Privacy Policy
Last Updated: February 9, 2026
28 bit S.R.L. — Single Member Company C.O.E SM31527 · Strada di Paderna 2, 47895 Domagnano (RSM), Republic of San Marino Contact: hello@tryastro.app
Key Points
- We collect minimal data. We only collect your email address when you purchase a subscription. We never see your credit card or full payment details.
- Your keyword research stays on your device. Projects, saved keywords, CSV imports, and your DeepL API key are stored locally — we never access them.
- We don’t use cookies for analytics. Our website analytics tool (Pirsch.io) is cookie-free and collects only anonymous, aggregated data.
- We don’t sell your data. We never sell, rent, or trade your personal information to anyone.
- You’re in control. You can request access, correction, or deletion of your data at any time by emailing us.
- We use trusted third-party providers. Payments are handled by LemonSqueezy; analytics by Mixpanel; crash reports by Sentry. Each is detailed below.
- We comply with international privacy laws. Including the GDPR, UK GDPR, San Marino Law 171/2018, and US state privacy laws such as CCPA/CPRA.
Table of Contents
- Who We Are
- What This Policy Covers
- Data We Collect
- How We Use Your Data
- Legal Bases for Processing (GDPR)
- Third-Party Service Providers
- Future Feature: MCP Server for AI Agent Access
- Cookies and Tracking Technologies
- Data Retention
- Data Security
- International Data Transfers
- Your Rights
- GDPR — EU Users
- San Marino Data Protection (Law 171/2018)
- UK GDPR — United Kingdom Users
- CCPA/CPRA — California Residents
- Other US State Privacy Laws
- Children’s Privacy
- Changes to This Policy
- Miscellaneous Provisions
- How to Contact Us
1. Who We Are
Astro is a product of 28 bit S.R.L. — Single Member Company (“we,” “our,” or “us”), a company registered in the Republic of San Marino under C.O.E SM31527, with its registered office at Strada di Paderna 2, 47895 Domagnano (RSM).
We are a small business and have not appointed a Data Protection Officer (DPO). For any privacy-related questions, concerns, or requests, you can contact us directly at hello@tryastro.app. We are committed to responding promptly and transparently to every inquiry.
2. What This Policy Covers
Astro is an App Store Optimization (ASO) tool that helps you find the best keywords on the Apple App Store. Astro is available as a macOS desktop application (downloaded from tryastro.app). The website at tryastro.app hosts the product landing page and documentation.
Astro operates on a subscription-based model with recurring payments. A free, limited demo is available for download without creating an account or providing payment information.
This Privacy Policy explains what personal data we collect, how we use it, who we share it with, how we protect it, and what rights you have. It applies to the Astro website, the Astro macOS application, and all related services.
This policy is written in English. If we provide translations for convenience, the English version prevails in case of any discrepancy.
By using Astro, you acknowledge that you have read and understood this Privacy Policy. This policy does not constitute legal advice.
3. Data We Collect
3.1 Data You Provide Voluntarily
-
Email address — Collected at the time of purchase through our payment provider, LemonSqueezy. Your email serves as your primary identifier across our services. If you only use the free demo without purchasing, you may not need to provide an email at all.
-
Payment and billing information — When you subscribe, your payment details (credit card number, billing address, etc.) are processed entirely by LemonSqueezy, which acts as our Merchant of Record. We never have direct access to your credit card numbers or full payment details.
-
Files imported into the app — You may import files (such as CSVs or other supported formats) directly into the Astro app. These files are processed locally on your device and are never transmitted to our servers.
-
DeepL API key — You may optionally enter a DeepL API key for keyword translation. This key is stored exclusively on your local device and is never sent to or stored on our servers.
-
Feature requests and feedback — If you submit feature requests or feedback through UserJot, we collect your email address along with the content you submit.
3.2 Data Collected Automatically
-
Website analytics (via Pirsch.io) — Our website uses Pirsch.io, a cookie-free, privacy-friendly analytics service. Pirsch does not use cookies, does not track individual users, and collects only aggregated, anonymous data such as page views, referrer URLs, browser type, and country. No personal data is collected through Pirsch.
-
In-app analytics (via Mixpanel) — The Astro macOS app collects usage data to help us understand how the product is used and improve it. This includes feature usage events, session data, and general device information. If you are a paying customer, your email address (from your purchase) may be associated with this analytics data.
-
Crash and error reports (via Sentry) — The macOS app automatically sends crash reports and error logs so we can diagnose and fix technical issues. These reports may include device information, operating system version, app version, and error stack traces. Your email address may be associated with these reports if you are a paying customer.
