Services, including (but not limited to) your name, company name, email address, physical address, phone number, and any other voluntarily submitted data.

  • Communications with Us: If you reach out to us—whether by email, via our support channels, or through our virtual assistant—you may share: Your name, username, account information and/or email address; Any content you choose to include in your correspondence or interactions with our representatives or chatbot.

  • Event Participation and Registration: If you sign up for events we organize or support, we may collect information related to your involvement. This includes: Registration details; Data associated with your attendance or participation.

  • Preferences and Customization Requests: We also collect information regarding: Your communication and usage preferences; Customizations and feedback you provide when using our Services; Other optional preferences you choose to share during your interactions with us.

  • Payment Information*: When you subscribe to our Services: You may be asked to submit payment details.

  • Business Relationships: If you are a customer, supplier, or prospective partner, we may collect personal information in the course of our interactions. This may include your name, company, title, email address, phone number, address, order history, and where applicable, credit-related details (e.g., credit registrations or limits).

  • Other Voluntarily Provided Information: Any other data or personal information you choose to share with us outside the contexts above. 

Important*: Astari does not directly collect or store this payment data. It is securely handled by a trusted third-party payment processor we have engaged for transaction facilitation.

Personal information we collect automatically:

When you interact with our Services, certain types of data are collected automatically to support functionality, personalization, and security. This includes:

  • Usage and Device Data. This may include details about your browser, operating system, or device (such as your cookie identifiers, internet protocol (IP) address, ​​mobile advertising identifier, and other unique identifiers), internet service provider, mobile carrier, general location information (including inferred location based off of your IP address), actions that you take while using the Services, information about how you interact with the Services, including the frequency and duration of your activities, information about the links you click, and other information about how you use the Services.

  • Network and internet information: including, but not limited to, URLs, Internet Protocol addresses, bounce rates, use of spoofing, active (TCP/IP) ports, number of sessions initiated, click streams, location information and network/Wi-Fi access points.

Personal Information We obtain from external sources:

In addition to information you provide directly or that is collected automatically, we may receive personal data about you from third-party entities we partner or integrate with. These sources help enhance our Services, support research, and improve personalization and communication. We use the following external sources:

  • Third-Party Service Providers - we may receive information from vendors and contractors who support our operations. These providers may share: Usage analytics and behavioral data to improve functionality and user experience; Security-related insights to protect the Services; Information necessary to respond to your support inquiries or requests.

  • Research Collaborators - when we conduct surveys or studies, our research partners may share aggregated or individual-level data with us. This may include: Demographic information (e.g., age range, location); Feedback on how you interact with or perceive the Services.

  • Marketing and Advertising Partners - marketing platforms and ad networks may supply us with data about: Your interests or behavioral segments; Demographic categories (e.g., age, gender, location); Interactions with marketing materials or advertisements (e.g., which ads you viewed or clicked).

  • Business Partners - we may work with other companies to provide certain features or services. These partners may share relevant personal information necessary to: Deliver our joint offerings; Fulfill legal or contractual obligations; Customize your experience in line with this Privacy Policy.

  • Social Media Platforms - if you choose to connect to our Services through a social media account, we may collect personal data you have made accessible on those platforms. This may include: Your name, email address, and profile picture; Social connections (e.g., friends or followers); Publicly shared profile details.

4. HOW WE USE YOUR PERSONAL INFORMATION

We rely on your personal data to operate, enhance, and protect our Services, engage with you effectively, and meet legal and business requirements. Below is an outline of the primary ways we use this information:

  • Service Delivery and Account Management: We process your personal data to provide and manage access to our Services, including: creating and maintaining your account; offering troubleshooting assistance and technical support; managing and optimizing daily service operations.

  • Communication and Engagement: Your information helps us: respond to inquiries, feedback, and support requests; send important updates and notices, such as changes to our terms or privacy practices; request information or invite you to participate in feedback activities.

  • Fulfilling Privacy Rights Requests: We use your data to verify and respond to requests you submit regarding your rights under data protection laws (e.g., access, deletion, or correction requests).

  • Marketing and Promotional Messaging: We may send you: newsletters and marketing materials; information about new features, services, promotions, or events hosted by Astari; invitations to webinars and product updates, subject to your marketing preferences.

  • Analytics and Research: We work with analytics partners (e.g., Google Analytics) to understand user behavior and measure advertising performance. Also, we may conduct surveys and studies using your data to: understand user engagement; evaluate service performance; guide product and marketing decisions.

  • Personalization and Feature Development: We use your information to personalize your experience, including: recommending content, meal plans, or features based on your goals; using AI, machine learning, and business intelligence tools to tailor and test new functionalities.

  • Security, Fraud Prevention, and Abuse Detection: We monitor and use your data to protect against unauthorized access, fraud, and misuse of the Services; safeguard our infrastructure and business operations; detect and mitigate suspicious activity.

  • Legal and Regulatory Compliance: We process your information to comply with legal obligations; respond to lawful requests from authorities and regulators; ensure compliance with applicable data protection and financial regulations. In the event of actual or potential legal disputes, we may use your data to: protect our rights and interests; support investigations and respond to legal claims or proceedings.

  • Internal Operations and Governance: We use personal information to manage internal business functions, including: conducting audits, assessments, and compliance checks; administering recordkeeping, accounting, and privacy controls; enforcing company policies and procedures.

  • Business Transactions: If Astari undergoes a corporate transaction—such as a merger, acquisition, sale, or restructuring—your data may be used or disclosed as necessary to evaluate or complete the transaction. This includes scenarios involving bankruptcy or dissolution, where personal data may be treated as part of the transferred assets.

  • Targeted Advertising and Behavioral Tracking:

    • Personalized Advertising - we use your personal data to deliver interest-based ads on our own Services or on third-party platforms. These ads may be tailored based on your interactions with our Services or inferred preferences.

    • Tracking Technologies - we and our partners may use tools such as cookies and advertising IDs to:

      • Collect data like your IP address, device identifiers, and interaction patterns;

      • Track your browsing behavior for advertising and analytics purposes;

      • Deliver ads on external websites or apps based on your use of our Services.

    • Cross-Device Attribution - we may link activity across your devices (e.g., phone, tablet, computer) to:

      • Provide cohesive advertising experience;

      • Avoid repetitive ad displays;

      • Evaluate campaign performance across platforms.

5. HOW WE DISCLOSE YOUR PERSONAL INFORMATION

We disclose your information in the following ways: 

  • To our corporate group: Your information may be shared within the Astari corporate structure, including any parent entities, subsidiaries, or affiliated companies. This sharing is intended to support operational efficiencies and collaboration in delivering and maintaining the Services.

  • To marketing and advertising partners: We may collaborate with marketing and advertising partners for the purpose of promoting Astari and communicating offers, updates, or relevant services to you. In such cases, we may share certain personal data necessary for campaign execution or audience analytics.

  • To third parties for their own use: Astari may share user information with select third parties who may process the data for their own commercial or analytical objectives, including but not limited to improving their services, developing algorithms, or promoting their products. These third parties operate independently, and their use of your information will be subject to their own privacy policies.

  • To service providers: We engage trusted third-party vendors to perform specific tasks on our behalf—such as hosting, analytics, communication services, customer support, and payment processing. These service providers may have access to or process your data as required to deliver their functions. All such engagements are governed by appropriate data processing agreements and confidentiality obligations.

  • To transaction-related businesses: If you interact with third-party providers (e.g., for AI features, payments, or third-party tools) through our Services, we may share your data to facilitate that interaction or to fulfill a transaction you initiate. This ensures you receive the services requested without disruption.

  • As part of business changes: In the event of a business reorganization, such as a merger, acquisition, asset sale, financing round, or restructuring (including bankruptcy or insolvency proceedings), your data may be transferred as part of the company’s business assets. Such transfers may occur during the negotiation phase or post-transaction.

  • For legal and regulatory compliance: Astari may disclose your information when necessary to comply with applicable legal obligations or to respond to valid governmental, judicial, or law enforcement requests. We may also share your data in the course of enforcing our policies or defending legal claims, including protecting the rights, safety, or property of Astari, its users, partners, or the public. This may include efforts to investigate fraud, reduce credit risk, or collect debts owed.

  • With your consent or instruction: In certain situations, Astari may disclose your information to third parties with your explicit consent or at your direction. This may include situations where you authorize integrations or external sharing features within the Service.

  • Intellectual property and rights enforcement: Astari may assist third parties in enforcing their intellectual property or other legal rights, provided a legitimate and well-founded legal request is submitted—such as by a licensed attorney demonstrating a user’s alleged violation. Data will only be shared if sufficient legal basis is established. We reserve the right to decline such requests if the supporting evidence is inadequate.

  • Prevention of illegal or harmful conduct: If we identify or reasonably suspect illegal conduct, fraudulent activity, or behavior that poses a threat to individual or public safety, we may report such incidents to the appropriate legal or enforcement authorities. Any personal data shared will be proportional to the severity and nature of the issue at hand.

The Services may, from time to time, contain links to external websites or third-party content, including offers, promotions, or other materials. These links are provided solely for your convenience and informational purposes. You may find such content useful or interesting, but Astari does not endorse, control, or assume responsibility for any third-party websites, their content, or their availability. The inclusion of any third-party links does not imply affiliation, sponsorship, or endorsement by Astari of the linked website or its operators. Any interactions you have with these external sites are governed solely by their respective terms of use and privacy policies. You access and use third-party websites entirely at your own risk. Astari expressly disclaims all responsibility and liability for any loss, damage, or consequences that may result from your use of or reliance on any external content or links provided through the Services. By using the Services, you agree that Astari will not be held liable for any issues arising from your access to or use of third-party websites linked through the platform.

6. HOW DO WE PROTECT YOUR INFORMATION

We implement reasonable technical, organizational, and administrative safeguards to help protect the personal information in our custody from unauthorized access, loss, misuse, disclosure, alteration, or destruction. These measures are designed to maintain the confidentiality, integrity, and availability of your data. However, no method of data transmission or storage can be guaranteed to be completely secure, and we cannot ensure or warrant the absolute security of any information you transmit or store through our Services.

7. HOW DO WE RETAIN YOUR INFORMATION

We retain your personal information for as long as necessary to achieve the purposes described in this Privacy Policy, including to comply with legal, regulatory, or reporting obligations. In determining the appropriate retention period, we take into account the type and sensitivity of the information, the potential risks of harm from unauthorized use or disclosure, the purposes for which the data is processed, whether those purposes can be achieved through alternative means, and any applicable legal requirements.

If we de-identify your personal information, we will maintain and use the data only in its de-identified form. We will not attempt to re-identify the data unless legally required or expressly permitted to do so.

8. MANAGING YOUR MARKETING AND ADVERTISING PREFERENCES

We may occasionally send you promotional emails or similar marketing messages. Where legally required, we will seek your consent before doing so. If you prefer not to receive these communications, you may opt out in any of the following ways:

  • By updating your email preferences directly in your account settings; or

  • By clicking the “unsubscribe” link found in any promotional email we send.

Astari uses targeted advertising techniques to provide personalized ad experiences on and off our Services.  You can also manage targeted advertising settings through third-party platforms and your device settings by visit industry opt-out pages such as: European Interactive Digital Advertising Alliance, or by adjusting your preferences through Mobile Device Controls:

  • On Android: Reset or delete your advertising ID.

  • On iOS: Enable Limit Ad Tracking in your device’s privacy settings.

These actions can reduce the use of your personal data for interest-based advertising across platforms.

9. СOOKIES AND OTHER TRACKING TECHNOLOGIES

When you visit our website we may use cookies  improve your user experience and obtain data about how the Website is being used. There may be some SDK integrated into the Website which may also collect your data. These data enable us to develop and optimize the Website and make our Services more relevant for you.  Cookies are small pieces of code that are stored on your device when you browse and use online services. They are installed on your device to enable different useful features, for example, to facilitate navigation on the website. After installed on your device, cookies may be either deleted automatically when you close the website/web browser (session cookies), or stored on your device to facilitate future visits to the website (permanent cookies). Permanent cookies are automatically deleted after a period of time set by the website owner. Software Development Kits (“SDK”) are programming packages or libraries of code of one service incorporated in a code of another service so those applications could work on or with a specific platform of an SDK owner. When your data is collected through SDK, third-party SDK owners can access the data. 

10. INTERNATIONAL TRANSFER OF PERSONAL INFORMATION

Astari is headquartered in the Cyprus and engages service providers located both in the U.S. and internationally. Consequently, your personal information may be transferred to, accessed from, or processed in countries outside of your country of residence, including jurisdictions that may not offer the same level of data protection as those in your home country. These international transfers are conducted in accordance with applicable data protection laws, and we take appropriate legal and technical measures—such as implementing recognized transfer mechanisms—to ensure that your information remains protected during and after the transfer.

However, it is important to understand that once your personal data is processed in another jurisdiction, it becomes subject to the laws of that country. This means that courts, law enforcement agencies, or regulatory bodies in those jurisdictions may be entitled to access your information under certain legal circumstances. By using Astari’s Services or providing your personal data to us, you acknowledge that your information may be transferred to countries outside your own and that it will be handled in accordance with the applicable laws of those jurisdictions.

11. APPROACH TO CHILDREN PRIVACY

Access to and use of the Services is limited to individuals who are 18 years of age or older, or who have reached the age of legal majority in their jurisdiction of residence, whichever is higher. We do not knowingly collect or process personal data from individuals who do not meet this age threshold. If you are a parent or legal guardian and believe that your child has used our Services without authorization, or if you suspect an account belongs to a minor, please contact us immediately at support@grifaloplimited.com.

12. DATA PROTECTION AND DATA SECURITY

We incorporate commercially reasonable safeguards to help protect and secure your data. At Astari, we are committed to prioritizing the privacy and security of your personal information. Our security framework is designed to ensure the confidentiality, integrity, and availability of your data and includes the following key components:

Data Retention Policy: We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected or as required by applicable laws and regulations. 

Password Policy: We enforce a strong password policy that mandates minimum length, complexity, and regular rotation. Passwords must include both alphabetic and non-alphabetic characters and cannot be reused within a specified number of cycles. In addition, we use secure password management systems to enhance account protection.

Encryption and Secure Storage: We use industry-standard encryption protocols to protect your data both in transit and at rest. This ensures that your personal information is transmitted and stored securely and is safeguarded against unauthorized access.

Access Controls and Monitoring: Strict access control mechanisms are in place to ensure that only authorized personnel with a legitimate business need can access your personal data.

Entry Control: Access to these systems is restricted to individuals who possess valid identification credentials, including unique authentication keys and passwords.

Availability Control: We implement measures to protect data against accidental loss or destruction. These include daily data backups, recovery procedures, uninterruptible power supply systems, firewall protections, and strict port access regulations to maintain system availability and resilience.

13. YOUR PRIVACY RIGHTS

Your Privacy Rights Based on Jurisdiction

Depending on your place of residence, the laws applicable in your country, state, or region may grant you specific rights regarding how your personal data is collected, processed, stored, and shared. These rights may include:

  1. Right to Access and Data Portability - you have the right to request confirmation about whether Astari is processing your personal data, obtain details about how it is used and shared, and receive a copy in a structured, commonly used, and machine-readable format, where technically feasible.

  2. Right to Erasure - you may request that we delete the personal data we hold about you, subject to legal exceptions and obligations under applicable law.

  3. Right to Rectification -  if any of your personal information is inaccurate or incomplete, you can request that we correct or update it, taking into account the purpose for which we use the data.

  4. Rights to Restrict or Opt-Out of Certain Processing - You may have the right to opt out of specific processing activities, including:

    1. The “sale” or “sharing” of your personal data as defined by relevant privacy legislation. 

    2. The use of your personal information for automated “profiling” or “targeted advertising” purposes.

  5. Right to Consent Before Use of Sensitive Personal Data - in some jurisdictions, we must obtain your opt-in consent before processing sensitive personal data for any purpose beyond delivering our core Services.

  6. Right to Non-Discrimination - Astari will never penalize you for exercising your privacy rights. This includes denying access to our services, charging different rates, or providing a lesser quality of service.

Right to Appeal: You may have the right to appeal our response to a privacy-related request. If you believe your request has been wrongly denied or insufficiently addressed, you can submit an appeal by contacting us at support@grifaloplimited.com with “APPEAL” in the subject line.

Exercising Your Rights: To submit a request regarding any of your privacy rights, please visit the Astari Privacy Request Portal, where you can select your location and the rights you wish to invoke.

Authorized Representatives: Where allowed under the law, you may appoint an authorized representative to act on your behalf. Such agents can submit requests to support@grifaloplimited.com, and we may require verification of the agent’s identity and your written authorization.

Questions and Concerns: If you have any concerns or wish to file a complaint about our data handling practices, please contact our Data Protection Officer at support@grifaloplimited.com.

14. CONTACT US

Grifalop Limited

705, Spyrou Araouzou & Koumantarias, Fayza House, 5th floor, office No.: 2, 3036, Limassol, Cyprus

support@grifaloplimited.com