Astralis
Privacy Policy
Astralis Internal Chat Platform (chat.astralis.rent) · Last updated: February 2026
1. Introduction
This Privacy Policy explains how Astralis ("we", "us", or "our") collects, uses, stores, and protects personal data when you use our internal team communication platform available at chat.astralis.rent ("the Platform").
We are committed to protecting your privacy and complying with the General Data Protection Regulation (GDPR) and applicable Croatian data protection laws.
2. Data Controller
The data controller responsible for your personal data is:
- Company: Astralis
- Website: astralis.rent
- Email: astralis@astralis.rent
- Location: Croatia, European Union
As we do not have a designated Data Protection Officer (DPO), all data protection inquiries should be directed to the contact email above.
3. What Data We Collect
3.1 Account Information
- Full name
- Email address
- Password (stored in encrypted form)
- Profile avatar/photo (if uploaded)
3.2 Communication Data
- Messages sent in rooms and direct messages
- Image files uploaded to the platform
- Timestamps of messages and activity
- Room membership and participation
3.3 Technical Data
- IP address
- Browser type and version
- Device information
- Login timestamps and session data
- Web push notification tokens (if notifications are enabled)
4. How We Use Your Data
We use your personal data for the following purposes:
- To provide and operate the chat platform
- To authenticate your identity and maintain account security
- To deliver messages and notifications
- To maintain platform performance and security
- To comply with legal obligations
We do not use your data for advertising, profiling, or selling to third parties.
5. Administrator Access to Messages
As a self-hosted platform, the system administrator has technical access to all data stored on the server, including messages in all rooms, direct messages, uploaded files, and user account information. This access exists for platform maintenance and security purposes only.
The administrator is bound by confidentiality obligations and applicable GDPR regulations. We are committed to not reading, sharing, or using message content for any purpose other than technical maintenance and legal compliance.
6. Data Storage and Security
Your data is stored on secure servers hosted via Railway (railway.app), with infrastructure located in the European Union (europe-west4 region). Security measures include:
- All data transmitted over HTTPS/TLS encryption
- Passwords stored using industry-standard hashing
- Access to server infrastructure restricted to authorized administrators only
- Regular security monitoring
In the event of a data breach, we will notify affected users and relevant authorities as required by GDPR within 72 hours.
7. Data Retention
- Account data: retained for the duration of your account
- Messages and files: retained indefinitely unless deleted
- Technical logs: retained for up to 30 days
Upon account deletion, your personal data will be removed within 30 days, except where retention is required by law.
8. Your Rights Under GDPR
As a data subject under GDPR, you have the following rights:
- Right of Access: Request a copy of all personal data we hold about you
- Right to Rectification: Request correction of inaccurate or incomplete data
- Right to Erasure: Request deletion of your personal data ("right to be forgotten")
- Right to Restrict Processing: Request that we limit how we use your data
- Right to Data Portability: Request your data in a machine-readable format
- Right to Object: Object to processing of your data in certain circumstances
To exercise any of these rights, contact us at astralis@astralis.rent. We will respond within 30 days.
You also have the right to lodge a complaint with the Croatian Personal Data Protection Agency (AZOP) at www.azop.hr.
9. Third-Party Services
Railway (railway.app): Hosting provider for server infrastructure. Railway processes data as a data processor on our behalf. Their infrastructure is located in the EU. We do not share your personal data with any other third parties, advertisers, or analytics services.
10. Cookies and Local Storage
The Platform uses essential cookies and browser storage only for:
- Maintaining your login session
- Storing user preferences
- Web push notification tokens
We do not use tracking cookies, advertising cookies, or any non-essential cookies.
11. External Users and Guests
If you are accessing this platform as an external user (client, contractor, or partner), the same data protection principles apply. By accepting an invitation to the platform, you acknowledge that:
- Your messages and activity are stored on our servers
- The platform administrator has technical access to all communications
- Your account will be removed when your engagement with Astralis ends
- You should not share confidential third-party information without appropriate authorization
12. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify users of significant changes via the platform. Continued use of the platform after changes constitutes acceptance of the updated policy.
13. Contact Us
If you have any questions or requests regarding this Privacy Policy:
- Email: astralis@astralis.rent
- Website: astralis.rent