-
Website usage data — When you visit our website, our hosting providers may automatically collect standard access data such as your IP address, device type, operating system, browser type, access times, and referring URLs.
3.3 Aggregated, Anonymous Data Stored on Our Server
When you add a keyword in Astro, our server stores aggregated, non-personally-identifiable data about apps that rank for that keyword. This data powers keyword suggestions for all Astro users. This data cannot be traced back to any individual user and is not considered personal data.
3.4 Data Stored Exclusively on Your Device (Local Data)
The following data is stored only on your Mac and never leaves your device:
- Keyword research projects, saved keywords, and related ASO data
- Your DeepL API key
- Files you import into the app
We do not have access to this local data. You are solely responsible for backing up and managing your local data. If you delete the app or your local files, this data is permanently lost — we cannot recover it.
4. How We Use Your Data
We use the data we collect for the following purposes:
- To provide and maintain the service — Processing your subscription, delivering the product, and providing keyword suggestion data.
- To improve the product — Analyzing aggregated usage patterns to understand which features are most valuable and where we can make improvements.
- To fix bugs and technical issues — Using crash reports and error logs to identify and resolve problems in the macOS app.
- To communicate with you — Sending transactional emails (such as purchase confirmations), product updates, onboarding information, and, with your consent, marketing communications about Astro.
- To comply with legal obligations — Maintaining records as required by tax, accounting, and data protection laws.
We do not use your data for automated decision-making or profiling.
5. Legal Bases for Processing (GDPR)
If you are in the European Union, the European Economic Area, or any jurisdiction where the GDPR applies, we rely on the following legal bases:
- Performance of a contract — Processing your email and payment data is necessary to deliver the subscription service you purchased (Article 6(1)(b) GDPR).
- Legitimate interest — We have a legitimate interest in collecting analytics and crash reports to improve product quality and fix bugs, provided these interests do not override your fundamental rights (Article 6(1)(f) GDPR).
- Consent — Where we send marketing emails, we rely on your consent, which you can withdraw at any time (Article 6(1)(a) GDPR).
- Legal obligation — We may process and retain certain data to comply with tax, accounting, or other legal requirements (Article 6(1)(c) GDPR).
6. Third-Party Service Providers
We use a limited number of trusted third-party services to operate Astro. Below is a detailed description of each provider, what data they receive, and where they process it.
6.1 LemonSqueezy
- Provider: Lemon Squeezy, LLC
- Purpose: Payment processing and subscription management. LemonSqueezy acts as our Merchant of Record, meaning they handle the entire payment transaction on our behalf.
- Data received: Email address, name, billing address, and payment information.
- Processing location: United States
- Privacy policy: https://www.lemonsqueezy.com/privacy
6.2 Mixpanel
- Provider: Mixpanel, Inc.
- Purpose: In-app product analytics. Helps us understand how users interact with Astro so we can improve the product.
- Data received: Email address (for paying customers), usage events, device information, and session data.
- Processing location: United States
- Privacy policy: https://mixpanel.com/legal/privacy-policy/
6.3 Pirsch
- Provider: Emvi Software GmbH (Pirsch Analytics)
- Purpose: Cookie-free, privacy-friendly website analytics. Pirsch does not track individual users and does not use cookies.
- Data received: Aggregated, anonymous data only — no personal data is collected.
- Processing location: Germany (European Union)
- Privacy policy: https://pirsch.io/privacy
6.4 Sentry
- Provider: Functional Software, Inc.
- Purpose: Error monitoring and crash reporting for the Astro macOS app. Helps us detect, diagnose, and fix bugs.
- Data received: Crash and error data, device information, operating system version, app version, error stack traces, and potentially your email address.
- Processing location: United States
- Privacy policy: https://sentry.io/privacy/
6.5 UserJot
- Provider: UserJot
- Purpose: Feature request board and public changelog. Allows you to suggest features and vote on ideas.
- Data received: Email address, feedback, and feature requests you submit.
- Processing location: Please refer to UserJot’s privacy policy for details.
- Privacy policy: https://userjot.com/privacy
6.6 Plunk
- Provider: Plunk (useplunk.com)
- Purpose: Transactional and marketing email service. Used to send you purchase confirmations, product updates, onboarding emails, and marketing communications.
- Data received: Email address.
- Processing location: Please refer to Plunk’s privacy policy for details.
- Privacy policy: https://www.useplunk.com/legal/privacy
6.7 Netlify
- Provider: Netlify, Inc.
- Purpose: Website hosting (frontend). Serves the tryastro.app website.
