Privacy Policy

Last updated: April 2026

Astira Automations ("we", "us", "our") provides business automation tools that connect to your Gmail, Microsoft, Facebook, and Instagram accounts. This policy explains what data we access, how we use it, and your rights.

What we access

When you connect a Gmail inbox, we access your emails using the Google Gmail API with your explicit permission. We read email metadata (sender address, subject line, received time) and email content solely to classify emails by category and generate plain-English summaries to help you manage your inbox more efficiently.

What we do not do

• We never send emails on your behalf. Any draft replies generated by the platform are placed in your Gmail Drafts folder for you to review and send yourself. We never call Gmail's send API.
• We do not sell your data to third parties under any circumstances.
• We do not use your email content to train machine learning models. AI processing is performed on-demand per email and results are not used for model training.
• We do not store raw email body content beyond the time needed to generate a summary. Only the summary is retained.

What we store

We store the following in AWS infrastructure (Sydney, Australia region):

• Email metadata: sender address, subject, received time, Gmail message ID
• AI-generated summaries and category classifications
• Your account configuration, rules, and preferences
• Actions and tasks you create within the platform

Raw email body content is not retained after classification.

How we use your data

Your data is used exclusively to provide the Astira Automations dashboard features you have enabled. We do not share your data with any third party except:

• Google — to read your Gmail via the Gmail API, under the permissions you grant during sign-in
• AWS — to store and process your data on our secure infrastructure
• Anthropic — email content is sent to Claude (Anthropic's AI) for classification and summarisation, under Anthropic's data processing terms

Google API data use

Astira Automations' use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Microsoft API data use

Astira Automations' use and transfer of information received from Microsoft APIs (including Microsoft Graph and Outlook) adheres to the Microsoft API Terms of Use and Microsoft's privacy and data handling requirements. We access only the data necessary to provide the service and do not share it with third parties beyond those listed in this policy.

Meta API data use

Where you connect Facebook or Instagram accounts, Astira Automations accesses data via the Meta Platform Terms. We access only the permissions you grant (such as reading page reviews or comments) and use that data solely to provide the reputation and social features of the platform. We do not sell or share this data with third parties beyond those listed in this policy.

Your rights

• Disconnect at any time — You can disconnect your Gmail inbox from the dashboard at any time. This immediately stops all future email access.
• Data deletion — You may request deletion of all data associated with your account by emailing us at hello@astiraautomations.com. We will action this within 30 days.
• Access — You may request a copy of the data we hold about you by contacting us.

Security

All data is encrypted in transit (TLS) and at rest. Access to your data is restricted to authenticated users of your account only. We use AWS Cognito for authentication and AWS DynamoDB for data storage, both with encryption enabled.

Changes to this policy

We may update this policy from time to time. Material changes will be communicated via the dashboard. The date at the top of this page reflects the most recent update.

Contact

Questions about this policy? Email us at hello@astiraautomations.com.