Privacy Policy

Astlian, Inc.("Astlian", "we", "our", or "us") operates the Astlian suite of products, including Kanvamo and astlian.com. This Privacy Policy applies to all products and services provided under the Astlian brand.

If you have questions about this policy, contact us at privacy@astlian.com.

We collect information you provide directly, information generated by your use of our services, and information from third parties.

We use your information to:

• Provide, maintain, and improve our products and services.
• Create and manage your account and workspace.
• Process payments and send billing-related communications.
• Send transactional emails (password resets, product updates, security alerts).
• Respond to your support requests and communications.
• Monitor usage patterns to improve product performance and reliability.
• Detect, investigate, and prevent fraudulent or abusive activity.
• Comply with our legal obligations.

We do not sell your personal data. We do not use your workspace content to train AI models without explicit consent.

If you are located in the European Economic Area or the United Kingdom, our legal bases for processing your personal data are:

• Contract performance: Processing necessary to provide the services you have subscribed to.
• Legitimate interests: Improving our products, detecting abuse, and securing our systems, where those interests are not overridden by your rights.
• Consent: Marketing emails and optional analytics features — you may withdraw consent at any time.
• Legal obligation: Where we must process data to comply with applicable law.

We share your data only in the following circumstances:

• Service providers: Trusted vendors who process data on our behalf (e.g., cloud hosting, payment processing, error monitoring). These parties are contractually bound to protect your data and use it only for specified purposes.
• Your organization: If you use Astlian through an enterprise workspace, your workspace administrator may have access to your account data and workspace content.
• Legal requirements: When required by law, court order, or to protect the rights, property, or safety of Astlian, our users, or others.
• Business transfers: In connection with a merger, acquisition, or sale of assets, subject to the acquiring entity honoring this policy.

We retain your personal data for as long as your account is active or as needed to provide services. You may delete your account at any time; upon deletion, we will remove or anonymize your personal data within 30 days, except where retention is required by law or legitimate business purposes (e.g., billing records retained for 7 years in many jurisdictions).

We use the following categories of cookies:

• Strictly necessary: Required for authentication, security, and core product functionality. These cannot be disabled.
• Functional: Remember your preferences (language, timezone, UI settings).
• Analytics: Aggregate, anonymized usage data to understand how our products are used. You may opt out via our cookie banner or your browser settings.

We do not use advertising or cross-site tracking cookies.

Depending on your location, you may have the following rights regarding your personal data:

• Access: Request a copy of the personal data we hold about you.
• Correction: Request correction of inaccurate or incomplete data.
• Deletion: Request deletion of your personal data ("right to be forgotten").
• Portability: Receive your data in a structured, machine-readable format.
• Objection / Restriction: Object to or restrict certain processing activities.
• Withdraw consent: Where processing is based on consent, withdraw it at any time without affecting prior processing.

To exercise your rights, email privacy@astlian.com. We will respond within 30 days. Residents of California may also submit requests under the CCPA via the same address.

We implement industry-standard technical and organizational measures to protect your data, including encryption in transit (TLS 1.2+) and at rest (AES-256), role-based access controls, regular security audits, and incident response procedures. No system is 100% secure; if you discover a security issue, please report it to security@astlian.com.

Astlian is based in the United States. If you access our services from the EEA, UK, or other regions with data transfer restrictions, your data may be transferred to and processed in the US. We rely on Standard Contractual Clauses (SCCs) approved by the European Commission to legitimize such transfers.

Astlian products are not directed to individuals under 16 years of age. We do not knowingly collect personal data from children. If we learn we have collected data from a child under 16, we will delete it promptly. Contact privacy@astlian.com if you believe we have such data.

We may update this Privacy Policy from time to time. When we make material changes, we will notify you via email or a prominent notice in our products at least 14 days before the changes take effect. Your continued use of our services after the effective date constitutes acceptance of the updated policy.

For privacy-related inquiries, contact our Data Privacy team at privacy@astlian.com or write to: