Privacy

Privacy Policy

Last updated: 29 May 2026 · v1.2

1. Who we are

Astarter Tech Group Ltd. (“Astarter”, “we”, “us”) operates the website at astarter.io (the “Site”) and publishes information about the Astarter network, the ABox node sale, and the $AST token. This policy describes what we do with visitor data on the public Site.

The Site is a protocol-level information surface. It does not market regulated financial products and does not solicit transactions from residents of the United States of America, Canada, or the People’s Republic of China. See § 11.

2. What we collect

The public-facing Site collects the minimum information needed to operate. We do not use third-party advertising trackers, session-recording tools, fingerprinting, or behavioural analytics on the Site.

We do not use your personal data for automated decision-making or profiling that produces legal or similarly significant effects. The public Site does not collect or store wallet addresses; any wallet connection or on-chain activity occurs on separate Astarter applications under their own terms.

2.1 Automatically collected

• Server logs. Standard web-server access logs (IP address, user-agent, request time, referrer). Retained for security and abuse prevention; not correlated with any user identity.
• Service Worker cache. The browser stores Site assets locally to enable offline use and instant repeat visits. This cache lives on your device and is not transmitted to us.

2.2 Provided by you

• Newsletter signup. If you submit an email address to the newsletter form, it is sent to our newsletter provider (Beehiiv) where it is stored to deliver announcements about tokenomics, mainnet milestones, and node sales. You can unsubscribe at any time via the link in any email. Beehiiv processes the data under its own privacy policy.
• Contact email. Messages sent to contact@astarter.io are received by Astarter staff and retained only as long as needed to respond.

3. Cookies & browser storage

The Site does not set first-party tracking cookies. We use localStorage for non-tracking UX state only:

• Your language preference (so the language switcher remembers your choice)
• Whether you have dismissed the translation-beta banner
• Your scroll position on a page (so reloading a page returns you to where you were)
• The number of visits (used to gate one-time announcements; never transmitted)

All of this lives entirely in your browser and is never sent to our servers. Clearing your browser’s site data removes it.

4. Third-party services loaded by the Site

The Site loads a small number of third-party resources at page load:

• Plausible Analytics (plausible.io) · cookieless, privacy-first aggregate pageview counter. Loaded only if you have enabled “Analytics” in the consent banner. Plausible does not use cookies, does not collect personal data, and does not fingerprint visitors. Plausible’s data policy.
• jsDelivr CDN (cdn.jsdelivr.net) · delivers Three.js library files used for the ABox 3D visual.
• Spline (prod.spline.design) · delivers the 3D scene shown in the Nodes section.
• Beehiiv (beehiiv.com) · receives newsletter signups submitted through the subscribe form (only if you submit the form).
• Cloudflare (cloudflare.com) · provides content delivery, security and DDoS protection, and processes newsletter sign-up requests submitted through the subscribe form before they reach our newsletter provider. Cloudflare processes data under its own privacy policy.
• Self-hosted assets. Fonts, images, and code are served directly from astarter.io with no third-party tracking.

4.1 Consent & opt-out

On your first visit you are shown a consent banner with three toggles: Necessary (always on; this is just the localStorage UX state described in § 3), Analytics, and Marketing. Both Analytics and Marketing default to off until you opt in. You can re-open the banner and change your choices at any time via the Cookie settings link in the footer.

When you click outbound links to external services (CertiK Skynet, the GitBook docs, Medium, Telegram, X/Twitter, Discord, our DEX, partner sites), those services apply their own privacy policies.

5. Why we collect data & legal basis

We process the limited data described above to operate and secure the Site (server logs), remember your preferences (browser storage), send announcements you request (newsletter), and respond to your enquiries (contact email). Where data-protection law such as the EU/UK GDPR applies, our legal bases are your consent (newsletter and optional analytics), our legitimate interest in operating and securing the Site (server logs and necessary browser storage), and steps taken at your request (responding to your messages).

6. Data retention

We keep personal data only as long as necessary for the purposes described in this policy. Server access logs are retained for a short period for security and abuse prevention and then deleted or anonymised. Newsletter data is retained by Beehiiv until you unsubscribe or ask us to delete it. Contact emails are kept only as long as needed to handle your request and a reasonable period thereafter.

7. International data transfers

Some of our service providers (including Beehiiv, Plausible, Cloudflare, jsDelivr, and Spline) may process data on servers located outside your country of residence. Where personal data is transferred across borders, we rely on the safeguards offered by those providers under their own privacy policies and applicable transfer mechanisms.

8. Your rights

Depending on where you live, you may have the right to access the personal data we hold about you; correct inaccurate data; delete your data; object to or restrict certain processing; receive your data in a portable format; and withdraw consent at any time (without affecting prior processing). To exercise any of these rights, write to contact@astarter.io and we will respond within the timeframe required by applicable law. If you are in the EU or UK, you also have the right to lodge a complaint with your local data-protection authority. We will not discriminate against you for exercising any of these rights.

9. Security

We take reasonable technical and organisational measures to protect personal data; see our Security page for more. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

10. Children

The Site and the Astarter network are not directed at children. We do not knowingly collect personal data from anyone under 18 years of age.

11. Restricted regions

The Site, the ABox node sale, and the $AST token are not offered to, and you may not access them from, any region where doing so would be unlawful. Without limiting the foregoing, the Site and the $AST token are not directed at, and are not available to, citizens, nationals, or residents of the United States of America, Canada, or the People’s Republic of China, or any jurisdiction subject to comprehensive sanctions. By using the Site you represent that you are not located in, and are not a citizen, national, or resident of, any such region.

12. Language

The Site is available in English, Simplified Chinese, Japanese, and Korean. The non-English versions are translations for convenience. In the event of any conflict between the English version of this policy and any translation, the English version prevails.

13. Changes to this policy

We may update this policy from time to time. The “Last updated” date at the top reflects the most recent revision. Material changes will be announced via the official Astarter channels.

14. Contact

Questions about this policy or your data: contact@astarter.io