Astrópalo
Try for free
Sign in Partners

Privacy Policy

Last updated: April 2026

1. Data Controller

The entity responsible for processing your personal data is:

  • Company: Alice & Bob S.L.
  • Tax ID (CIF): B67932186
  • Address: Calle Marie Curie, 7, Edif. Beta, Pl. 7 Ático, Parque Empresarial Rivas Futura, 28521 Rivas-Vaciamadrid, Madrid, Spain
  • Email: hello@astropalo.com

2. Data We Collect

  • Account data: name, email address, and password (stored encrypted) when you register.
  • Usage data: the websites you add for monitoring, scan history, and security findings associated with those sites.
  • Technical data: IP address, browser type, operating system, and browsing behaviour on our platform, collected via cookies (see our Cookie Policy).
  • Billing data: payment information processed by Stripe. We do not store card numbers directly.
  • Communications: emails you send us and support tickets.

3. Purpose and Legal Basis

  • Service provision (contract performance): create and manage your account, run security scans, generate reports, and send alerts about critical vulnerabilities.
  • Billing (contract performance): process subscription payments through Stripe.
  • Communications (legitimate interest): send product updates, security notifications, and weekly summaries.
  • Analytics (consent): measure platform usage with Google Analytics and Meta Pixel, only if you have consented via the cookie banner.
  • Legal obligations: comply with applicable tax and accounting regulations.

4. Third Parties

  • Stripe: payment processing. Privacy policy: stripe.com/privacy
  • Google Analytics: usage analytics (only with your consent). Privacy policy: policies.google.com/privacy
  • Meta Pixel: advertising and conversion tracking (only with your consent). Privacy policy: facebook.com/privacy/policy
  • EmailIt: transactional email delivery (account notifications, alerts, reports).
  • Hetzner Cloud: cloud infrastructure where the service runs. Servers located in Germany (EU).

5. International Transfers

Google and Meta are based in the United States. Data transfers are protected by Standard Contractual Clauses (SCCs) adopted by the European Commission, ensuring GDPR-equivalent safeguards. All other providers process data within the European Union.

6. Data Retention

  • Account data: retained for the duration of your subscription, plus 3 years after cancellation for legal obligations.
  • Scan history and findings: retained for the duration of your subscription. Deleted within 30 days of account cancellation.
  • Billing records: retained for 5 years as required by Spanish tax law.
  • Analytics data: retained per each provider's standard retention policy (e.g., 26 months for Google Analytics).

7. Your Rights

Under the GDPR (Regulation EU 2016/679) and Spanish organic law (LOPDGDD), you have the right to:

  • Access: obtain a copy of the personal data we hold about you.
  • Rectification: correct inaccurate or incomplete data.
  • Erasure ("right to be forgotten"): request deletion of your personal data where legally permissible.
  • Restriction: request that we limit processing of your data.
  • Portability: receive your data in a machine-readable format.
  • Objection: object to processing based on legitimate interest.
  • Withdraw consent: at any time, for processing based on consent (e.g., analytics cookies).

To exercise any of these rights, email us at hello@astropalo.com. We will respond within 30 days.

8. Right to Lodge a Complaint

If you believe your rights have been violated, you may lodge a complaint with the Spanish Data Protection Agency (Agencia Española de Protección de Datos — AEPD) at www.aepd.es.

9. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated by email or by a prominent notice on our platform at least 15 days before they take effect. Continued use of the service after that date constitutes acceptance of the revised policy.