Astrix Beta Privacy Policy
Quick Summary
- We collect data you provide and some automatic data to deliver our service
- We do NOT sell your data or use it for advertising
- We retain emails after account termination for fraud prevention
- You have rights to access, correct, and delete your data
- We comply with Malaysia PDPA and UK GDPR
1 Introduction & Controller Information
1.1 About This Privacy Policy
This Privacy Policy explains how Astrix2u ("Company," "we," "us," "our") collects, processes, stores, and protects personal data from users ("User," "you," "your") of the Astrix Beta assessment tool ("Service").
This policy applies to all use of the Service, whether online via our website or through direct engagement with our team.
1.2 Data Controller & Processors
Astrix2u is the data controller responsible for your personal data, meaning we determine how and why your personal data is processed.
Key Data Processors We Use:
| Processor | Function | Location |
|---|---|---|
| Cloudflare | CDN, DDoS protection, DNS, analytics | Global (EU/US) |
| Resend | Email delivery infrastructure | Global |
| Brevo | Marketing automation, SMS, customer engagement | Global (EU) |
All processors are bound by Data Processing Agreements (DPAs) requiring data protection compliance.
1.3 Data Protection Officer
Astrix2u may appoint a Data Protection Officer (DPO) if required under Malaysia PDPA 2024 or UK GDPR regulations. For data protection inquiries, contact us through https://astrix2u.com/contact
1.4 Applicable Privacy Laws
This Privacy Policy complies with:
- Malaysia: Personal Data Protection Act 2010 (PDPA) and Personal Data Protection (Amendment) Act 2024
- United Kingdom: UK General Data Protection Regulation (UK GDPR) and Data Protection Act 2018
- Singapore: Personal Data Protection Act 2012 (PDPA) – where applicable
2 Data We Collect
2.1 Information You Provide Directly
Account Registration & Profile Information
- • Full name, email address, phone number (optional)
- • Job title, company/organization name
- • Profile photo or avatar (optional)
- • Account preferences and settings
Input Data ("Inputs")
- • Information you input into Astrix for assessment generation
- • This is the primary data processed to provide the Service
Communication Data
- • Messages, feedback, support inquiries, complaint details
- • Responses to surveys or user research
- • Participation in beta testing feedback
Payment Information (if applicable)
- • Billing name, address, payment method details
- • Transaction history and invoices
2.2 Information We Collect Automatically
Access & Connection Data
- • IP address, device type, operating system, browser type
- • Pages visited, time of access, referral source
Cookies & Local Storage
- • Session cookies for authentication and functionality
- • Analytics cookies (with consent)
- • Persistent cookies to remember preferences
Usage Analytics
- • Features accessed, assessments generated
- • Interaction patterns, session duration
- • Error logs and debugging information
2.3 Data from Third Parties
We may receive personal data from service providers, analytics platforms, payment gateway providers, and referral partners.
3 How We Use Your Data
3.1 Legal Bases for Processing
| Purpose | Legal Basis |
|---|---|
| Service Delivery & Account Management | Contract |
| Security & Fraud Prevention | Legitimate interests |
| Debugging & Technical Support | Contract / Legitimate interests |
| Product Improvement & Analytics | Legitimate interests |
| Legal Compliance | Legal obligation |
| Marketing & Communications | Consent |
| Anti-Fraud & Account Abuse Prevention | Legitimate interests |
We do NOT:
- ❌ Sell your Input data to third parties
- ❌ Share your Input with other users without consent
- ❌ Use Input for targeted advertising or marketing profiling
- ❌ Train commercial AI models on your Input without explicit opt-in consent
4 Anti-Fraud & Email Retention Policy
Important Notice
When you terminate your account, we retain your email address in our system for fraud prevention and abuse mitigation purposes, even after account deletion.
Why We Retain Emails After Account Termination:
- You received welcome credits upon registration
- We must prevent re-registration using the same email to claim duplicate credits
- This protects our system integrity and other legitimate users
Retention Periods:
- Email address: Retained indefinitely (until re-registration risk has diminished)
- Account data and Inputs: Deleted after 30 days following termination
- All other personal data: Deleted as per Section 7
What This Means for Users:
- ✓ Your account profile, Inputs, and Outputs will be deleted
- ✓ Your personal information (name, phone, company) will be deleted
- ✓ Your email address will be retained for fraud prevention
- ✓ You cannot re-register using the same email address
- ✓ You can register using a different email address
5 Automated Decision-Making & Profiling
Important Notice: Automated Assessments
Astrix generates assessments using fully automated decision-making without human intervention.
What This Means:
- Nature: Astrix applies pre-defined, deterministic algorithmic rules to your Input to produce Outputs.
- No Machine Learning: Astrix does NOT use machine learning, neural networks, or AI models. It is rule-based and deterministic.
- No Profiling: Astrix does NOT create user profiles or build persistent behavioral models about you.
- Significant Effects: Assessments are informational only and do not have legal or similarly significant effects on you.
Your Rights:
You have the right to request human intervention, express your views, and challenge the decision. Contact us at https://astrix2u.com/contact with the subject line "Request for Human Review of Automated Assessment"
6 Who We Share Your Data With
6.1 Third-Party Service Providers
| Processor | Category | Purpose |
|---|---|---|
| Cloudflare | Infrastructure / Security | CDN, DDoS protection, analytics |
| Resend | Email Infrastructure | Transactional email delivery |
| Brevo | Marketing & Communications | Email campaigns, SMS (if opted in) |
| Payment Processor | Payment | Processing payments |
| Cloud Hosting | Infrastructure | Storage, backup, availability |
We do NOT:
- ❌ Sell your personal data to third parties
- ❌ Disclose personal data to marketing partners without consent
- ❌ Share Input data with competitors or business partners
6.4 International Data Transfers
Astrix2u operates in Malaysia, UK, and Singapore. Your data may be transferred internationally with appropriate safeguards including Standard Contractual Clauses (SCCs), encryption, and access controls.
7 Data Retention & Deletion
| Type of Data | Retention Period | Reason |
|---|---|---|
| Account Information | During use + 2 years after closure | Audit trail, legal compliance |
| Email Address | Indefinite (terminated accounts) | Anti-fraud prevention |
| Input & Output Data | During use + 30 days after termination | Troubleshooting, support |
| Email Communications | 1 year from last interaction | Legal disputes, service history |
| Payment Information | 3-7 years per tax law | Tax compliance, accounting |
| Access Logs / IP | 90 days | Security, abuse detection |
| Analytics Data | 26 months | Usage patterns, trends |
Right to Erasure
You have the right to request deletion of your personal data. Submit a request through https://astrix2u.com/contact
Response Timeline: Malaysia PDPA: 30 days | UK GDPR: 30 days (extendable to 90 days)
8 Your Data Protection Rights
Malaysia PDPA Rights
- • Right of Access
- • Right of Correction
- • Right of Deletion
- • Right to Opt-Out
- • Right to Restrict Processing
- • Right to Lodge Complaint (PDPC)
UK GDPR Rights
- • Right of Access (SAR)
- • Right of Rectification
- • Right to Erasure
- • Right to Data Portability
- • Right to Object
- • Right to Lodge Complaint (ICO)
How to Exercise Your Rights
Contact us at https://astrix2u.com/contact
Include: Your name, account details, which right you're exercising, and description of the data involved.
9 Data Security & Protection Measures
Encryption
HTTPS/TLS 1.2+ in transit, AES-256 at rest
Access Control
Role-based access control (RBAC)
MFA
Multi-Factor Authentication available
Network Security
Firewalls, IDS, DDoS protection (Cloudflare)
Backups
Regular encrypted backups with DR plan
Training
Annual security awareness training
Data Breach Notification
We comply with Malaysia PDPA (72 hours to PDPC, 7 days to affected individuals) and UK GDPR (72 hours to ICO) notification requirements.
10 Cookies & Tracking Technologies
| Cookie Type | Purpose | Consent Required? |
|---|---|---|
| Essential/Technical | Session management, authentication, security | No – required for function |
| Analytics | Tracking page views, user behavior | Yes – requires consent |
| Functional | Remembering preferences, settings | Yes – requires consent |
| Marketing | Retargeting, conversion tracking | Yes – requires consent |
You can manage cookie preferences via our cookie consent banner or browser settings.
11 Children & Minors
Age Restriction: The Service is not intended for individuals under 18 years old. We do not knowingly collect personal data from children or minors.
If you are a parent or guardian and believe a minor has provided data to us, contact us immediately at https://astrix2u.com/contact
12 Third-Party Links & Services
Our Service may contain links to external websites or services operated by third parties. We are not responsible for their privacy practices.
Before visiting external sites, review their privacy policies. We have no control over third-party data handling.
13 Changes to This Privacy Policy
We may update this Privacy Policy to reflect changes in our practices, legal requirements, or new features.
How We Notify You:
- • Website update with new "Last Updated" date
- • Email notification to registered users
- • In-app notification upon next login
- • 30-day notice period before material changes take effect
14 Special Categories of Data (Sensitive Data)
Warning
Do NOT upload sensitive personal data to Astrix unless absolutely necessary:
- • Health records, medical information, diagnoses
- • Financial statements, bank accounts, credit information
- • Identity documents (passports, driver's licenses)
- • Biometric data, criminal records, genetic information
If you MUST input sensitive data: anonymize it where possible, use only minimum data required, understand the risks, and obtain consent from all individuals whose data is included.
15 Data Protection Impact Assessment (DPIA)
For high-risk processing activities, we conduct Data Protection Impact Assessments (DPIAs) to identify risks, assess impact on individuals' rights, and implement mitigation measures.
You can request information about DPIAs relating to your data through https://astrix2u.com/contact
16 Contact Us & Data Protection Authorities
Astrix2u
- Contact: https://astrix2u.com/contact
- Service: Astrix Beta Platform
- Response Time: 30 days
Data Protection Authorities
- Malaysia: PDPC - pdp.gov.my
- UK: ICO - ico.org.uk
- ICO Phone: 0303 123 1113
17 Glossary of Terms
| Term | Definition |
|---|---|
| Personal Data | Any information relating to an identified or identifiable natural person |
| Processing | Any operation performed on personal data (collection, use, storage, deletion, etc.) |
| Data Controller | The entity that determines the purposes and means of processing (Astrix2u) |
| Data Processor | An entity that processes data on behalf of the controller (e.g., Cloudflare, Resend) |
| Consent | Freely given, specific, informed, unambiguous agreement to process personal data |
| Legitimate Interests | A legal basis allowing processing where controller has a legitimate business reason |
| Input | Personal data or information you provide to Astrix for assessment |
| Output | Assessment or results generated by Astrix based on your Input |
18 Final Provisions
Entire Agreement: This Privacy Policy, together with our Terms of Service, constitutes the entire agreement between you and Astrix2u regarding data protection and privacy.
Governing Law:
- Malaysia users: Malaysian law, including PDPA 2010 and amendments
- UK users: English law, including UK GDPR and DPA 2018
- Other jurisdictions: Laws of Malaysia, unless local law imposes stricter requirements
Severability: If any provision is found invalid, the remaining provisions continue in full effect.
Acknowledgment
By using Astrix Beta, you acknowledge that you have read, understood, and agree to this Privacy Policy. If you do not agree with our data handling practices, please discontinue use of the Service.