AstroFlow Privacy Policy

Effective date: May 18, 2026

Privacy Policy

AstroFlow (“AstroFlow”, “we”, “us”) respects your privacy and works to protect the confidentiality of information you provide. This privacy policy explains what personal data we collect, why we collect it, how we use it, and the choices and rights you have.

Our services are based in Sweden, but our website and web application can be used internationally.

About us

The data controller responsible for processing your personal data is Astroflow (enskild firma, registered in Sweden) (“AstroFlow”).

This privacy policy applies to personal data we collect when you visit astroflowtrading.com (the “Website”), create an account, and/or use our web application and related services (together, the “Service”).

As used in this privacy policy, “personal data” means any information relating to an identified or identifiable person.

Contact details

If you have questions or want to exercise your rights, contact us at privacy@astroflowtrading.com.

Important: Add your registered business address and organisation number below before publishing:

Astroflow (enskild firma)
Organisation number: [ADD ORG. NR]
Address: [ADD REGISTERED ADDRESS]
Email: privacy@astroflowtrading.com

Updates

We may update this privacy policy from time to time by posting a new version on our Website. If required by applicable law, we will notify you of significant changes.

The current version of this privacy policy was modified on May 18, 2026.

Personal data that we collect

You can view public charts, market data, or informational content without creating an account. If you create an account or buy a subscription, we collect additional data to provide those features.

Data you provide to us

1. User accounts. If you create an account, we may collect:
   • username and email address;
   • sign-in details from a social login provider (Google or Apple), such as your email address and profile identifier provided by that provider;
   • optional profile info you choose to add (for example a profile image/avatar).

   The following information may be publicly displayed (where applicable): username, avatar image, date joined, and subscription level.

   The following information is not publicly displayed: your email address and any billing details.

2. Subscription and billing information. If you buy a subscription, we (and our payment provider) may collect:
   • name and billing address (if required for invoicing/tax);
   • subscription plan, status, and transaction identifiers;
   • limited payment-related details we receive from our payment provider (for example, payment method type and last four digits). We do not store your full card number.
3. Support and communications. If you contact us, we process the information you send (for example your email address and message content) to respond and provide support.

Data we collect automatically

1. Cookies and similar technologies. We use cookies and similar technologies to:
   • run and secure the Service (strictly necessary cookies);
   • remember preferences (where applicable);
   • measure usage and improve performance (analytics cookies, where enabled);
   • in some cases, provide or measure marketing (marketing cookies, where enabled).
2. Log and device data. Like most websites, our servers may automatically record certain information, including:
   • IP address, approximate location (country/region), and timestamps;
   • browser type, OS, device type, and app/browser version;
   • referring/exit pages and basic request/response logs.

   We use this information to administer the Service, detect abuse, and maintain security and reliability.

3. Analytics events (where enabled). If analytics are enabled, we may collect pseudonymous usage information such as page views, feature interactions, and performance metrics to improve the Service.

Data we receive from third parties

If you sign in using Google or Apple, the provider may share information such as your email address and a user identifier. We do not control how those providers process your data on their own services.

How we use personal data

We use personal data to operate the Service, provide requested functionality, improve reliability, prevent abuse, and comply with applicable legal obligations.

1. Provide and operate the Service. For example, to create accounts, authenticate users, maintain sessions, and provide core features.
2. Personalize settings. We store your preferences (such as chart settings, timezones, drawings, and indicator settings) to customize your experience.
3. Subscriptions and billing. To process purchases, manage subscriptions, provide invoices/receipts (where required), and handle billing-related communications.
4. Security and abuse prevention. To detect and prevent spam, fraud, and abuse, debug issues, and keep the Service secure.
5. Customer support. To respond to support requests and troubleshoot issues.
6. Service communications. On rare occasions, we may send service-related messages (for example, important security notices or major outages). These are not marketing messages.
7. Marketing (email). Where permitted by law, we may send emails about AstroFlow features or offers. You can opt out at any time via the “unsubscribe” link in emails or by contacting us.

