Astucia AIOperating System

Legal · Privacy

Privacy Policy

Effective date: April 18, 2026

Astucia AI (“Astucia,” “we,” “our,” or “us”) provides the Astucia AI Operating System software, dashboards, integrations, and related services (collectively, the “Service”). This Privacy Policy explains what personal information we collect, how we use it, who we share it with, and the rights you have over it — including the rights granted by the EU General Data Protection Regulation (“GDPR”), the UK GDPR, and the California Consumer Privacy Act as amended by the California Privacy Rights Act (collectively, the “CCPA/CPRA”).

1. Information We Collect

We collect only the information needed to operate and improve the Service. Categories we may collect include:

  • Account information. When you sign in through a supported identity provider (for example, GitHub), we receive your name, email address, avatar URL, and provider user identifier.
  • Integration metadata. Repository names, branch names, organization slugs, installation IDs, and similar identifiers necessary to connect the Service to third-party platforms such as Vercel, GitHub, and Anthropic.
  • Content you submit. Goals, tasks, prompts, configuration, and any content you choose to process through the Service. We treat this as your content and only use it to operate the Service on your behalf.
  • Usage and technical data. Log entries, IP addresses, browser and device information, request paths, timestamps, and error diagnostics used to secure and debug the Service.
  • Support communications. Messages, attachments, and contact details you provide when you contact support.

We do not knowingly collect information from children under 16.

2. How We Use Information

We use personal information to:

  • Provide, maintain, and improve the Service;
  • Authenticate users, enforce access controls, and prevent fraudulent or abusive activity;
  • Debug issues, monitor performance, and keep the Service secure;
  • Respond to support requests and communicate with you;
  • Comply with legal obligations and enforce our terms of service.

3. Legal Bases for Processing (GDPR / UK GDPR)

If you are located in the European Economic Area or the United Kingdom, we process your personal data under the following legal bases:

  • Performance of a contract — to deliver the Service you have requested;
  • Legitimate interests — to operate, secure, and improve the Service, where our interests are not overridden by your rights;
  • Consent — where you have given us consent to process your information for a specific purpose (you may withdraw consent at any time);
  • Legal obligations — where processing is required to comply with applicable law.

4. How We Share Information

We do not sell your personal information, and we do not share it for cross-context behavioral advertising. We share personal information only in these limited cases:

  • Service providers and processors acting on our behalf under written agreements (for example, hosting, database, error-monitoring, and email providers);
  • Third-party platforms you choose to connect (for example, Vercel, GitHub, Anthropic), to the extent necessary to operate the integration you requested;
  • Legal or safety reasons — when required to comply with law, legal process, or a lawful government request, or to protect the rights, safety, or property of Astucia, our users, or others;
  • Business transfers — in connection with a merger, acquisition, reorganization, or sale of assets, subject to customary confidentiality protections.

5. International Transfers

We operate globally, and your personal information may be processed in countries other than the one where you are located, including the United States. When we transfer personal information from the EEA, UK, or Switzerland to a country that has not received an adequacy decision, we rely on appropriate safeguards such as the European Commission’s Standard Contractual Clauses or the UK International Data Transfer Addendum.

6. Data Retention

We retain personal information for as long as needed to provide the Service and for the legitimate purposes described in this Policy, including to comply with legal obligations, resolve disputes, and enforce agreements. When personal information is no longer needed, we delete or anonymize it.

7. Security

We use industry-standard technical and organizational measures to protect personal information against unauthorized access, disclosure, alteration, and destruction. No system is perfectly secure, so we cannot guarantee absolute security.

8. Your Rights (GDPR / UK GDPR)

If you are located in the EEA or UK, you have the following rights, subject to conditions set out in applicable law:

  • Access — obtain confirmation that we process your data and request a copy of it;
  • Rectification — ask us to correct inaccurate or incomplete data;
  • Erasure — ask us to delete personal data in certain circumstances;
  • Restriction — ask us to restrict the processing of your data;
  • Portability — receive your data in a structured, commonly used, machine-readable format;
  • Objection — object to processing based on our legitimate interests;
  • Withdraw consent — where processing is based on consent, withdraw it at any time;
  • Lodge a complaint with your local data protection authority.

To exercise any of these rights, contact us through our support page. We will respond within the time required by law.

9. Your Rights (CCPA / CPRA)

If you are a California resident, you have the right to:

  • Know the categories and specific pieces of personal information we have collected about you, the sources, the purposes, and the categories of third parties with whom we have shared it;
  • Delete personal information we have collected from you, subject to certain exceptions;
  • Correct inaccurate personal information we maintain about you;
  • Opt out of the sale or sharing of your personal information. We do not sell or share personal information as those terms are defined by the CCPA/CPRA;
  • Limit the use of sensitive personal information to uses necessary to provide the Service;
  • Non-discrimination — we will not discriminate against you for exercising any of these rights.

You may submit a verifiable consumer request through our support page. We may need to verify your identity before completing your request. You may also designate an authorized agent to make a request on your behalf.

10. Cookies and Tracking

We use a small number of cookies strictly necessary for authentication and session management. We do not use advertising cookies or cross-site tracking technologies. Some third-party platforms you sign in with may set their own cookies, which are governed by their privacy policies.

11. Automated Decision-Making

The Service uses AI models to generate code and text on your behalf. We do not make decisions about you that produce legal or similarly significant effects based solely on automated processing.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the “Effective date” at the top of this page. If the changes are material, we will provide additional notice where reasonably possible.

13. Contact Us

Questions, requests, or concerns about this Privacy Policy or how we handle your personal information? Please reach out through our support page.