Astro Trading
Sign In

Privacy Policy

Last updated: February 2026

1. Data Controller

The data controller responsible for data processing on this website is:

Sheran Investments UG (haftungsbeschränkt)
München, Germany
Email: support@astrotrading.app

The controller is the natural or legal person who, alone or jointly with others, decides on the purposes and means of the processing of personal data (e.g., names, email addresses, etc.).

2. General Information on Data Processing

We take the protection of your personal data seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations, in particular the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG).

When you use this website, various personal data is collected. This privacy policy explains what data we collect, what we use it for, and how we process it.

3. Legal Basis for Processing

We process personal data based on the following legal grounds under Art. 6(1) GDPR:

  • Consent (Art. 6(1)(a) GDPR): Where you have given us consent for a specific processing purpose (e.g., cookies, newsletter).
  • Contract performance (Art. 6(1)(b) GDPR): Where processing is necessary for the performance of a contract with you, including provision of our services and subscription management.
  • Legal obligation (Art. 6(1)(c) GDPR): Where processing is necessary to comply with a legal obligation (e.g., tax retention requirements).
  • Legitimate interest (Art. 6(1)(f) GDPR): Where processing is necessary for our legitimate interests, such as ensuring website security and improving our services, provided your rights do not override those interests.

4. Data We Collect

4.1 Account Registration

When you create an account, we collect your email address, display name, and authentication credentials. Account authentication is managed through Firebase Authentication (Google Ireland Limited). The legal basis is Art. 6(1)(b) GDPR (contract performance).

4.2 Subscription and Payment Data

When you subscribe to our service, payment processing is handled by Stripe, Inc. (Stripe Payments Europe, Ltd. for EU customers). We do not store your full payment card details on our servers. Stripe processes your payment information in accordance with PCI-DSS standards. We receive only a truncated card number, expiration date, and billing address for record-keeping. The legal basis is Art. 6(1)(b) GDPR (contract performance).

For more information, see Stripe's privacy policy at stripe.com/privacy.

4.3 Usage Data

When you visit our website, our servers automatically collect technical data including your IP address, browser type and version, operating system, referrer URL, pages visited, and the date and time of your visit. This data is collected based on our legitimate interest in ensuring website security and functionality (Art. 6(1)(f) GDPR).

4.4 Contact Requests

If you contact us via email, your message and all provided personal data (name, email address) will be stored for the purpose of processing your inquiry. We will not share this data without your consent. The legal basis is Art. 6(1)(b) GDPR if your inquiry relates to the performance of a contract, or Art. 6(1)(f) GDPR (legitimate interest in responding to inquiries).

5. Cookies

Our website uses cookies. Cookies are small text files that are stored on your device by your web browser.

Strictly Necessary Cookies

These cookies are essential for the operation of the website. They include authentication session cookies (to keep you signed in) and cookie consent preferences. The legal basis is Art. 6(1)(f) GDPR (legitimate interest in providing a functional website). These cookies cannot be disabled.

Analytics Cookies

If you consent, we may use analytics cookies to understand how visitors interact with our website. These cookies are only set after you have given your explicit consent via our cookie banner (Art. 6(1)(a) GDPR). You can withdraw your consent at any time.

6. Third-Party Services

6.1 Firebase Authentication (Google)

We use Firebase Authentication by Google Ireland Limited for user account management and sign-in. When you sign in (via email/password or Google Sign-In), Firebase processes your authentication data. Google may transfer data to the US under Standard Contractual Clauses (SCCs) in accordance with Art. 46(2)(c) GDPR.

6.2 Stripe (Payment Processing)

Payment processing is handled by Stripe Payments Europe, Ltd. (for EU-based customers). Stripe processes your payment details in a PCI-DSS-compliant environment. For international data transfers, Stripe relies on Standard Contractual Clauses.

6.3 Vercel (Hosting)

Our website frontend is hosted by Vercel Inc. Vercel may process server logs containing IP addresses and request metadata. Vercel uses Standard Contractual Clauses for data transfers outside the EU/EEA.

7. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected:

  • Account data: Retained for the duration of your account. Deleted within 30 days of account deletion request.
  • Payment/transaction data: Retained for 10 years in accordance with German commercial and tax law (§257 HGB, §147 AO).
  • Server logs: Retained for up to 90 days for security purposes, then automatically deleted.
  • Contact inquiries: Retained for 6 months after final correspondence, unless longer retention is required for ongoing business relationships.

8. Your Rights Under GDPR

Under the GDPR, you have the following rights regarding your personal data:

  • Right of access (Art. 15 GDPR): You have the right to request information about the personal data we hold about you.
  • Right to rectification (Art. 16 GDPR): You have the right to request correction of inaccurate personal data.
  • Right to erasure (Art. 17 GDPR): You have the right to request deletion of your personal data, subject to legal retention obligations.
  • Right to restriction (Art. 18 GDPR): You have the right to request restriction of processing of your personal data.
  • Right to data portability (Art. 20 GDPR): You have the right to receive your personal data in a structured, commonly used, and machine-readable format.
  • Right to object (Art. 21 GDPR): You have the right to object to processing of your personal data based on legitimate interest or direct marketing.
  • Right to withdraw consent (Art. 7(3) GDPR): Where processing is based on consent, you have the right to withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing prior to withdrawal.
  • Right to lodge a complaint (Art. 77 GDPR): You have the right to lodge a complaint with a supervisory authority. The competent authority is the Bayerisches Landesamt für Datenschutzaufsicht (BayLDA), Promenade 18, 91522 Ansbach, Germany.

To exercise any of these rights, please contact us at support@astrotrading.app.

9. Data Security

We use SSL/TLS encryption for all data transmission between your browser and our servers. Our infrastructure is secured with industry-standard measures including firewalls, access controls, and regular security updates. However, no method of transmission over the internet or method of electronic storage is 100% secure.

10. Changes to This Privacy Policy

We reserve the right to update this privacy policy to reflect changes in our practices or for other operational, legal, or regulatory reasons. We will notify registered users of material changes via email. The updated version will be indicated by the “Last updated” date at the top of this page.

Back to Home