- Data received: May process IP addresses and standard access logs as part of normal web hosting operations.
- Processing location: United States (with global CDN)
- Privacy policy: https://www.netlify.com/privacy/
6.8 DigitalOcean
- Provider: DigitalOcean, LLC
- Purpose: Backend infrastructure hosting. Our server-side services run on DigitalOcean.
- Data received: May process data stored on our backend servers, including aggregated keyword data and email addresses associated with accounts.
- Processing location: United States / European Union (depending on server region)
- Privacy policy: https://www.digitalocean.com/legal/privacy-policy
6.9 Amazon Web Services (AWS)
- Provider: Amazon Web Services, Inc.
- Purpose: Backend infrastructure hosting. Parts of our backend services run on AWS.
- Data received: May process data stored on our backend servers.
- Processing location: United States / European Union (depending on server region)
- Privacy policy: https://aws.amazon.com/privacy/
6.10 DeepL
- Provider: DeepL SE
- Purpose: Translation API for keyword translation within the Astro app.
- Data received: When you use the translation feature, API calls are made directly from your device to DeepL. We do not intermediate, intercept, or store any translation requests or your DeepL API key on our servers.
- Processing location: Germany (European Union)
- Privacy policy: https://www.deepl.com/privacy
- Important note: Your relationship with DeepL is direct. If you choose to use the DeepL integration, we encourage you to review DeepL’s privacy policy and terms of service, as they apply to your use of their API.
We encourage you to review the privacy policies of all the third-party services listed above to understand how they handle your data.
7. Future Feature: MCP Server for AI Agent Access
Note: This section describes a planned future feature that is not yet available. It is included for transparency so you are informed ahead of time. This section will be updated when the feature launches.
We plan to introduce an MCP (Model Context Protocol) server that will allow you to access your Astro data through AI agents such as Claude, ChatGPT, or other AI assistants.
Here is what you should know about this planned feature:
- Opt-in only. This feature will require your explicit activation. It will not be enabled by default.
- What data AI agents may access. When enabled, AI agents may access your keyword data, project data, and other ASO-related information stored in Astro.
- Third-party processing. Data accessed through the MCP server may be processed by the AI agent provider according to their own privacy policies and terms. Once data is shared with an AI agent, it is subject to that provider’s data handling practices.
- Our responsibility. We are responsible for securely exposing the MCP server endpoint. However, we are not responsible for how third-party AI agents process, store, or use your data once it has been shared through the MCP server.
- Your responsibility. Before connecting any AI agent to Astro, we strongly encourage you to review the privacy policy and terms of service of the AI agent provider you intend to use.
We will update this section and notify you when this feature becomes available.
8. Cookies and Tracking Technologies
Website
Our website does not use cookies for analytics. Pirsch.io, our website analytics provider, is entirely cookie-free.
Our website may use strictly necessary cookies or similar technologies set by our hosting provider (Netlify) or payment provider (LemonSqueezy) during checkout, if required for essential functionality such as fraud prevention or session management. These are not used for tracking or advertising purposes.
We do not use any advertising cookies, tracking pixels, or fingerprinting technologies on our website.
macOS Application
The Astro macOS app does not use browser cookies. The app uses local storage (standard macOS application storage) to save your preferences, projects, and settings. This data remains on your device and is described in Section 3.4.
9. Data Retention
We retain your data only for as long as it is needed for the purposes described in this policy, or as required by law.
| Data Type | Retention Period |
|---|---|
| Payment records (via LemonSqueezy) | Retained by LemonSqueezy as required by applicable tax and accounting laws (typically 5–10 years). |
| In-app analytics (Mixpanel) | Up to 24 months from collection, unless deleted earlier upon request. |
| Crash reports (Sentry) | 90 days from the date of the report. |
| Email communications (Plunk) | Retained for as long as you remain an active customer and have not opted out of communications. Deleted within 30 days of opt-out or account cancellation. |
| Aggregated keyword data (on our server) | Retained indefinitely, as this data is anonymous and non-personal. |
| Local data (on your device) | Retained until you delete it. We have no control over data stored locally on your device. |
| Feature requests (UserJot) | Retained for as long as the feature request is relevant to product development. |
When data is no longer needed, we delete or anonymize it. Where deletion is not technically feasible (for example, data in backups), we ensure it remains protected and is not actively used until it can be deleted.
10. Data Security
We take the security of your data seriously and implement reasonable technical and organizational measures to protect it, including:
- Encryption in transit — All data transmitted between your device, our website, and our servers is encrypted using HTTPS/TLS.
- Secure hosting — We use reputable hosting providers (DigitalOcean, AWS, Netlify) that maintain high security standards and compliance certifications.
- Access controls — Access to personal data is restricted to only those who need it for legitimate business purposes.
- Minimal data collection — We follow a data minimization approach, collecting only the data we actually need.
However, no method of electronic transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee its absolute security.
Data Breach Notification
In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify affected users and the relevant supervisory authorities as required by applicable law (within 72 hours for GDPR, or as otherwise required). We will inform you of the nature of the breach, the data affected, the steps we are taking, and what you can do to protect yourself.
11. International Data Transfers
We are based in the Republic of San Marino, but some of our third-party service providers are based in the United States or other countries outside the EU/EEA.
When your personal data is transferred to countries that may not provide the same level of data protection as your home jurisdiction, we ensure appropriate safeguards are in place, including:
- Standard Contractual Clauses (SCCs) — Approved by the European Commission, these are contractual commitments between us and our data processors to protect your data.
- Adequacy decisions — Where the European Commission or other relevant authorities have determined that a country provides an adequate level of data protection.
- Provider compliance frameworks — Many of our providers maintain certifications and compliance programs (such as SOC 2) that demonstrate adherence to data protection standards.
By using Astro, you acknowledge and consent to the transfer of your data to these third countries, subject to the safeguards described above.
12. Your Rights
Regardless of where you live, we respect your right to control your personal data. Depending on your jurisdiction, you may have some or all of the following rights:
- Access — Request a copy of the personal data we hold about you.
- Rectification — Request correction of inaccurate or incomplete personal data.
- Erasure (Right to be Forgotten) — Request deletion of your personal data when it is no longer necessary for the purposes for which it was collected.
- Data Portability — Request a copy of your data in a structured, commonly used, machine-readable format.
- Restriction — Request that we limit how we use your data in certain circumstances.
- Objection — Object to the processing of your data based on legitimate interests.
- Withdrawal of Consent — Where processing is based on your consent, you can withdraw it at any time. This will not affect the lawfulness of processing before withdrawal.
- Opt out of marketing — You can unsubscribe from marketing emails at any time using the unsubscribe link in any marketing email, or by contacting us.
How to Exercise Your Rights
Send your request to hello@tryastro.app. Please include enough information for us to verify your identity (for example, the email address associated with your purchase).
- Response time: We will respond within 30 days of receiving your request. If we need more time (up to an additional 60 days for complex requests), we will let you know.
- Cost: Requests are free of charge. If a request is manifestly unfounded or excessive, we may charge a reasonable fee or decline the request, with an explanation.
- Verification: We may need to verify your identity before fulfilling certain requests to protect your data from unauthorized access.
13. GDPR — EU Users
If you are located in the European Union or the European Economic Area, the General Data Protection Regulation (GDPR) applies to our processing of your personal data.
Legal bases for processing are described in Section 5 of this policy.
Your rights under the GDPR include all those listed in Section 12 (access, rectification, erasure, portability, restriction, objection, and withdrawal of consent).
International data transfers: Some of our providers are based outside the EU/EEA. We rely on Standard Contractual Clauses and other safeguards as described in Section 11.
Supervisory authority: If you are not satisfied with how we handle your data, you have the right to lodge a complaint with the data protection supervisory authority in your EU/EEA member state. A list of supervisory authorities is available at https://edpb.europa.eu/about-edpb/about-edpb/members_en.
14. San Marino Data Protection (Law 171/2018)
As a company registered in the Republic of San Marino, our data processing activities also fall under Legge n. 171/2018 (San Marino’s data protection legislation).
San Marino’s data protection law is broadly aligned with the principles of the GDPR, including principles of lawfulness, fairness, transparency, purpose limitation, data minimization, accuracy, storage limitation, integrity, and confidentiality.
The relevant supervisory authority for our company is the Autorità Garante per la protezione dei dati personali of the Republic of San Marino. You may contact the authority if you have concerns about how we process your data.
15. UK GDPR — United Kingdom Users
If you are located in the United Kingdom, the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 apply to our processing of your personal data.
Your rights under the UK GDPR mirror those under the EU GDPR and are described in Section 12 of this policy.
International data transfers: When your data is transferred outside the UK, we ensure appropriate safeguards are in place, including International Data Transfer Agreements and Standard Contractual Clauses approved by the UK Secretary of State.
Supervisory authority: If you wish to make a complaint about how we handle your personal data, you have the right to contact the Information Commissioner’s Office (ICO):
- Website: https://ico.org.uk
- Phone: 0303 123 1113
16. CCPA/CPRA — California Residents
If you are a California resident, the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), provides you with additional rights regarding your personal information.
Your rights include:
- Right to Know — You have the right to request information about the categories and specific pieces of personal information we have collected about you, the sources of that data, the purposes of collection, and the categories of third parties with whom we share it.
- Right to Delete — You have the right to request that we delete your personal information, subject to certain legal exceptions.
- Right to Correct — You have the right to request correction of inaccurate personal information.
- Right to Opt Out of Sale or Sharing — We do not sell or share your personal information as those terms are defined under the CCPA/CPRA. We do not engage in targeted advertising based on your personal information.
- Right to Non-Discrimination — We will not discriminate against you for exercising any of your privacy rights.
“Do Not Sell or Share My Personal Information”: We do not sell your personal data. We do not share your personal information for cross-context behavioral advertising.
How to submit a request: California residents can exercise their rights by emailing hello@tryastro.app. We will verify your identity before processing your request and respond within 45 days.
Categories of personal information collected in the past 12 months:
| Category | Examples | Collected? |
|---|---|---|
| Identifiers | Email address | Yes |
| Commercial information | Purchase/subscription records | Yes (via LemonSqueezy) |
| Internet activity | Website usage data, in-app analytics | Yes |
| Geolocation | Approximate location (country, from IP) | Yes (aggregate only, via Pirsch) |
17. Other US State Privacy Laws
If you reside in a US state with comprehensive privacy legislation — such as Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA), Texas (TDPSA), Oregon (OCPA), Montana (MCDPA), or other states with applicable privacy laws — we respect the privacy rights granted to you under those laws.
In general, these laws provide rights similar to those described in Section 12, including the rights to access, delete, and correct your personal data, as well as the right to opt out of the sale of personal data (which, as stated, we do not engage in).
To exercise your rights under any applicable state privacy law, please contact us at hello@tryastro.app.
18. Children’s Privacy
Astro is designed for adult professionals — marketers, app developers, and ASO specialists. Our service is not directed at children or minors under the age of 16.
We do not knowingly collect personal data from children under 16. While a free demo of Astro can be downloaded without providing personal information, if we become aware that we have inadvertently collected personal data from a child under 16, we will take prompt steps to delete that data.
If you are a parent or guardian and believe that your child has provided us with personal data, please contact us at hello@tryastro.app and we will delete the information promptly.
This commitment applies under the US Children’s Online Privacy Protection Act (COPPA), the GDPR’s provisions regarding the processing of children’s data, and any other applicable laws protecting minors’ privacy.
19. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, our services, or applicable laws.
When we make material changes, we will notify you by:
- Sending an email notification (via Plunk) to the email address associated with your purchase, and/or
- Posting a prominent notice on the Astro website.
We encourage you to review this policy periodically. Your continued use of Astro after changes have been posted constitutes your acceptance of the revised policy. If you do not agree with the changes, you should stop using the service.
The “Last Updated” date at the top of this policy indicates when it was most recently revised.
20. Miscellaneous Provisions
20.1 Limitation of Liability
To the maximum extent permitted by applicable law, our total liability arising out of or related to privacy matters under this policy shall not exceed the amount you have paid us for the service in the twelve (12) months preceding the event giving rise to the claim. This limitation does not apply where prohibited by mandatory applicable law.
20.2 Severability
If any provision of this Privacy Policy is found to be invalid or unenforceable by a court of competent jurisdiction, the remaining provisions shall continue in full force and effect. The invalid provision shall be modified to the minimum extent necessary to make it valid and enforceable while preserving its original intent.
20.3 Governing Law
This Privacy Policy is governed by and construed in accordance with the laws of the Republic of San Marino, without regard to conflict of law principles. This does not affect your rights under mandatory consumer protection or data protection laws of your country of residence, which apply regardless of the governing law chosen.
20.4 Entire Agreement
This Privacy Policy, together with our Terms of Service, constitutes the entire agreement between you and 28 bit S.R.L. regarding the processing and protection of your personal data in connection with your use of Astro.
20.5 Language
This Privacy Policy is written in English. If any translated version conflicts with the English version, the English version shall prevail.
21. How to Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your data, please contact us:
28 bit S.R.L. — Single Member Company Strada di Paderna 2, 47895 Domagnano (RSM) Republic of San Marino
Email: hello@tryastro.app
We aim to respond to all inquiries within 30 days.
This privacy policy is provided for informational purposes and does not constitute legal advice. We recommend that you consult with a qualified legal professional if you have specific questions about your rights under applicable data protection laws.