AstraSite← Back to Home

Privacy Policy

Last updated: March 23, 2026

AstraSite.ai ("AstraSite," "we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and share your personal information when you use our AI-powered website builder platform.

This policy applies to all users of astrasite.ai and all websites hosted on our platform. By using AstraSite, you agree to the practices described in this policy.

1. Information We Collect

Information you provide directly

  • Account information: Email address, name, and password when you create an account
  • Site content: Text, images, business descriptions, and other content you provide for your websites
  • Payment information: Billing details processed securely through Stripe. We do not store your full credit card number on our servers
  • Support requests: Messages, emails, and other communications you send to us

Information collected automatically

  • Usage data: Pages visited, features used, time spent on the platform, and interactions with the editor
  • Device information: Browser type, operating system, screen resolution, and device type
  • Log data: IP address, access times, referring URLs, and error logs
  • Form submissions: Data submitted through contact forms on websites you create using AstraSite (you are the data controller for this information)

2. How We Use Your Information

We use your information to:

  • Provide our services: Generate websites, host your sites, process your edits, and deliver features you request
  • Process payments: Manage subscriptions, process charges, and handle billing inquiries through Stripe
  • Improve our platform: Analyze usage patterns to enhance features, fix bugs, and develop new capabilities
  • Communicate with you: Send transactional emails (account verification, password resets, billing receipts), service updates, and respond to support requests
  • Ensure security: Detect and prevent fraud, abuse, and unauthorized access
  • Comply with legal obligations: Fulfill legal requirements and respond to lawful requests from authorities

We do not sell your personal information. We do not use your data for targeted advertising.

3. AI Data Processing

AstraSite uses Anthropic's Claude AI to generate and edit website content. When you use our AI features:

  • Your business description and content prompts are sent to Anthropic's API for processing
  • Anthropic processes this data solely to generate a response and does not use it to train their AI models
  • We do not send your personal account information (email, name, payment details) to AI providers
  • Generated content is stored on our platform and associated with your account

For more information about how Anthropic handles data, please refer to Anthropic's Privacy Policy.

4. Third-Party Services and Data Sharing

We work with trusted third-party services to operate our platform. Each service receives only the data necessary to perform its function:

We may also share data when required by law, to protect our rights, or in connection with a merger, acquisition, or sale of assets (with notice to affected users).

5. Cookies and Tracking

We use cookies and similar technologies for:

  • Essential cookies: Session management, authentication, and security. These are necessary for the platform to function and cannot be disabled
  • Analytics cookies: Ahrefs analytics to understand how visitors use our marketing site. These collect anonymous, aggregated data
  • Preference cookies: Remembering your settings, such as dark mode preference

We do not use advertising or cross-site tracking cookies. You can manage cookie preferences through your browser settings. Disabling essential cookies may prevent you from using certain features.

6. Data Retention

  • Active accounts: We retain your data for as long as your account is active and you continue to use our services
  • Closed accounts: After you close your account, we delete your personal data and website content within 30 days
  • Billing records: We retain billing and transaction records for up to 7 years as required by tax and financial regulations
  • Backups: Data may persist in encrypted backups for up to 90 days after deletion before being permanently removed
  • On request: You may request immediate deletion of your data at any time by contacting us

7. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you
  • Correction: Request that we correct inaccurate or incomplete data
  • Deletion: Request that we delete your personal data
  • Export: Request a portable copy of your data in a standard format
  • Opt-out: Unsubscribe from non-essential emails at any time using the link in any email we send
  • Restriction: Request that we limit how we process your data
  • Objection: Object to our processing of your data in certain circumstances

For GDPR users (European Economic Area)

We process your data based on: (a) your consent, (b) contractual necessity to provide our services, (c) our legitimate business interests, and (d) legal obligations. You have the right to lodge a complaint with your local data protection authority.

For CCPA users (California residents)

You have the right to know what personal information we collect, request its deletion, and opt out of any sale of personal information. We do not sell personal information. To exercise your rights, contact us at privacy@astrasite.ai.

To exercise any of these rights, email us at privacy@astrasite.ai. We will respond within 30 days.

8. Children's Privacy

AstraSite is not intended for use by anyone under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child under 18, we will take steps to delete that information promptly.

If you believe a child has provided us with personal information, please contact us at privacy@astrasite.ai.

9. International Data Transfers

AstraSite is based in the United States. Our servers, database (Supabase), and hosting infrastructure (Vercel) are located in the United States.

If you are accessing AstraSite from outside the United States, your data will be transferred to and processed in the US. By using our services, you consent to this transfer. We take reasonable steps to ensure your data is protected in accordance with applicable data protection laws.

10. Security Measures

We implement industry-standard security measures to protect your data:

  • Encryption in transit: All data is transmitted over HTTPS with 256-bit SSL/TLS encryption via Cloudflare
  • Encryption at rest: Database content is encrypted at rest
  • Access controls: Strict access controls limit who can access production systems and user data
  • Secure authentication: Passwords are hashed using industry-standard algorithms
  • Payment security: Credit card data is handled entirely by Stripe, which is PCI DSS Level 1 compliant
  • Regular monitoring: We monitor our systems for suspicious activity and vulnerabilities

While we take reasonable measures to protect your data, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will:

  • Provide at least 30 days' notice via email or a prominent notice on our platform
  • Update the "Last updated" date at the top of this page

Your continued use of AstraSite after the changes take effect constitutes acceptance of the updated policy.

12. Contact Us

If you have any questions about this Privacy Policy or how we handle your data, please contact us: