Privacy Policy

Last updated: January 27, 2026

At Astown, we believe privacy isn't just a feature—it's a fundamental right. This Privacy Policy explains how we collect, use, and protect your information when you use our AI-powered reporting and monitoring platform.

Our Privacy Philosophy

Astown is designed with privacy at its core. Founders control exactly what data investors can see, with granular privacy settings for every metric. We don't sell, share, or harvest your data for marketing purposes.

Definitions

For the purposes of this Privacy Policy:

  • Company (referred to as "Astown", "We", "Us" or "Our") refers to Astown, the AI-powered reporting and monitoring platform.
  • Service refers to the Astown website, platform, and tools.
  • Personal Data is any information that relates to an identified or identifiable individual.
  • Usage Data refers to data collected automatically about how you use our Service.
  • Account means a unique account created for accessing our Service.
  • Device means any device that can access the Service such as a computer, mobile phone or tablet.
  • Business Data refers to KPIs, metrics, financial data, and reports you provide through our Service.

What Data We Collect

Account Information

When you create an account, we collect:

  • Full name
  • Email address
  • Password (encrypted)
  • User type (investor or business/founder)
  • Organization name and details
  • Profile information

Business Data (For Founders)

When you use Astown to track and report metrics, you may provide:

  • Financial metrics (MRR, ARR, burn rate, runway)
  • User metrics (DAU, MAU, retention, churn)
  • Operational KPIs
  • Business reports and updates

Important: You have full control over which metrics are shared with investors. Our granular privacy controls allow you to specify visibility per metric.

Integration Data

When you connect third-party services, we may receive:

  • Billing data from Stripe (MRR, subscriptions, churn)
  • Financial data from QuickBooks or Xero (cash, burn, runway)
  • Analytics data from Google Analytics or Mixpanel (user engagement)

We only collect the data necessary to provide our service and do not store raw transaction-level data.

Usage Data

We automatically collect limited usage data to improve our service:

  • Browser type and version
  • Device type and operating system
  • Pages visited and time spent
  • Feature usage patterns
  • General location (country/region level only)

We use privacy-respecting analytics tools and do not track individual users across the web.

How We Use Your Data

We use your information only for:

  • Service Delivery: Providing KPI tracking, AI insights, and report generation
  • Account Management: Managing your account and authentication
  • AI Features: Generating metric explanations and investor reports
  • Portfolio Monitoring: Enabling investors to view permitted portfolio data
  • Service Improvement: Understanding how people use Astown to make it better
  • Security: Detecting and preventing abuse, fraud, and security issues
  • Legal Compliance: Meeting our legal obligations

We do NOT use your data for:

  • Marketing or promotional emails (unless you explicitly opt-in)
  • Selling or sharing with third parties for their marketing
  • Tracking you across other websites
  • Building advertising profiles

Data Sharing and Access Control

Founder Privacy Controls

Founders have granular control over data visibility:

  • Choose which metrics are visible to investors
  • Set different visibility levels per metric
  • Control access at the investor or fund level
  • View audit logs of who accessed what

Investor Data Access

Investors only see:

  • Metrics explicitly shared by founders
  • Aggregated portfolio health indicators
  • Reports approved by founders

Investors never have access to:

  • Raw financial data
  • Metrics not explicitly shared
  • Data from companies outside their portfolio

Data Retention

  • Account Data: Retained while your account is active, deleted within 30 days of account deletion
  • Business Data: Retained for historical reporting, deleted upon account deletion or explicit request
  • Integration Data: Synced data retained for 24 months for trend analysis
  • Usage Analytics: Aggregated data retained for up to 24 months
  • Server Logs: Technical logs retained for up to 90 days for security purposes

Cookies and Tracking

We use minimal cookies:

  • Essential Cookies: Required for the service to function (authentication, preferences)
  • Analytics Cookies: Help us understand usage patterns (anonymized via PostHog)

We do NOT use:

  • Advertising cookies
  • Cross-site tracking cookies
  • Social media tracking pixels

You can disable cookies in your browser settings, though some features may not work properly.

Data Security

We implement industry-standard security measures:

  • All data transmitted over HTTPS encryption
  • Passwords are hashed using secure algorithms
  • Row Level Security (RLS) in our database ensures users only access their data
  • Regular security audits and updates
  • Limited access to any stored data
  • SOC 2 compliant infrastructure (via Supabase and Vercel)

However, no method of transmission or storage is 100% secure. We cannot guarantee absolute security but take it very seriously.

Your Rights

Depending on your location, you may have rights including:

  • Access: Request a copy of your data
  • Correction: Update inaccurate information
  • Deletion: Request deletion of your data
  • Portability: Receive your data in a portable format
  • Objection: Object to certain processing of your data
  • Withdrawal: Withdraw consent at any time

To exercise these rights, contact us at contact@updates.astown.co

Third-Party Services

We use select third-party services that may process data:

  • Supabase: Database and authentication
  • Vercel: Hosting infrastructure
  • Resend: Transactional emails
  • PostHog: Privacy-focused analytics
  • Sentry: Error tracking
  • Stripe, QuickBooks, Xero, Google Analytics, Mixpanel: Optional integrations

We carefully vet all third parties and ensure they meet our privacy standards.

International Data Transfers

Astown is operated globally. If you access our service from outside our primary operating region, your data may be transferred internationally. We ensure appropriate safeguards are in place for any international transfers.

Children's Privacy

Astown is a business platform not directed at children under 16. We do not knowingly collect data from children under 16. If you believe a child has provided us with personal data, please contact us immediately.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by:

  • Posting the new policy on this page
  • Updating the "Last updated" date
  • Sending an email notification (if you have an account)

We encourage you to review this policy periodically.

GDPR Compliance (EU Users)

If you are in the European Union, we comply with GDPR requirements:

  • We process data lawfully, fairly, and transparently
  • We collect data only for specified, explicit purposes
  • We minimize data collection to what's necessary
  • We keep data accurate and up-to-date
  • We retain data only as long as necessary
  • We ensure appropriate security measures

Our legal basis for processing is typically consent, contract performance, or legitimate interest in providing our service.

California Privacy Rights (CCPA)

If you are a California resident, you have additional rights:

  • Right to know what personal data is collected
  • Right to know if personal data is sold or disclosed
  • Right to opt-out of sale of personal data
  • Right to deletion of personal data
  • Right to non-discrimination

Note: Astown does not sell personal data.

Contact Us

For any privacy-related questions, concerns, or requests:

We will respond to all requests within 30 days.

Astown is committed to transparency and protecting your privacy. If you have questions about this policy or our practices, please don't hesitate to reach out.