Privacy Policy
Last updated May 05, 2026
1. Overview
Astrix AI is a business operations, reporting, conversational workflow, and automation platform for India-based businesses, agencies, and authorized business users. Astrix AI helps authorized users connect approved business systems, ask client-scoped operational questions, generate reports, retrieve files, trigger workflow actions, and manage business communications through the Astrix dashboard, WhatsApp, web chat, APIs, webhooks, and other supported channels.
This Privacy Policy explains how we collect, use, store, share, protect, retain, and delete information when you use Astrix AI, our website, dashboard, chat features, WhatsApp workflows, APIs, webhooks, integrations, support services, analytics tools, and related services.
Astrix AI is not intended to be a general-purpose consumer chatbot. It is designed to operate within each customer's authorized organization, client, account, integration, and permission boundaries.
2. Current geography
Astrix currently targets customers and business operations in India. Some connected platforms, cloud services, payment providers, analytics providers, advertising platforms, and communication providers may process data outside India as part of their global infrastructure or as required to provide the connected service. If Astrix expands active service availability outside India, we may update this Privacy Policy and related notices.
3. Our role
Depending on the context, Astrix may act as:
· Processor or service provider when we process client data, end-customer data, marketplace data, files, messages, orders, shipment data, payment metadata, or integration data on behalf of a customer or authorized organization.
· Controller or business when we process information for Astrix account administration, billing, authentication, security, product operations, support, legal compliance, analytics, telemetry, and service improvement.
Customers are responsible for making sure they have the authority, notices, consents, lawful basis, and third-party permissions required to connect accounts, upload data, invite users, send messages, trigger workflows, and instruct Astrix to process information.
4. Information we collect
We may collect or receive the following categories of information.
4.1 Account and user information
This includes name, business email address, phone number, role, organization, agency, client association, user ID, authentication status, access permissions, login events, invite status, profile settings, support requests, and security metadata.
4.2 Organization, agency, and client information
This includes organization names, client names, client scopes, brand information, access settings, integration configuration, dashboard preferences, business process settings, team assignments, user permissions, workflow rules, subscription status, and billing metadata.
4.3 Connected account and integration data
When a customer connects a third-party account, Astrix may receive data from that account based on the permissions granted. This may include marketplace data, logistics data, payment metadata, advertising data, social media metrics, website analytics, file metadata, document content, project management data, design assets, outreach campaign metrics, CRM data, and business reports.
Current live integrations include Amazon Seller Central/SP-API, Delhivery, Stripe, Meta Ads, Google Ads, Amazon Ads, Instagram, Facebook, YouTube, X, Threads, Apollo, Instantly, Canva, SharePoint, Google Sheets, Google Docs, Jira, Wix, and Google Analytics.
Planned integrations include Flipkart, Meesho, Shiprocket, LinkedIn Ads, LinkedIn, and Razorpay. Integrations may be added, removed, suspended, limited, or modified with or without prior notice because of provider API changes, provider policy changes, review decisions, rate limits, access removal, security risks, compliance requirements, commercial feasibility, or technical limitations.
4.4 Order, buyer, shipment, and support information
This may include order IDs, marketplace references, buyer or recipient names, phone numbers, email addresses, delivery addresses, pincodes, order value, item summary, SKU metadata, shipment status, AWB or tracking numbers, carrier information, pickup details, return/refund information, delivery events, customer support queries, and related metadata.
For Amazon buyer information and other marketplace-restricted information, additional restrictions apply as described in this Privacy Policy.
4.5 Messaging, chat, and communication data
This may include WhatsApp messages, web chat messages, message IDs, phone numbers, bot replies, conversation history, escalation status, message timestamps, attachments, templates, delivery metadata, and user commands. If voice or call workflows are enabled, Astrix may process call metadata, call audio, transcripts, text-to-speech output, and voice-agent responses.
4.6 Files, documents, media, and assets
This may include files or metadata from Canva, Google Drive, Google Docs, Google Sheets, SharePoint, Jira, Wix, or other connected systems; exported files; uploaded assets; generated reports; shipping labels; invoices; creative assets; screenshots; and temporary attachments.
4.7 Payment and billing metadata
This may include Stripe customer IDs, subscription IDs, plan information, invoice or receipt metadata, payment link IDs, payment status, amount, currency, refund status, transaction references, and provider event metadata. Astrix does not intentionally store full payment card numbers, CVV codes, full bank credentials, or payment authentication secrets. Payment processing is handled by payment providers such as Stripe and, if enabled in the future, Razorpay.
4.8 Integration credentials and secrets
This may include OAuth access tokens, refresh tokens, API keys, app client secrets, webhook signing secrets, WhatsApp credentials, Amazon LWA/SP-API credentials, and other credentials needed to connect authorized accounts. Astrix stores integration credentials in secure server-side secret storage and uses them only to provide customer-authorized features.
4.9 Technical, analytics, telemetry, and security data
This may include IP address, browser and device information, operating system, pages visited, feature usage, request metadata, error messages, stack traces, API route metadata, webhook delivery metadata, diagnostic events, authentication logs, audit logs, security events, and performance information.
We use or may use analytics and monitoring tools such as Google Analytics, Sentry, and, if enabled, Microsoft Clarity or similar tools. These tools help us understand product usage, diagnose errors, improve reliability, and identify issues. Where analytics or session-recording tools require consent or additional notice, customers and Astrix will configure appropriate consent mechanisms and masking controls.
5. Sources of information
We collect information from:
· You and your organization.
· Authorized users, administrators, agency users, and client users.
· Connected third-party accounts that you authorize.
· Messaging channels such as WhatsApp and web chat.
· APIs and webhooks from connected providers.
· Files, documents, assets, and reports you upload or authorize.
· AWS and other infrastructure services used to operate Astrix.
· Support, onboarding, and configuration activities.
We do not intentionally obtain Amazon Information, marketplace data, Google user data, Microsoft data, or similar restricted data from scraping, credential sharing, unauthorized data brokers, or other unauthorized sources.
6. How we use information
We use information to:
· Provide, operate, maintain, and improve Astrix AI.
· Authenticate users and enforce role-based, tenant-based, client-based, and integration-based access controls.
· Connect third-party accounts authorized by customers.
· Fetch, summarize, display, and analyze permitted business data.
· Generate reports, dashboards, analytics, and operational summaries.
· Process order, logistics, payment-link, file, support, and workflow requests.
· Provide WhatsApp, web chat, and other conversational business workflows.
· Classify user intent, route requests, and generate AI-assisted responses.
· Send permitted transactional, support, operational, or template-based communications.
· Provide customer support, onboarding, troubleshooting, and service notices.
· Detect, prevent, and investigate fraud, abuse, security incidents, unauthorized access, and policy violations.
· Maintain audit logs and comply with legal, contractual, tax, accounting, regulatory, and partner obligations.
· Improve reliability, security, performance, and user experience using aggregated, minimized, or de-identified data where possible.
We do not sell personal information. We do not use Amazon buyer information, WhatsApp Business Solution Data, Google user data, Microsoft API data, customer files, payment metadata, or client confidential data for unrelated advertising, data brokerage, or generalized AI model training.
7. AI-assisted features
Astrix uses automated and AI-assisted systems to classify requests, generate replies, summarize operational data, create report drafts, and assist workflow routing. These systems may process user messages, conversation history, integration availability, client context, and relevant business data needed to fulfill the request.
Astrix currently uses AWS-hosted AI services such as Amazon Bedrock for certain AI-assisted features. We aim to minimize the information sent to AI systems and avoid sending restricted PII, payment credentials, addresses, confidential documents, or marketplace buyer information unless required for a customer-authorized workflow and permitted by applicable provider terms.
AI-assisted outputs may be inaccurate, incomplete, delayed, or based on stale data. Users are responsible for reviewing outputs before relying on them for business, financial, legal, tax, customer-facing, operational, pricing, refund, return, advertising, or compliance decisions.
Astrix does not use client data, Amazon Information, WhatsApp Business Solution Data, Google user data, Microsoft API data, or customer files to train or improve generalized AI models.
8. Amazon Selling Partner and Amazon Ads data
When a seller or authorized user connects Amazon Seller Central, Amazon SP-API, Amazon Ads, or related Amazon services, Astrix uses Amazon Information only for authorized seller-benefiting features such as catalog synchronization, inventory visibility, pricing workflows, order visibility, shipment support, buyer messaging through permitted Amazon channels, seller account insights, Amazon Ads reporting, and seller-authorized reporting.
For Amazon buyer PII and other restricted Amazon Information:
· Astrix collects only the minimum data required for the approved feature.
· Buyer PII is hidden from normal order APIs and user interfaces by default.
· Authorized users may reveal buyer PII only through an explicit action while the data is still available.
· PII reveal events are audit logged.
· Buyer names, phone numbers, addresses, destination fields, and buyer-search index fields are scheduled for field-level redaction after 30 days.
· Core non-sensitive order facts may be retained longer, including order ID/reference, platform, status, total, timestamps, item summary, SKU metadata, tags, and non-sensitive operational metadata.
· Astrix does not use Amazon buyer phone numbers, email addresses, addresses, or other Amazon Information to send WhatsApp, SMS, RCS, iMessage, email, telephony, or other non-Amazon messages.
· Amazon buyer communications and review solicitations must use Amazon-approved messaging or solicitation channels where required.
· Astrix does not use Amazon Information for off-Amazon marketing, profiling, retargeting, data brokerage, unrelated advertising, or unauthorized aggregation across sellers.
· Astrix does not share Amazon Information with outside parties except service providers strictly necessary to provide authorized features and subject to appropriate safeguards, or where required by law or Amazon-approved processes.
9. Google API data
When a user connects Google services such as Google Ads, Google Analytics, Google Drive, Google Docs, Google Sheets, or YouTube, Astrix uses Google user data only to provide or improve user-facing features that the user or organization authorizes.
Astrix requests only permissions that are reasonably necessary for the connected feature, uses Google data only for the requested user-facing workflow, and does not use Google user data for unrelated advertising, data brokerage, surveillance, or generalized AI model training.
Astrix's use and transfer of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
Users or administrators may revoke Google access through Google account permissions or Astrix integration settings where available.
10. Meta, WhatsApp, Instagram, Facebook, and Threads data
Astrix may process Meta, WhatsApp, Instagram, Facebook, Meta Ads, and Threads data to provide messaging, ads reporting, social reporting, content links, engagement analytics, customer support, and business workflow automation.
For WhatsApp workflows:
· Businesses are responsible for obtaining required WhatsApp opt-in and legally required permissions before initiating communications.
· Business-initiated template messages must use approved templates where required.
· Users must be able to opt out, block, or discontinue communications where applicable.
· Astrix must not be used to spam, mislead, surprise, or unlawfully contact people.
· Astrix WhatsApp workflows are business-specific and client-scoped. They are not intended to distribute a general-purpose AI assistant through WhatsApp.
· WhatsApp Business Solution Data is not used to build, train, or improve generalized AI models.
· Automated replies should be disclosed where appropriate and escalated to humans when required.
11. Microsoft, SharePoint, Canva, Jira, Wix, and file data
When Microsoft SharePoint, Google files, Canva, Jira, Wix, or similar file/productivity integrations are connected, Astrix uses data from those services only for customer-authorized workflows such as file search, file read, design export, task lookup, issue status, page links, website analytics, e-commerce analytics, or report generation.
Customers remain responsible for configuring appropriate permissions in their connected accounts. Astrix should not be used to access global drives, workspaces, projects, designs, or files unless the customer has authority to do so.
PII-bearing files, exported designs, invoices, shipping labels, and reports should be stored in private storage, shared using limited-access or time-limited links where possible, and deleted when no longer required.
12. Payments, logistics, advertising, social, and outreach data
Astrix may process data from payment providers, logistics providers, advertising platforms, social platforms, website analytics platforms, and outreach tools to provide customer-authorized features.
For payment providers such as Stripe and, if enabled, Razorpay, Astrix stores limited payment metadata and does not intentionally store raw card data, CVV, or full bank credentials.
For logistics providers such as Delhivery and, if enabled, Shiprocket, recipient contact and address data is used only for fulfillment, shipment tracking, returns, pickup coordination, and support.
For advertising and social platforms such as Meta Ads, Google Ads, Amazon Ads, Instagram, Facebook, YouTube, X, Threads, and planned LinkedIn integrations, Astrix uses authorized account data for reporting, analytics, dashboards, and customer-approved campaign workflows.
For Apollo and Instantly, Astrix supports B2B outreach-related analytics and workflow visibility only. Customers are responsible for lawful basis, prospecting rules, anti-spam compliance, suppression lists, unsubscribe handling, and honoring opt-outs. Astrix should not be used for unlawful consumer marketing or spam.
14. How we share information
We may share information with:
· Authorized users and administrators within the relevant organization, agency, client, or tenant.
· Connected third-party integrations that the customer authorizes.
· Infrastructure, hosting, database, security, secrets, logging, analytics, monitoring, and AI providers such as AWS, Google Analytics, Sentry, or Microsoft Clarity.
· Payment processors such as Stripe and, if enabled, Razorpay.
· Messaging and communication providers such as Meta/WhatsApp and supported telephony or messaging providers.
· Logistics, marketplace, advertising, social, file-storage, website, analytics, CRM/outreach, and project-management providers required for connected workflows.
· Professional advisers, auditors, security assessors, and legal authorities where necessary.
· Successor entities in connection with a merger, acquisition, financing, restructuring, or sale of assets, subject to appropriate protections.
We do not sell personal information. We do not share Amazon Information, Google user data, Microsoft API data, WhatsApp Business Solution Data, customer files, or client confidential data with unrelated third parties for data brokerage, unrelated advertising, or generalized AI training.
15. Security
Astrix uses technical and organizational measures designed to protect information, including:
· HTTPS/TLS encryption in transit.
· Managed cloud storage and database services with encryption at rest where supported.
· AWS Secrets Manager or equivalent secure secret storage for integration credentials.
· Amazon Cognito authentication.
· Role-based, tenant-based, client-based, and need-to-know access controls.
· Server-side credential usage rather than exposing provider tokens to browsers.
· Private storage for sensitive files where configured.
· Webhook signature verification and deduplication where supported by providers.
· Operational logs, security logs, and audit events with PII minimization and redaction where practical.
· Change management, testing, and staging environments before production deployment.
· Incident response, credential rotation, and partner notification procedures.
No system is completely secure. Customers and users must protect their own credentials, devices, administrator accounts, connected accounts, OAuth authorizations, API keys, and user permissions.
16. Retention
Astrix retains information only as long as needed for the purposes described in this Privacy Policy, unless a longer period is required by law, tax, accounting, dispute, fraud-prevention, security, contractual, backup, or partner obligations.
Data category
Retention commitment or target
Core account, organization, and access records
For the life of the account and as required for legal, accounting, audit, security, or dispute purposes
Integration credentials and OAuth tokens
Until disconnected, revoked, expired, rotated, or no longer needed
Core non-sensitive order facts
Retained long term unless the customer deletes the record or account, subject to legal and operational requirements
Marketplace buyer PII
Masked by default and field-level redacted after 30 days
WhatsApp and chat conversation records
30 days via DynamoDB TTL where configured
Generated report and cache records
1 day unless a shorter cache period is set
Temporary report summary caches
2 hours
Webhook idempotency markers
5 minutes
Temporary chat attachments, shipping labels, and similar generated files
14 days where stored under the configured temporary attachment location
CloudWatch operational Lambda logs
180 days
PII reveal audit events
365 days
DynamoDB point-in-time recovery backups
AWS-managed PITR window, up to 35 days
Analytics and monitoring data
According to provider settings and Astrix configuration
Deletion from active systems may not immediately remove data from encrypted backups, logs, or archival systems. Backup copies are protected and expire according to their lifecycle. If a legal, security, fraud, billing, or dispute hold applies, relevant data may be retained until the hold is resolved.
17. Your choices and rights
Depending on applicable law and your relationship with Astrix, you may request access, correction, deletion, export, restriction, objection, withdrawal of consent, grievance redressal, or other rights available under applicable Indian privacy law.
Authorized users and administrators may also disconnect integrations, revoke OAuth access, remove users, change roles, configure client access, and request deletion or export of customer data, subject to legal, contractual, technical, backup, security, and partner limitations.
Requests may be sent to: [Insert privacy email].
18. Customer responsibilities for end-customer data
Customers are responsible for:
· Providing legally required privacy notices to their customers, buyers, prospects, employees, contractors, and end users.
· Obtaining legally required consents, opt-ins, and authorizations.
· Ensuring they have the right to connect every third-party account.
· Ensuring that users only access data they are authorized to access.
· Honoring opt-outs, unsubscribe requests, and deletion requests.
· Avoiding uploads of unnecessary sensitive information.
· Reviewing AI-assisted outputs before use.
· Complying with marketplace, messaging, payment, logistics, advertising, social media, outreach, and file-platform terms.
19. International processing
Astrix primarily operates its infrastructure in India where configured, including AWS infrastructure in the Mumbai region for core services. However, connected providers and subprocessors may process information in other countries depending on their infrastructure, account configuration, support operations, and legal obligations. We use contractual, technical, and organizational safeguards where required.
20. Children
Astrix is intended for business use and is not directed to children. Customers must not knowingly submit children's personal information unless they have legal authority, required consent, and a permitted business purpose under applicable law and provider terms.
21. Third-party services
Third-party integrations are governed by their own terms, privacy policies, platform rules, API policies, review decisions, rate limits, and service availability. Astrix is not responsible for third-party provider outages, policy changes, account suspensions, API restrictions, data inaccuracies, or review outcomes.
22. Changes to this Privacy Policy
We may update this Privacy Policy from time to time. Material changes may be communicated through the website, dashboard, email, or other appropriate channels. Continued use of Astrix after an update means the updated Privacy Policy applies.
23. Contact
For privacy, security, support, data deletion, integration revocation, or rights requests, contact:
[Insert legal company name]
Registered address: [Insert registered address]
Privacy: [Insert privacy email]
Security: [Insert security email]
Support: [Insert support email]
Website: [Insert website URL]