Privacy Policy

1. Who we are

Astroz is a store management platform with inventory, orders, customers, suppliers, purchasing, finance, public storefront, notifications, and operational communication features.

When a store uses Astroz to manage its own customers, suppliers, and business data, that store decides which data is entered and is responsible for having a lawful basis to process it. Astroz processes that data to provide the contracted service.

2. Data we may collect

• Account data, such as name, email, hashed password, Google identifier when used, phone/WhatsApp number, avatar, CPF or CNPJ, and brand name.
• Store data, such as public slug, support email and WhatsApp number, pickup address, delivery options, catalog preferences, and business instructions.
• Customer and order data, such as name, email, phone/WhatsApp number, address, document when provided, order history, purchased items, payment method, notes, and status.
• Operational data, such as products, variants, SKUs, inventory, images, categories, suppliers, purchases, finance entries, attachments, reports, and audit logs.
• Communication data, such as messages, attachments, comments, conversations, support channels, and metadata needed to display history, notifications, and status.
• Technical data, such as session cookies, authentication identifiers, access logs, security events, IP address, and browser/device information when needed for security and operation.

3. Cookies and consent

We use necessary cookies for security, authentication, fraud prevention, essential preferences, and recording privacy choices. These cookies are required for the service to function.

On the public page, we may use measurement and marketing cookies and similar technologies only after consent, including Google Analytics, Google Tag Manager, Meta Pixel, and Microsoft Clarity. These tools help us understand visits, improve the experience, measure campaigns, and avoid irrelevant advertising.

You can accept, reject, or adjust optional cookies in the consent banner and can change or withdraw that choice at any time through the cookies button displayed on the public page.

4. How we use data

• Create and maintain accounts, authenticate users, and protect sessions.
• Operate inventory, sales, purchasing, finance, reporting, public storefront, and communication features.
• Send and record notifications, emails, alerts, and operational messages requested or configured by the user.
• Provide support, investigate errors, prevent abuse, maintain audit records, and improve service reliability.
• Comply with legal, tax, regulatory, contractual, and security obligations.

5. WhatsApp and Meta integration

When an integration with WhatsApp Business Platform is active, Astroz may process the data required to send, receive, organize, and display conversations related to the store's operations.

This data may include WhatsApp numbers, names or profile information provided, message content, attachments, timestamps, conversation identifiers, webhook events, delivery or read status when available, and other technical metadata needed to route support and maintain operational history.

Messages are sent and received through Meta and WhatsApp services. Meta may also process data according to its own policies, terms, and controls. The store is responsible for using the integration in compliance with Meta/WhatsApp policies and for having authorization or a lawful basis to contact people through the channel.

6. Sharing and processors

We may share data with providers that help operate Astroz, such as hosting, database, file storage, email delivery, notifications, authentication, monitoring, cloud infrastructure, and integrations configured by the user.

When the user enables third-party services, such as Meta/WhatsApp, Google, Telegram, email providers, storage, or payment gateways, the required data may be transmitted to those providers to perform the integration.

7. Retention and security

We keep data for as long as needed to provide the service, comply with legal obligations, resolve disputes, preserve audit records, prevent fraud, and protect users and stores.

We apply reasonable technical and organizational measures to protect personal data, including access controls, authentication, account/team isolation, audit records, and protected storage. No system is completely risk-free, but we work continuously to reduce those risks.

8. Data subject rights

Under the LGPD and other applicable laws, data subjects may request access, correction, confirmation of processing, anonymization, blocking, deletion, portability, information about sharing, objection, and withdrawal of consent where applicable.

Some data may need to be retained for legal obligations, security, fraud prevention, regular exercise of rights, or maintenance of tax and operational records.

9. International transfers

Astroz and its providers may process data on infrastructure located outside Brazil. In such cases, we seek to use providers with appropriate contractual, technical, and organizational measures to protect the information.

10. Changes to this policy

We may update this policy to reflect changes in the product, integrations, legal requirements, or security practices. The current version will be published on this page with the update date.