ASTRAEA SENTINEL

Privacy Policy

Last updated: [28/05/2025]

1. Data Controller

This website is a non-commercial student project, developed for research and educational purposes.

The data controller is:
Astraea Sentinel Team
Contact (for data protection matters): contact@astraea-sentinel.com

2. Data We Collect

When you create an account or use the service, we may collect:

Email signup:

  • Email address
  • Name or username
  • Password (securely hashed)

GitHub sign-in:

  • GitHub username
  • GitHub ID
  • Public email address (if available)
  • Public avatar (if applicable)

We do not store GitHub credentials or long-term access tokens.

3. Purpose of Processing

  • Create and manage your user account
  • Provide access to the Astraea Sentinel platform
  • Personalize and improve the service
  • Ensure service security and integrity

4. Legal Basis

  • Performance of a contract (account creation and access)
  • Legitimate interest (platform improvement and fraud prevention)
  • Consent (for optional features or communication)

5. Data Recipients

Your personal data is only accessible to:

  • Astraea Sentinel development team
  • Technical service providers (e.g., Supabase for hosting and database)

We do not sell or share your data with third parties for advertising.

6. International Transfers

Some data may be processed outside the European Union, including by:

  • GitHub (USA)
  • Supabase (USA)
  • Stripe (USA)

These transfers are secured with appropriate safeguards (e.g., standard contractual clauses).

7. Data Retention

  • Active accounts: data is retained as long as the account is in use.
  • Inactive accounts: deleted after 12 months of inactivity.
  • On request: users may request account deletion at any time (see section 8).

8. Your Rights

  • Access your personal data
  • Correct inaccurate data
  • Request deletion
  • Limit or object to processing
  • Request data portability

To exercise your rights, contact: contact@astraea-sentinel.com
You may also file a complaint with your local data protection authority (e.g., CNIL in France).

9. Data Security

  • Passwords are securely hashed (e.g., with bcrypt)
  • Communication is encrypted (HTTPS)
  • Access is limited to authorized personnel

10. Cookies

We use only essential cookies required for site functionality.
We do not use tracking, analytics or advertising cookies.

11. Payments

We use Stripe to process payments securely. Payment details are handled directly by Stripe via their hosted checkout page.

We do not store any payment information.

Stripe may collect:

  • Name
  • Email
  • Billing address
  • Payment method

Stripe’s privacy policy: https://stripe.com/privacy

12. Policy Updates

This privacy policy may be updated periodically.
Significant changes will be posted on this page.