Privacy Policy
Privacy Policy
Last Updated: 16 April 2026
This Privacy Policy describes how Astral Business Solutions ("Company," "we," "us," or "our") collects, uses, shares, and protects your personal information when you use the Astral Audit platform at ai-readiness.com ("Service").
We are committed to protecting your privacy and handling your data transparently. This policy applies to all users of the Service worldwide.
1. Information We Collect
1.1 Account Information
When you create an account, we collect:
- Email address (required for authentication)
- Full name (optional, if provided)
- Business name (optional, if provided)
1.2 Audit Data
When you use the Service to audit a website, we collect and store:
- The URL(s) you submit for auditing
- Audit scores (SEO and AEO scores)
- Performance metrics (Core Web Vitals: LCP, FID, CLS, Speed Index, load time)
- Screenshots of the audited page (desktop and mobile)
- Page title, meta description, and structured data analysis
- AI-generated insights and recommendations based on audit results
- Keywords and business context you provide
- SERP (search engine results page) analysis data
1.3 Team and Organization Data
If you create or join a team, we collect:
- Team name and identifier
- Member roles (owner, admin, member)
- Invitation history and team activity logs
1.4 Billing Information
When you subscribe to a paid plan or make a purchase, our payment processor (Stripe) collects and processes your payment information. We store:
- Stripe customer and subscription identifiers
- Subscription tier and billing interval
- Billing period dates and subscription status
We do not store your full credit card number, CVV, or bank account details. This information is handled exclusively by Stripe in accordance with PCI-DSS standards.
1.5 Usage Data
We automatically collect:
- Audit usage counts (for quota enforcement)
- Timestamps of account creation and activity
- Authentication events (login timestamps)
1.6 Technical Data
When you access the Service, we may collect:
- IP address (captured during legal agreement acceptance for audit trail purposes)
- Browser type and version (via standard HTTP headers)
We do not use third-party analytics, tracking pixels, or advertising cookies.
2. How We Use Your Information
We use your information for the following purposes:
| Purpose | Legal Basis (GDPR) |
|---|---|
| Providing and operating the Service | Performance of contract |
| Processing audits and generating reports | Performance of contract |
| Managing your account and authentication | Performance of contract |
| Processing payments and managing subscriptions | Performance of contract |
| Sending transactional emails (audit results, billing notices, team invitations) | Performance of contract |
| Enforcing usage quotas and subscription limits | Legitimate interest |
| Preventing fraud and abuse | Legitimate interest |
| Improving and maintaining the Service | Legitimate interest |
| Complying with legal obligations | Legal obligation |
We do not use your data for advertising, behavioral profiling, or selling to third parties.
3. AI Processing
Certain audit data (URL, page title, meta description, text excerpts, scores, and criteria results) is sent to AI language model providers to generate executive summaries, recommendations, and insights. This processing:
- Occurs only as part of generating your audit reports
- Uses only publicly accessible information from the audited webpage plus audit metrics
- Does not include your personal account information (email, name, payment details)
- Is a core part of delivering the Service
4. How We Share Your Information
We share your information only with the following categories of service providers, solely for the purposes of operating the Service:
| Provider | Purpose | Data Shared |
|---|---|---|
| Supabase | Database hosting, authentication, file storage | Account data, audit data, screenshots |
| Stripe | Payment processing | Billing information, email address |
| Groq | AI-generated insights | Audit metrics, page content excerpts (no personal data) |
| Google PageSpeed Insights | Performance metrics | Audited URL |
| Serper.dev | Search engine results analysis | Audited URL, keywords |
| Resend | Transactional email delivery | Email address, notification content |
We do not sell, rent, or trade your personal information to third parties for their marketing purposes.
We may also disclose your information if required by law, legal process, or government request, or to protect the rights, property, or safety of Astral Business Solutions, our users, or the public.
5. Shared Audit Reports
When you generate a public share link for an audit report, the report (including scores, metrics, screenshots, and AI insights) becomes accessible to anyone with the link. Share links do not expire and do not require authentication. You control whether and with whom you share these links.
6. Data Retention
We retain your data as follows:
- Account data: Retained for as long as your account is active, and for a reasonable period afterward for legal and operational purposes
- Audit data: Retention varies by subscription tier:
- Free: Up to 30 days, limited to your 3 most recent audits
- Starter and Professional: Duration of your active subscription
- Enterprise: As agreed in your service contract
- Billing records: Retained as required by applicable tax and financial reporting laws
- Team activity logs: Retained for the duration of the team's existence
- Agreement records: Retained indefinitely for legal compliance
When data is deleted, it is removed from our active databases. Backups may retain data for a limited period in accordance with our backup retention policies.
7. Data Security
We implement appropriate technical and organizational measures to protect your data, including:
- Encryption in transit (TLS/HTTPS)
- Row-level security policies in our database ensuring users can only access their own data
- Secure authentication via one-time email codes (no passwords stored)
- Service-role separation for administrative operations
- Secure storage of API keys and credentials (never exposed to clients)
No system is completely secure, and we cannot guarantee absolute security. If we become aware of a data breach that affects your personal information, we will notify you in accordance with applicable law.
8. Your Rights
Depending on your location, you may have the following rights regarding your personal information:
8.1 Rights Under GDPR (EEA/UK Users)
- Access: Request a copy of your personal data
- Rectification: Request correction of inaccurate data
- Erasure: Request deletion of your data ("right to be forgotten")
- Restriction: Request that we limit processing of your data
- Portability: Request your data in a structured, machine-readable format
- Objection: Object to processing based on legitimate interest
- Withdraw consent: Where processing is based on consent, withdraw it at any time
8.2 Rights Under CCPA/CPRA (California Residents)
- Know: Request what personal information we collect, use, and disclose
- Delete: Request deletion of your personal information
- Correct: Request correction of inaccurate personal information
- Non-discrimination: We will not discriminate against you for exercising your rights
- Opt-out of sale: We do not sell your personal information
8.3 Rights Under Other Jurisdictions
We respect privacy rights under applicable laws worldwide, including but not limited to LGPD (Brazil), PIPEDA (Canada), POPIA (South Africa), and Australia's Privacy Act. If your jurisdiction provides additional rights, we will honor them to the extent required by applicable law.
8.4 Exercising Your Rights
To exercise any of these rights, contact us at team@ai-readiness.com. We will respond within the timeframe required by applicable law (generally 30 days). We may need to verify your identity before processing your request.
9. International Data Transfers
Our Service is hosted in the United States. If you are located outside the United States, your data will be transferred to and processed in the United States. We rely on the following safeguards for international data transfers:
- Standard contractual clauses (where applicable)
- Data processing agreements with our service providers
- Compliance with applicable data transfer frameworks
By using the Service, you acknowledge this transfer. For EEA/UK users, this transfer is necessary for the performance of our contract with you.
10. Children's Privacy
The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child, we will take steps to delete it promptly.
11. Do Not Track
The Service does not currently respond to "Do Not Track" browser signals. However, we do not engage in cross-site tracking.
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. When we make material changes, we will notify you through the Service and update the "Last Updated" date. If material changes require your renewed consent, we will obtain it before continuing to process your data under the updated policy.
13. Data Protection Officer
For privacy-related inquiries or concerns, contact us at:
- Email: team@ai-readiness.com
- Website: ai-readiness.com/contact
If you are in the EEA/UK and are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority.