By using or accessing our Services in any manner, you acknowledge that you accept the practices and policies outlined below, and you hereby consent that we will collect, use and disclose your information as described in this Privacy Policy.
Remember that your use of the Company’s Services is at all times subject to our Terms of Use, which incorporates this Privacy Policy. Any terms we use in this Policy without defining them have the definitions given to them in the Terms of Use.
You may print a copy of this Privacy Policy by clicking HERE
As we continually work to improve our Services, we may need to change this Privacy Policy from time to time. We will alert you of material changes by placing a notice on the Company’s website, by sending you an email and/or by some other means. Please note that if you’ve opted not to receive legal notice emails from us (or you haven’t provided us with your email address), those legal notices will still govern your use of the Services, and you are still responsible for reading and understanding them. If you use the Services after any changes to the Privacy Policy have been posted, that means you agree to all of the changes. Please note that if you utilize our Services in connection with an Enterprise Customer, your Personal Data will be processed in accordance with our Services to such Enterprise Customer, as further described in "Enterprise Customers" section below.
What this Privacy Policy Covers
This Privacy Policy covers how we treat Personal Data that we gather when you access or use our Services, including our website, www.astrobee.ai “Personal Data” means any information that identifies or relates to a particular individual and also includes information referred to as “personally identifiable information” or “personal information” or “sensitive personal information” under applicable data privacy laws, rules or regulations. This Privacy Policy does not cover the practices of companies we don’t own or control or people we don’t manage.
From the moment you request a demo of Bearer, we start collecting data. Sometimes you provide us with data, sometimes data about you is collected automatically.
Here’s when and how we do this:
Profile or Contact Data such as first and last name and email address.
Providing, Customizing and Improving the Services·
Marketing the Services
Corresponding with You
Service Providers
Parties You Authorize, Access or Authenticate
Payment Data such as payment card type, last 4 digits of payment card, and billing address, phone number, and email.
Providing, Customizing and Improving the Services
Corresponding with You
Service Providers (specifically our payment processing partner, currently Stripe, Inc.)
Commercial Data such as purchase history of products and services.
Providing, Customizing and Improving the Services
Marketing the Services
Corresponding with You
Service Providers
Parties You Authorize, Access or Authenticate
Device/IP Data such as IP address and type of device to access the Services.
Providing, Customizing and Improving the Services
Marketing the Services
Corresponding with You
Service Providers
Parties You Authorize, Access or Authenticate
Web Analytics such as web page interactions, referring webpage/source through which you accessed the Services, non-identifiable request IDs, and statistics associated with the interaction between device or browser and the Services.
Providing, Customizing and Improving the Services
Marketing the Services
Corresponding with You
Service Providers
Parties You Authorize, Access or Authenticate
Geolocation Data such as IP-address-based location information.
Providing, Customizing and Improving the Services
Marketing the Services
Corresponding with You
Service Providers
Parties You Authorize, Access or Authenticate
Inferences Drawn From Other Personal Data Collected such as attributes, user behavior, and predispositions.
Providing, Customizing and Improving the Services
Marketing the Services
Corresponding with You
Service Providers
Parties You Authorize, Access or Authenticate
Other Data such as additional information you provide us voluntarily, such as in communications to us.
Providing, Customizing and Improving the Services
Marketing the Services
Corresponding with You
Service Providers
Parties You Authorize, Access or Authenticate
Session Replay Data such as screen recordings of user interactions within our demo environment, including mouse movements, clicks, scrolling behavior, and other interactions.
Analyzing and improving the user experience within our publicly available free demo
Profile or Contact Data such as first and last name and email address.
Providing, Customizing and Improving the Services·
Marketing the Services
Corresponding with You
Service Providers
Parties You Authorize, Access or Authenticate
Payment Data such as payment card type, last 4 digits of payment card, and billing address, phone number, and email.
Providing, Customizing and Improving the Services
Corresponding with You
Service Providers (specifically our payment processing partner, currently Stripe, Inc.)
Commercial Data such as purchase history of products and services.
Providing, Customizing and Improving the Services
Marketing the Services
Corresponding with You
Service Providers
Parties You Authorize, Access or Authenticate
Device/IP Data such as IP address and type of device to access the Services.
Providing, Customizing and Improving the Services
Marketing the Services
Corresponding with You
Service Providers
Parties You Authorize, Access or Authenticate
Web Analytics such as web page interactions, referring webpage/source through which you accessed the Services, non-identifiable request IDs, and statistics associated with the interaction between device or browser and the Services.
Providing, Customizing and Improving the Services
Marketing the Services
Corresponding with You
Service Providers
Parties You Authorize, Access or Authenticate
Geolocation Data such as IP-address-based location information.
Providing, Customizing and Improving the Services
Marketing the Services
Corresponding with You
Service Providers
Parties You Authorize, Access or Authenticate
Inferences Drawn From Other Personal Data Collected such as attributes, user behavior, and predispositions.
Providing, Customizing and Improving the Services
Marketing the Services
Corresponding with You
Service Providers
Parties You Authorize, Access or Authenticate
Other Data such as additional information you provide us voluntarily, such as in communications to us.
Providing, Customizing and Improving the Services
Marketing the Services
Corresponding with You
Service Providers
Parties You Authorize, Access or Authenticate
Session Replay Data such as screen recordings of user interactions within our demo environment, including mouse movements, clicks, scrolling behavior, and other interactions.
Analyzing and improving the user experience within our publicly available free demo
Providing, Customizing and Improving the Services
Marketing the Services
Corresponding with You
In addition, each of the above referenced categories of Personal Data may be collected, used, and disclosed with the government, including law enforcement, or other parties to meet certain legal requirements and enforcing legal terms including: fulfilling our legal obligations under applicable law, regulation, court order or other legal process, such as preventing, detecting and investigating security incidents and potentially illegal or prohibited activities; protecting the rights, property or safety of you, the Company or another party; enforcing any agreements with you; responding to claims that any posting or other content violates third-party rights; and resolving disputes.
We will not collect additional categories of Personal Data or use the Personal Data we collected for materially different, unrelated or incompatible purposes without providing you notice or obtaining your consent.
We collect Personal Data about you from the following categories of sources:
You
Public Records
Third Parties
We disclose your Personal Data to the categories of service providers and other parties listed in this section. Depending on state laws that may be applicable to you, some of these disclosures may constitute a “sale” of your Personal Data. For more information, please refer to the state-specific sections below.
Service Providers. These parties help us provide the Services or perform business functions on our behalf. They include:
In addition, if (1) you sign up for our Services and have an account as an Individual Customer in a manner that indicates that you are associated with a particular entity or employer (e.g., by using an email or other credentials associated with such entity or employer), and (2) that entity or employer has (or later obtains) an account with AstroBee as an Enterprise Customer, at AstroBee’s option, your account with us (together with all data and information in your account, including your Personal Data as described in this Privacy Policy may be transferred to such Enterprise Customer account as part of an Entity Account Transfer. You agree that such transfers may occur, and that any transferred data or information may be used in accordance with the applicable agreement in place between AstroBee and the applicable Enterprise Customer. You can find more information more information in our Terms of Use.
We may disclose any Personal Data that we collect with third parties in conjunction with any of the activities set forth under “Other Permitted Purposes for Processing Personal Data” section above.
All of your Personal Data that we collect may be transferred to a third party if we undergo a merger, acquisition, bankruptcy or other transaction in which that third party assumes control of our business (in whole or in part).
We may create aggregated, de-identified or anonymized data from the Personal Data we collect, including by removing information that makes the data personally identifiable to a particular user. We may use such aggregated, de-identified or anonymized data and disclose it with third parties for our lawful business purposes, including to analyze, build and improve the Services and promote our business, provided that we will not disclose such data in a manner that could identify you.
The Services use cookies and similar technologies such as pixel tags, web beacons, clear GIFs and JavaScript (collectively, “Cookies”) to enable our servers to recognize your web browser, tell us how and when you visit and use our Services, analyze trends, learn about our user base and operate and improve our Services. Cookies are small pieces of data– usually text files – placed on your computer, tablet, phone or similar device when you use that device to access our Services. We may also supplement the information we collect from you with information received from third parties, including third parties that have placed their own Cookies on your device(s).
Please note that because of our use of Cookies, the Services do not support “Do Not Track” requests sent from a browser at this time.
We use the following types of Cookies:
You can decide whether or not to accept Cookies through your internet browser’s settings. Most browsers have an option for turning off the Cookie feature, which will prevent your browser from accepting new Cookies, as well as (depending on the sophistication of your browser software) allow you to decide on acceptance of each new Cookie in a variety of ways. You can also delete all Cookies that are already on your device. If you do this, however, you may have to manually adjust some preferences every time you visit our website and some of the Services and functionalities may not work.
To explore what Cookie settings are available to you or to modify your preferences with respect to Cookies, you can access your Cookie management settings by clicking the cookie icon from the bottom left corner of our webpage. To find out more information about Cookies generally, including information about how to manage and delete Cookies, please visit http://www.allaboutcookies.org/ or https://ico.org.uk/for-the-public/online/cookies/ if you are located in the European Union.
We use the following types of Cookies:
When you access and interact with our publicly available free demo, we use session replay technology provided by PostHog to record user sessions, including mouse movements, clicks, scrolling behavior, and interactions with the demo interface. This helps us analyze how users engage with our demo and identify potential usability issues to improve our services.
Purpose
To ensure that information is classified, protected, retained and securely disposed of in accordance with its importance to the organization.
Scope
All AstroBee data, information and information systems.
AstroBee classifies data and information systems in accordance with legal requirements, sensitivity, and business criticality in order to ensure that information is given the appropriate level of protection. Data owners are responsible for identifying any additional requirements for specific data or exceptions to standard handling requirements.
Information systems and applications shall be classified according to the highest classification of data that they store or process.
To help AstroBee and its employees easily understand requirements associated with different kinds of information, the company has created three classes of data.
Information systems and applications shall be classified according to the highest classification of data that they store or process.
Confidential
Highly sensitive data requiring the highest levels of protection; access is restricted to specific employees or departments, and these records can only be passed to others with approval from the data owner, or a company executive. Examples include:
Customer Data
Personally identifiable information (PII) Company financial and banking data
Salary, compensation and payroll information Strategic plans
Incident reports
Risk assessment reports Technical vulnerability reports Authentication credentials Secrets and private keys Source code
Litigation data
Restricted
AstroBee proprietary information requiring thorough protection; access is restricted to personnel with a "need-to-know" based on business requirements. This data can only be distributed outside the company with approval. This is default for all company information unless stated otherwise. Examples include:
Internal policies Legal documents
Meeting minutes and internal presentations Contracts
Internal reports Slack messages Email
Public
Documents intended for public consumption which can be freely distributed outside AstroBee. Examples include:
Marketing materials Product descriptions Release notes
External facing policies
Labeling
Confidential data should be labeled "confidential" whenever paper copies are produced for distribution.
Confidential Data Handling
Confidential data is subject to the following protection and handling requirements:
Public Data Handling
No special protection or handling controls are required for public data. Public data may be freely distributed.
Restricted Data Handling
Restricted data is subject to the following protection and handling requirements:
AstroBee shall retain data as long as the company has a need for its use, or to meet regulatory or contractual requirements. Once data is no longer needed, it shall be securely disposed of or archived. Data owners, in consultation with legal counsel, may determine retention periods for their data. Personally identifiable information (PII) shall be deleted or de-identified as soon as it no longer has a business use. Retention periods shall be documented in the Data Retention Matrix in Appendix B to this policy.
Data classified as restricted or confidential shall be securely deleted when no longer needed. AstroBee shall assess the data and disposal practices of third-party vendors in accordance with the Third-Party Management Policy. Only third-parties who meet AstroBee requirements for secure data disposal shall be used for storage and processing of restricted or confidential data.AstroBee shall ensure that all restricted and confidential data is securely deleted from company devices prior to, or at the time of, disposal. Confidential and Restricted hardcopy materials shall be shredded or otherwise disposed of using a secure method.Personally identifiable information (PII) shall be collected, used and retained only for as long as the company has a legitimate business purpose. PII shall be securely deleted and disposed of following contract termination in accordance with company policy, contractual commitments and all relevant laws and regulations. PII shall also be deleted in response to a verified request from a consumer or data subject, where the company does not have a legitimate business interest or other legal obligation to retain the data.
Management shall review data retention requirements during the annual review of this policy. Data shall be disposed of in accordance with this policy.
Management shall review data retention Under certain circumstances, AstroBee may become subject to legal proceedings requiring retention of data associated with legal holds, lawsuits, or other matters as stipulated by AstroBee legal counsel. Such records and information are exempt from any other requirements specified within this Data Management Policy and are to be retained in accordance with requirements identified by the Legal department. All such holds and special retention requirements are subject to annual review with AstroBee legal counsel to evaluate continuing requirements and scope. during the annual review of this policy. Data shall be disposed of in accordance with this policy.
AstroBee will measure and verify compliance to this policy through various methods, including but not limited to, business tool reports, and both internal and external audits.
Requests for an exception to this Policy must be submitted to the CEO for approval.
Any known violations of this policy should be reported to the CEO. Violations of this policy can result in immediate withdrawal or suspension of system and network privileges and/or disciplinary action in accordance with company procedures up to and including termination of employment.
We do not knowingly collect or solicit Personal Data from children under 16 years of age; if you are a child under the age of 16, please do not attempt to register for or otherwise use the Services or send us any Personal Data. If we learn we have collected Personal Data from a child under 16 years of age, we will delete that information as quickly as possible. If you believe that a child under 16 years of age may have provided Personal Data to us, please contact us at support@astrobee.ai
We do not knowingly collect or solicit Personal Data from children under 16 years of age; if you are a child under the age of 16, please do not attempt to register for or otherwise use the Services or send us any Personal Data. If we learn we have collected Personal Data from a child under 16 years of age, we will delete that information as quickly as possible. If you believe that a child under 16 years of age may have provided Personal Data to us, please contact us at support@astrobee.ai
If you have any questions or comments about this Privacy Policy, the ways in which we collect and use your Personal Data or your choices and rights regarding such collection and use, please do not hesitate to contact us at:
