ASTRID
●   NaN consultations TBD
How it works
Evolution of care
FAQ
Join Waitlist
Menu
Close
Join the waitlist for early access to ASTRID.
Over 1,000 people have already signed up to be part of first to experience a healthcare system built for people, not payers.
close icon, black, svg
Why do you want to join the waitlist? (optional)
Please specify
Your data will be processed in the United States. See our Privacy Policy for details on your rights.
By joining the waitlist, you acknowledge that your data will be transferred to and processed in the United States. You can withdraw your consent or request deletion of your data at any time by contacting privacy@astrodoc.com. For more information about your rights, see our Privacy Policy.
Thank you! You're on the list!
Something went wrong while submitting the form.
Home
Astrid
How it works
Evolution
FAQ
Join Waitlist
Try Astrid
Location
Redwood Valley, CA
Contact
info@astrodoc.com
+1 (855) 878-2223

Privacy Policy

Last updated: January 22, 2026
––
YOUR PRIVACY RIGHTS AT A GLANCE
1.
INTRODUCTIOn
2.
information we collect
3.
how we use your information
4.
How We Share Your Information
5.
Advertising and Aggregated Data
6.
Artificial Intelligence and Data Processing
7.
Data Security
8.
Data retention
9.
Your Privacy Rights and Choices
10.
International Data Transfers
11.
Regional Privacy Rights
11.1
European union (GDPR)
11.2
United kingdom
11.3
california (ccpa/cpra)
11.4
Washington state
11.5
Other us states
11.6
Nevada
11.7
canada (pipeda)
11.8
australia
11.9
new zealand
11.10
india (dpdpa)
11.11
united arab emirates (pdpl)
11.12
south africa (popia)
11.13
philippines (DPA)
11.14
nigeria (NDPA)
11.15
pakistan
11.16
all other jurisdictions
12.
Children's Privacy
13.
Cookies and Tracking Technologies
14.
Third-PArty Services
15.
Changes to this privacy policy
16.
CONTACT US

Your Privacy Rights at a Glance

What You Can Do
What We Do
What We Don't Do
✓ Access your information anytime
✓ Keep your health queries confidential
✗ Sell your personal health information
✓ Correct inaccurate information
✓ Share only aggregated, de-identified topic data with advertisers
✗ Train AI on your personal conversations
✓ Delete your account and data (free, no barriers)
✓ Protect your data with encryption
✗ Share your individual queries with advertisers
✓ Export your data
✓ Honor your privacy choices
✗ Use your health data for third-party marketing
✓ Opt out of marketing
✓ Respond to requests within 30 days
✗ Retain data longer than necessary
✓ Withdraw consent
✓ Notify you of material changes
Questions? Contact privacy@astrodoc.com

1. Introduction

1.1 About This Policy

At AstroDoc, Inc. ("AstroDoc," "we," "us," or "our"), we are committed to protecting your privacy. This Privacy Policy explains how we collect, use, share, and protect your information when you use ASTRID, our AI-powered health information assistant, available through our website at www.myastrid.ai, mobile applications, and related services (collectively, the "Services").

1.2 Scope

This Privacy Policy applies to all users of ASTRID worldwide. It is incorporated into and subject to our Terms of Service. Capitalized terms not defined here have the meanings given in the Terms of Service.

1.3 Your Consent

By using ASTRID, you acknowledge that you have read and understood this Privacy Policy. Where required by law, we will obtain your explicit consent before collecting or processing certain types of information.

2. Information We Collect

We collect personal and non-personal information through various means:

2.1 Information You Provide Directly

Account Information:
  • Full name
  • Email address
  • Password (encrypted, never stored in plain text)
  • Date of birth (for age verification)
  • Optional: Phone number, country/region, preferred language
Health Information You Choose to Share:
  • Health questions and symptoms you describe
  • Medical history and conditions you mention
  • Medications and treatments you discuss
  • Lifestyle and wellness information
  • Any other health-related information you voluntarily provide in conversations
You Control What You Share: We recommend sharing only information necessary for ASTRID to provide helpful responses. You are never required to provide health information.
Profile and Preferences:
  • Communication preferences
  • Accessibility settings
  • Language preferences
Communications:
  • Support inquiries and correspondence
  • Feedback and survey responses

2.2 Information We Collect Automatically

Device and Technical Information:
  • Device type and model
  • Operating system and version
  • Browser type and version
  • IP address (for general location and security)
  • App version
  • Language and time zone settings
Usage Information:
  • Features you use and frequency
  • Session duration and timing
  • Pages or screens viewed
  • Interaction patterns with ASTRID
  • Performance data and error reports
General Location:
  • Country and region (derived from IP address)
  • Time zone
  • We do NOT collect precise GPS location without your explicit consent

2.3 Information from Third Parties

Social Login: If you log in through a social media account, we may receive your profile name and email address.
Third-Party Integrations: If you connect health apps or wearables (future feature), we will receive only data you authorize.
Public Sources: We may collect publicly available information for security and fraud prevention.

3. How We Use Your Information

3.1 To Provide the Services

  • Create and maintain your account
  • Generate ASTRID's AI-powered health information responses
  • Personalize your experience based on conversation history
  • Provide continuity across sessions
  • Deliver customer support

3.2 To Improve and Develop

  • Analyze usage patterns to improve functionality
  • Develop new features and services
  • Troubleshoot technical issues
  • Conduct internal research and analytics

3.3 To Ensure Safety and Security

  • Detect and prevent fraud, abuse, and security threats
  • Verify identity and prevent unauthorized access
  • Monitor for Terms of Service violations
  • Ensure AI safety and quality

3.4 To Communicate With You

  • Send service-related notifications and updates
  • Respond to inquiries and support requests
  • Provide security alerts and important notices
  • Send marketing communications (with your consent)

3.5 For Legal Compliance

  • Comply with legal obligations and regulatory requirements
  • Respond to lawful requests from authorities
  • Protect our rights, property, and safety

3.6 For Research (Anonymized Only)

Using only de-identified, aggregated data:
  • Conduct health information research
  • Analyze trends in health information seeking
  • Publish research findings
  • Improve AI health information tools

4. How We Share Your Information

4.1 Our Core Commitment

We do NOT sell your personal information or individual health data.
We do NOT share your personal health queries with advertisers.
We do NOT use your identifiable conversations to train AI models.

4.2 Service Providers

We share information with trusted service providers who help operate ASTRID:
Category
Purpose
Data Shared
Cloud Infrastructure
Secure data storage and processing
Encrypted data as needed
AI Processing Partners
Power ASTRID's responses
Queries (processed per our agreements)
Security Services
Fraud prevention, identity verification
Security-relevant data
Communication Services
Email, notifications, support
Contact information
Analytics
Service improvement
Anonymized usage data
All service providers:
  • Are contractually prohibited from using your data for their own purposes
  • Must comply with applicable data protection laws
  • Are subject to security and privacy audits
  • Sign data processing agreements

4.3 AI Processing Partners

ASTRID uses proprietary AI infrastructure and specialized service partners (not mainstream LLM providers like OpenAI, Google, or Anthropic).
Our AI partners:
  • Process your queries solely to generate responses for you
  • Are contractually prohibited from using your data to train their models
  • Cannot retain your data beyond what's needed to generate responses
  • Must meet our security and privacy standards
Notice: Where legally permitted, we will notify you before disclosing your information in response to legal requests.

4.4 Legal Requirements

We may disclose information when required by law or when necessary to:
  • Comply with legal obligations, court orders, or government requests
  • Protect the rights, property, or safety of AstroDoc, users, or the public
  • Investigate potential Terms violations or illegal activity

4.5 Business Transfers

If AstroDoc is involved in a merger, acquisition, or sale of assets:
  • Your information may be transferred as part of the transaction
  • You will be notified via email and/or prominent notice
  • The acquiring entity will be bound by this Privacy Policy

4.6 With Your Consent

We may share information for purposes not described here when we have your explicit consent.

5. Advertising and Aggregated Data

5.1 How We Support Free Services

ASTRID is free because we display contextual advertisements. Here's exactly how this works:
What We Share With Advertisers:
  • Aggregated, de-identified topic and usage statistics
  • Example: "X% of users asked about diabetes this month"
  • Population-level health topic trends
  • General demographic patterns
What We NEVER Share With Advertisers:
  • Your name, email, or any personal identifiers
  • Your individual health queries or conversations
  • Your account information
  • Any data that could identify you personally

5.2 How Contextual Advertising Works

  1. You ask ASTRID a health question
  2. Based on the general topic, ASTRID may display a relevant advertisement
  3. The advertiser does NOT receive your query or any personal information
  4. Ad selection happens within our system—advertisers only provide ad content

5.3 Aggregation and De-identification

Before sharing any data with advertisers, we:
  • Remove all personal identifiers
  • Aggregate data across many users
  • Apply statistical techniques to prevent re-identification
  • Never share data from groups smaller than statistically significant thresholds
  • Maintain technical and administrative safeguards against re-identification

5.4 Your Control

  • You can disable personalized ad experiences in account settings
  • You can use browser/device ad controls
  • Disabling ads does not affect ASTRID's core functionality

6. Artificial Intelligence and Data Processing

6.1 How ASTRID's AI Works

Your Input: You provide questions, symptoms, or health information.
AI Processing: Our AI analyzes your input using proprietary models and service partner infrastructure, generating responses based on medical literature, health information databases, and licensed datasets.
Output: ASTRID provides information tailored to your query.

6.2 What We Use for AI Training

What We Do NOT Use:
  • Your personal, identifiable conversations
  • Your individual health information
  • Your private account data
We May Use
  • Anonymized, de-identified, aggregated data that cannot identify you
  • Public medical literature and health information
  • Licensed medical datasets
  • General usage patterns (without personal identifiers)

6.3 AI Safety Monitoring

We monitor AI interactions to:
  • Detect errors, inaccuracies, or harmful outputs
  • Identify potential bias or discrimination
  • Improve safety mechanisms
  • Ensure appropriate responses to sensitive topics
This monitoring may involve human review of a small percentage of conversations by trained personnel under strict confidentiality obligations. Reviewed conversations are de-identified to the extent possible.

6.4 Your Rights Regarding AI

You have the right to:
  • Know that you are interacting with an AI system
  • Understand the general logic of AI processing
  • Object to AI processing in certain circumstances (contact us)
  • Request human review of significant AI-assisted decisions

7. Data Security

7.1 Security Measures

We implement comprehensive security measures:
Technical Safeguards:
  • Encryption in transit (TLS 1.3) and at rest (AES-256)
  • Secure authentication with optional multi-factor authentication
  • Regular security audits and penetration testing
  • Intrusion detection and prevention systems
  • Automated threat monitoring
Administrative Safeguards:
  • Employee security and privacy training
  • Background checks for personnel with data access
  • Strict need-to-know access policies
  • Confidentiality agreements
  • Incident response procedures
Physical Safeguards:
  • Secure data centers with restricted access
  • Environmental controls and redundancy
  • Regular backups with secure disaster recovery

7.2 Compliance Standards

We align our security practices with:
  • SOC 2 Type II requirements
  • ISO 27001 principles
  • NIST Cybersecurity Framework
  • GDPR security requirements
  • FTC safeguards guidance

7.3 Your Security Responsibilities

Help protect your information by:
  • Using a strong, unique password
  • Enabling multi-factor authentication
  • Keeping login credentials confidential
  • Logging out on shared devices
  • Reporting suspicious activity to security@astrodoc.com

7.4 Data Breach Notification

In the event of a data breach affecting your personal information:
Jurisdiction
Authority Notification
User Notification
United States (FTC)
Within 60 days
Without unreasonable delay
European Union (GDPR)
Within 72 hours
Without undue delay (if high risk)
United Kingdom
Within 72 hours
Without undue delay (if high risk)
Australia
As soon as practicable
As soon as practicable
Canada
As soon as feasible
As soon as feasible
India
As specified by Data Protection Board
Without undue delay
South Africa
As soon as reasonably possible
As soon as reasonably possible
Nigeria
Within 72 hours
Immediately (if high risk)
Philippines
Within 72 hours
Within 72 hours (if high risk)
UAE
As required by UAE Data Office
Without undue delay
California (eff. 2026)
Within 15 days (if 500+)
Within 30 days
Notifications will include: what happened, what data was affected, steps we're taking, and how you can protect yourself.

7.5 Limitations

No system is 100% secure. While we implement strong protections, we cannot guarantee absolute security. You use the Services at your own risk regarding data security.

8. Data Retention

8.1 Retention Periods

Data Type
Retention Period
Notes
Account Information
While account is active + 30 days after deletion
Deleted promptly upon request
Health Conversations
While account is active + 30 days after deletion
You can delete individual conversations anytime
Usage and Technical Data
Up to 24 months
Used for analytics and improvement
Anonymized/Aggregated Data
Indefinitely
Cannot be linked to you
Legal/Compliance Records
As required by law (typically 3-7 years)
Retained only when legally mandated
Support Communications
3 years
For service quality and legal purposes
Backup Data
Up to 90 days after deletion
Automatically purged on rolling basis

8.2 Data Minimization

We practice data minimization by:
  • Collecting only information necessary for the Services
  • Regularly reviewing and deleting unnecessary data
  • Anonymizing data when identifiers are no longer needed
  • Implementing automated deletion procedures

8.3 Legal Holds

We may retain information longer when:
  • Required by law or legal process
  • Subject to litigation hold
  • Needed for ongoing investigations
  • Necessary to enforce our agreements

9. Your Privacy Rights and Choices

9.1 Access Your Information

You have the right to:
  • Access personal information we hold about you
  • Review your conversation history
  • Request a copy of your data in portable format (JSON, CSV)
How: Account Settings → Privacy → Download My Data, or email privacy@astrodoc.com

9.2 Correct Your Information

You have the right to:
  • Correct inaccurate information
  • Update outdated information
  • Complete incomplete information
How: Account Settings or email support@astrodoc.com

9.3 Delete Your Information

You have the right to:
  • Delete your account at any time
  • Request deletion of specific data
  • Have your data erased (subject to legal retention requirements)
No Barriers to Deletion:
  • Account deletion is completely free
  • No penalties, fees, or waiting periods
  • Simple, straightforward process
How:
  • Account Settings → Privacy → Delete Account
  • Follow confirmation steps
  • Or email support@astrodoc.com with subject "Delete My Account"
What Happens
  • Account immediately deactivated
  • Personal information deleted within 30 days
  • Health conversations deleted within 30 days
  • Backups purged within 90 days
  • Some data retained only as required by law

9.4 Object to Processing

You can object to certain processing, including:
  • Marketing communications
  • Processing based on legitimate interests
  • Automated decision-making
How: Email privacy@astrodoc.com with your specific objection

9.5 Withdraw Consent

Where processing is based on consent, you can withdraw at any time. Withdrawal does not affect the lawfulness of prior processing.
How: Account Settings or email privacy@astrodoc.com

9.6 Response Timeframes

Request Type
Standard Response
Maximum Extension
General requests
Within 30 days
+30 days for complex requests
GDPR requests (EU/UK)
Within 1 month
+ 2 months for complex requests
CCPA requests (California)
Within 45 days
+45 days with notice
India DPDPA requests
Within 7 days (acknowledgment)
As specified by regulations
South Africa POPIA requests
Within 30 days
As reasonably required
Philippines DPA requests
Within 15 days
+15 days with notice
Nigeria NDPA requests
Within 30 days
As specified by NDPC
Deletion requests
Within 30 days
Limited extensions

9.7 Verification

To protect your privacy, we verify your identity before fulfilling requests through:
  • Email verification
  • Account authentication
  • Government-issued ID (for sensitive requests only)

10. International Data Transfers

10.1 Where We Process Data

AstroDoc is based in the United States. Your information may be:
  • Stored on servers in the United States
  • Processed in the United States
  • Accessed by service providers in various countries

10.2 Transfer Mechanisms

For EU/EEA Users:
  • EU-US Data Privacy Framework (where certified)
  • Standard Contractual Clauses (2021 SCCs) with Transfer Impact Assessment
  • Your explicit consent for specific transfers
For UK Users:
  • UK International Data Transfer Agreement (UK IDTA)
  • UK Addendum to EU SCCs
  • UK adequacy regulations
For Other Jurisdictions
  • Appropriate contractual protections
  • Compliance with local transfer requirements

10.3 Safeguards

When transferring data internationally, we ensure:
  • Equivalent privacy protections
  • Contractual obligations on recipients
  • Technical security measures
  • Audit and enforcement rights

11. Regional Privacy Rights

11.1 European Union (GDPR)

Legal Bases for Processing:
  • Consent: For health data processing, marketing, optional features
  • Contract Performance: To provide ASTRID's services
  • Legitimate Interests: For security, improvement, research (when not overridden by your rights)
  • Legal Obligation: To comply with applicable laws
Your GDPR Rights:
  • Right to access
  • Right to rectification
  • Right to erasure ("right to be forgotten")
  • Right to restrict processing
  • Right to data portability
  • Right to object
  • Right to withdraw consent
  • Right not to be subject to solely automated decision-making
  • Right to lodge a complaint with a supervisory authority
Data Protection Officer: privacy@astrodoc.com
EU Representative: [Contact details available upon request per GDPR Article 27]
Supervisory Authority: You may file complaints with your local Data Protection Authority. Find yours at edpb.europa.eu

11.2 United Kingdom

UK residents have similar rights under UK GDPR and the Data Protection Act 2018.
UK Supervisory Authority: Information Commissioner's Office (ICO) Website: ico.org.uk Phone: 0303 123 1113

11.3 California (CCPA/CPRA)

Your California Rights:
  • Right to know what personal information we collect, use, and share
  • Right to delete personal information
  • Right to correct inaccurate information
  • Right to opt out of "sale" or "sharing" of personal information
  • Right to limit use of sensitive personal information
  • Right to non-discrimination for exercising rights
"Sale" and "Sharing" Disclosure:
  • We do NOT sell personal information in the traditional sense
  • We share aggregated, de-identified topic data with advertisers
  • This aggregated data does NOT constitute "sale" or "sharing" under CCPA because it cannot identify you
  • If you have concerns, you may still opt out by emailing privacy@astrodoc.com
Sensitive Personal Information: We collect health information, which is sensitive under CPRA. You have the right to limit its use to providing Services.
Authorized Agents: You may designate an authorized agent to make requests on your behalf with written authorization.
Contact: Email: privacy@astrodoc.com Subject: California Privacy Request Phone: (702) 478-5080

11.4 Washington State (My Health My Data Act)

Washington residents have specific rights regarding consumer health data:
  • Right to confirm whether we collect health data
  • Right to access health data
  • Right to delete health data
  • Right to withdraw consent
Separate Consent: Washington law requires separate consent for collecting and sharing consumer health data. We obtain this consent during account creation.
Contact: privacy@astrodoc.com with subject "Washington Health Data Request"

11.5 Other US States

Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA), Texas (TDPSA), Oregon (OCPA), Montana (MCDPA), and other states:
Residents of these states have similar rights including:
  • Right to access, correct, and delete personal data
  • Right to opt out of targeted advertising
  • Right to appeal denials
Separate Consent: Washington law requires separate consent for collecting and sharing consumer health data. We obtain this consent during account creation.
Contact: privacy@astrodoc.com with your state and specific request

11.6 Nevada

Nevada residents may opt out of the sale of personal information (though we do not sell personal information).
Contact: privacy@astrodoc.com with subject "Nevada Opt-Out"

11.7 Canada (PIPEDA)

Canadian users have rights under PIPEDA:
  • Right to access personal information
  • Right to challenge accuracy
  • Right to withdraw consent
  • Right to file complaints with the Privacy Commissioner
Privacy Commissioner of Canada:Website: priv.gc.ca Phone: 1-800-282-1376

11.8 Australia (Privacy Act)

Australian users have rights under the Privacy Act 1988:
  • Right to access and correct personal information
  • Right to complain about privacy breaches
  • Right to withdraw consent
  • Right to file complaints with the Privacy Commissioner
Office of the Australian Information Commissioner: Website: oaic.gov.au Phone: 1300 363 992

11.9 New Zealand (Privacy Act 2020)

New Zealand users have rights under the Privacy Act 2020:
  • Right to access personal information
  • Right to request correction
  • Right to complain to the Privacy Commissioner
Office of the Privacy Commissioner: Website: privacy.org.nz Phone: 0800 803 909

11.10 India (Digital Personal Data Protection Act 2023)

Indian users ("Data Principals") have rights under the Digital Personal Data Protection Act 2023 (DPDPA):
Your rights under DPDPA:
  • Right to access information about your personal data being processed
  • Right to correction and erasure of personal data
  • Right to grievance redressal
  • Right to nominate another person to exercise rights in case of death or incapacity
Legal Basis for Processing: We process your personal data based on your consent, which you provide when creating an account and using ASTRID. For health-related queries, we obtain your explicit consent before processing.
Consent Requirements:
  • Consent is free, specific, informed, unconditional, and unambiguous
  • You may withdraw consent at any time through Account Settings
  • Withdrawal of consent will result in erasure of your personal data, subject to legal retention requirements
Data Principal Obligations: Under the DPDPA, you agree not to impersonate another person when providing personal data, not to suppress any material information when providing personal data, not to register a false or frivolous complaint, and to provide authentic information when exercising your rights.
Cross-Border Transfer: Your personal data may be transferred to and processed in the United States. We ensure such transfers comply with DPDPA requirements and implement appropriate safeguards.
Grievance Redressal:
  • Grievance Officer: privacy@astrodoc.com
  • We will acknowledge your grievance within 48 hours
  • We will resolve your grievance within the timeframe specified by the Data Protection Board of India
Data Protection Board of India:
  • Website: (To be updated upon establishment)
  • You may file complaints with the Data Protection Board if you are not satisfied with our response
Privacy Notice Language: This Privacy Policy is available in English. If you require this notice in Hindi or another language listed in the Eighth Schedule of the Constitution of India, please contact privacy@astrodoc.com.

11.11 United Arab Emirates (PDPL)

UAE users have rights under Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (PDPL):
Your Rights Under UAE PDPL:
  • Right to access your personal data
  • Right to rectification of inaccurate data
  • Right to erasure of personal data
  • Right to restrict processing
  • Right to data portability
  • Right to object to processing
  • Right to withdraw consent
Legal Basis for Processing: We process your personal data based on your consent. For health-related queries, we obtain your explicit consent. We may also process data where necessary to protect your vital interests or for public health purposes.
Health Data Notice: Health information in the UAE is also subject to Federal Law No. 2 of 2019 on the Use of Information and Communication Technology (ICT) in Health Fields. ASTRID provides health information only, not medical services, and complies with applicable UAE health information regulations.
Cross-Border Transfer: Your personal data may be transferred to and processed in the United States. We ensure such transfers comply with UAE PDPL requirements, including implementing appropriate contractual safeguards.
UAE Data Office:
  • Website: (Contact details to be updated per UAE Data Office guidance)
  • You may file complaints with the UAE Data Office regarding violations of your privacy rights
DIFC and ADGM Users: If you are located in the Dubai International Financial Centre (DIFC) or Abu Dhabi Global Market (ADGM), separate data protection laws may apply. Please contact privacy@astrodoc.com for jurisdiction-specific information.

11.12 South Africa (POPIA)

South African users have rights under the Protection of Personal Information Act 4 of 2013 (POPIA):
Health Data as Special Personal Information: Under POPIA, health information is classified as "special personal information" and is subject to heightened protections. We process your health information only with your explicit consent or where otherwise permitted by law.
Your Rights Under POPIA:
  • Right to be notified that personal information is being collected
  • Right to access your personal information
  • Right to request correction or deletion of personal information
  • Right to object to processing of personal information
  • Right to submit a complaint to the Information Regulator
  • Right to institute civil proceedings for damages
  • Right not to have your personal information processed for direct marketing via unsolicited communications
  • Right not to be subject to automated decision-making
The Eight Conditions for Lawful Processing: We comply with POPIA's eight conditions: accountability, processing limitation, purpose specification, further processing limitation, information quality, openness, security safeguards, and data subject participation.
Information Officer:
  • Contact: privacy@astrodoc.com
  • Our Information Officer is registered with the Information Regulator as required by POPIA
Cross-Border Transfer: Your personal data may be transferred to and processed in the United States. We ensure the recipient is subject to binding rules that provide adequate protection, or you have consented to the transfer after being informed of potential risks.
Information Regulator (South Africa):

11.13 Philippines (Data Privacy Act of 2012)

Filipino users ("Data Subjects") have rights under Republic Act No. 10173, the Data Privacy Act of 2012 (DPA):
Health Data as Sensitive Personal Information: Under the DPA, health information is classified as "sensitive personal information" and is subject to heightened protections. Processing is generally prohibited except with your consent.
Your Rights Under the DPA:
  • Right to be informed of data collection and processing
  • Right to access your personal data
  • Right to object to processing
  • Right to erasure or blocking of personal data
  • Right to rectification of inaccurate data
  • Right to data portability
  • Right to damages for violations
  • Right to file complaints with the National Privacy Commission
Consent Requirements: For sensitive personal information including health data, we obtain your explicit consent, which must be freely given, specific, informed, and an indication of will.
Data Protection Officer:
Cross-Border Transfer: Your personal data may be transferred to and processed in the United States. We ensure compliance with NPC requirements for cross-border transfers, including implementing appropriate safeguards and contractual protections.
Breach Notification: We will notify the NPC and affected data subjects within 72 hours of becoming aware of a personal data breach that is likely to harm you.
National Privacy Commission (NPC):

11.14 Nigeria (Nigeria Data Protection Act 2023)

Nigerian users ("Data Subjects") have rights under the Nigeria Data Protection Act 2023 (NDPA) and the General Application and Implementation Directive (GAID) 2025:
Health Data as Sensitive Personal Data: Under the NDPA, health data is classified as "sensitive personal data" and is subject to heightened protections. We process your health information only with your explicit consent.
Your Rights Under the NDPA:
  • Right to be informed about data processing
  • Right to access your personal data
  • Right to rectification of inaccurate data
  • Right to erasure of personal data
  • Right to restriction of processing
  • Right to data portability
  • Right to object to processing
  • Right to withdraw consent
  • Right to lodge complaints with the Nigeria Data Protection Commission
  • Right not to be subject to solely automated decision-making
Legal Basis for Processing: We process your personal data based on your consent. For health-related queries, we obtain your explicit, freely given, specific, informed, and unambiguous consent.
Data Protection Officer:
Cross-Border Transfer: Your personal data may be transferred to and processed in the United States. We ensure compliance with NDPA requirements, including adequacy assessments and appropriate contractual safeguards as specified in Schedule 5 of the GAID.
Breach Notification: We will notify the Nigeria Data Protection Commission within 72 hours of becoming aware of a personal data breach, and notify you immediately if the breach poses high risk to your rights.
Nigeria Data Protection Commission (NDPC):

11.15 Pakistan

Current Status: Pakistan does not currently have comprehensive data protection legislation in effect. The Personal Data Protection Bill 2023 has been approved by the Federal Cabinet and is pending parliamentary approval.
Your Current Protections:
  • The Prevention of Electronic Crimes Act 2016 (PECA) provides certain protections against unauthorized access and disclosure of personal data
  • Article 14 of the Constitution of Pakistan recognizes the right to privacy as a fundamental right
When the Personal Data Protection Bill Becomes Law: Once enacted, we will update this Privacy Policy to reflect your rights under Pakistan's data protection law, including rights to access, correction, and deletion of personal data.
Current Contact for Privacy Concerns:
Federal Investigation Agency (FIA):: For complaints regarding unauthorized access to personal data under PECA:

11.16 All Other Jurisdictions

If you are located in a country or region not specifically addressed in Sections 11.1 through 11.15 above, the following applies to your use of ASTRID:
Your Rights: We are committed to respecting your privacy regardless of where you are located. You have the right to:
  • Access the personal data we hold about you
  • Request correction of inaccurate or incomplete personal data
  • Request deletion of your personal data (subject to legal retention requirements)
  • Withdraw your consent to processing at any time
  • Object to processing of your personal data in certain circumstances
  • Request a copy of your data in a portable format
How to Exercise Your Rights: Contact privacy@astrodoc.com with your request. Please include your country of residence so we can ensure we address any specific local requirements. We will respond to all requests within 30 days.
Local Law Protections: If the data protection laws of your country provide greater protections than those stated in this Privacy Policy, we will honor those protections upon verified request. Please inform us of the specific local law provisions you believe apply, and we will make good-faith efforts to comply.
International Data Transfer: By using ASTRID, you acknowledge and consent to the transfer of your personal data to the United States, where our servers are located. We implement appropriate safeguards including encryption, access controls, and contractual protections to secure your data during transfer and processing.
Governing Standards: In the absence of specific local requirements, we process your data in accordance with the core principles outlined in this Privacy Policy, which align with internationally recognized data protection standards including purpose limitation, data minimization, accuracy, storage limitation, integrity and confidentiality, and accountability.
Contact:
We are committed to working with you to address any privacy concerns and to comply with applicable local requirements.

12. Children's Privacy

12.1 Age Restrictions

ASTRID is not intended for independent use by children under 18.
Jurisdiction
Age Threshold
Requirement
United States (COPPA)
Under 13
Verifiable parental consent required
European Union (GDPR)
Under 16 (varies by country)
Parental consent required
United Kingdom
Under 13
Parental consent required
Australia
Varies
Parental consent recommended for minors

12.2 Parental Consent

Parents or legal guardians may allow minors to use ASTRID under their supervision. The parent/guardian must:
  • Accept Terms of Service on the minor's behalf
  • Provide verifiable consent for data collection
  • Supervise the minor's use

12.3 Discovery of Underage Use

If we discover we have collected information from someone under applicable age thresholds without proper consent:
  • We will delete the account immediately
  • We will delete all associated information
  • We will not use the information for any purpose

12.4 Parental Rights

Parents and legal guardians may:
  • Review information collected from their child
  • Request deletion of their child's information
  • Refuse further collection
Contact: privacy@astrodoc.com with subject "Parental Rights Request"

13. Cookies and Tracking Technologies

13.1 What We Use

Essential Cookies (Required):
  • Authentication and session management
  • Security and fraud prevention
  • Load balancing
  • Cannot be disabled
Functional Cookies (Optional):
  • Remember preferences and settings
  • Language selection
  • Accessibility features
Analytics Cookies (Optional):
  • Understand usage patterns
  • Identify technical issues
  • Improve service performance
Advertising Cookies (Optional):
  • Measure ad effectiveness
  • Support contextual advertising within ASTRID
  • Note: We do NOT use cookies to share your health queries with advertisers

13.2 Cookie Consent

EU/UK Users: We display a cookie consent banner before setting non-essential cookies. You can:
  • Accept all cookies
  • Reject non-essential cookies
  • Customize your preferences
All Users: You can manage cookies through:
  • Account Settings → Privacy → Cookie Preferences
  • Your browser settings
  • Device privacy settings

13.3 Do Not Track

We honor Do Not Track (DNT) browser signals for non-essential cookies.

13.4 Global Privacy Control

We honor Global Privacy Control (GPC) signals where required by law.

14. Third-Party Services

14.1 Third-Party Links

ASTRID may contain links to third-party websites or services. This Privacy Policy does not apply to those third parties. We are not responsible for their privacy practices.

14.2 Third-Party Integrations

If we offer integrations with third-party services (health apps, wearables):
  • Integration requires your explicit consent
  • You control what data is shared
  • Third parties have their own privacy policies
  • You can disconnect integrations anytime

14.3 Social Media

If you interact with us on social media, those platforms have their own privacy policies that govern your data.

15. Changes to This Privacy Policy

15.1 How We Update

We may update this Privacy Policy to reflect:
  • Changes in our practices
  • New features or services
  • Legal or regulatory requirements
  • User feedback

15.2 Notice of Changes

Material Changes:
  • Email notification at least 30 days before changes take effect
  • Prominent notice in the Services
  • May require renewed consent where legally required
Non-Material Changes
  • Updated "Last Updated" date
  • Changes effective upon posting

15.3 Your Options

After notification, you may:
  • Continue using the Services (indicates acceptance)
  • Delete your account if you disagree

15.4 Previous Versions

Request previous versions by emailing privacy@astrodoc.com.

16.Contact us

16.1 Privacy Questions

Email: privacy@astrodoc.com
Mail: AstroDoc, Inc. Attn: Privacy Officer 851 S. Rampart Blvd., Suite 110 Las Vegas, NV 89145 United States
Phone: (702) 478-5080

16.2 Data Protection Officer

Email: privacy@astrodoc.com
Phone: (702) 478-5080

16.3 Filing a Complaint

With Us:
  1. Email privacy@astrodoc.com with subject "Privacy Complaint"
  2. Describe your concern in detail
  3. We will investigate and respond within 30 days
We Will Not Retailiate: You have the right to file complaints without fear of retaliation
With Regulatory Authorities:
Jurisdiction
Authority
Contact
United States (COPPA)
Federal Trade Commission
ftc.gov, 1-877-382-4357
European Union (GDPR)
Your local DPA
edpb.europa.eu
United Kingdom
ICO
ico.org.uk, 0303 123 1113
Canada
Privacy Commissioner
priv.gc.ca, 1-800-282-1376
Australia
OAIC
oaic.gov.au, 1300 363 992
New Zealand
Privacy Commissioner
privacy.org.nz, 0800 803 909

16.4 Response Commitment

We commit to:
  • Acknowledge receipt within 5 business days
  • Investigate all complaints thoroughly
  • Provide substantive response within 30 days
  • Take corrective action when appropriate

Consumer Health Data Privacy Policy (Washington State)

In compliance with the Washington My Health My Data Act, this section provides additional information for Washington residents:
Categories of Consumer Health Data Collected:
  • Health conditions and symptoms you describe
  • Medications and treatments you mention
  • Medical history information you provide
  • Wellness and lifestyle information
Purpose of Collection:
  • To provide ASTRID's health information services
  • To personalize your experience
  • To improve service quality
Categories of Sources:
  • Directly from you through your use of ASTRID
Categories of Third Parties with Whom We Share:
  • Service providers (for service operation only)
  • Aggregated, de-identified data with advertising partners
How to Exercise Your Rights:
Be among the first
to meet ASTRID.
Join our waitlist for more information and early access.
Created by
ASTRID logo, black, png
2026 © AstroDoc, Inc
Privacy Policy
Terms of Service