Legal bases for processing (GDPR)

If you are in the EEA/UK, we process personal data under one or more of the following legal bases:

• Contract: when processing is necessary to provide the Service or subscription you request.
• Legitimate interests: such as securing the Service, preventing abuse, improving features, and communicating with users about relevant product updates (you can object in certain cases).
• Consent: for example, where required for non-essential cookies and certain marketing communications.
• Legal obligation: where we must comply with accounting/tax or other legal requirements.

Cookies and tracking choices

Where required, we ask for your consent before placing non-essential cookies (such as analytics or marketing cookies). You can also withdraw consent at any time by changing your cookie preferences (for example via a cookie banner/settings link, if available) or by adjusting your browser settings.

Please note that blocking strictly necessary cookies may cause parts of the Service to stop working.

When we share your personal data

We do not sell your personal data.

We share personal data only as needed to operate the Service, provide what you request, and comply with legal obligations:

1. Payment processing (Stripe). We use Stripe as our payment processor for subscription payments. When you purchase a subscription, you provide payment details directly to Stripe through Stripe Checkout. Stripe may process billing details, receipts, tax information, fraud prevention signals, refund requests, and payment method information under their own terms and privacy policy: https://stripe.com/privacy.
2. Analytics providers (where enabled). If analytics are enabled, we may use providers such as Google Analytics to understand how users interact with the Service. These providers may set cookies and collect device and usage information (which may include IP address) depending on your settings/consent.
3. Infrastructure and service providers. We may use hosting, storage, database, email delivery, and monitoring providers to run the Service. These providers are authorized to process personal data only as necessary to provide services to us and are bound by contractual obligations.
4. Auth providers (Google/Apple sign-in). If you use social login, the provider processes data as part of their authentication service and may act as an independent controller for parts of that processing.
5. Legal compliance and protection. We may disclose information if required by law or if necessary to protect rights, safety, and security, investigate fraud, or respond to lawful requests from authorities.
6. Business transfers. If AstroFlow is involved in a merger, acquisition, or asset sale, personal data may be transferred as part of that transaction. We will provide notice if your data becomes subject to a different privacy policy.

International transfers

Because our Service is available internationally and we may use service providers in different countries, your personal data may be processed outside your country, including outside the EEA/UK.

When we transfer personal data internationally, we use appropriate safeguards as required by applicable law (for example, adequacy decisions or standard contractual clauses).

Data security

We use appropriate technical and organizational measures to protect personal data against unauthorized access, alteration, disclosure, or destruction (for example, encryption in transit, access controls, and security monitoring).

However, no method of transmission over the Internet or electronic storage is 100% secure, and we cannot guarantee absolute security.

Data retention

We keep personal data only as long as necessary for the purposes described in this policy, unless a longer retention period is required or permitted by law.

• Account data: retained while your account is active. If you request deletion, we delete or anonymize account data within a reasonable period, unless we must retain certain information for legal reasons.
• Subscriptions and accounting records: retained as required by applicable accounting and tax laws.
• Logs and security data: retained for a limited period appropriate for security, abuse prevention, and troubleshooting.
• Support communications: retained as needed to resolve your request and maintain support history.

If you request account deletion, some information may remain in backups for a limited time, but we restrict access and delete backups according to our backup rotation.

Your rights

Depending on your location and applicable law, you may have rights regarding your personal data, including:

• The right to access your personal data;
• The right to rectify inaccurate personal data;
• The right to delete your personal data in certain circumstances;
• The right to restrict processing of your personal data;
• The right to object to processing (especially where based on legitimate interests);
• The right to data portability (in certain cases);
• The right to withdraw consent where processing is based on consent.

To exercise your rights, contact privacy@astroflowtrading.com. We may need to verify your identity before responding.

Complaints

If you are in Sweden, you can lodge a complaint with the Swedish Authority for Privacy Protection (IMY). If you are elsewhere in the EEA/UK, you can contact your local supervisory authority.

Children’s privacy

Our Service is intended for users aged 18 and over. We do not knowingly collect personal data from children. If you believe a child has provided us personal data, contact us and we will take steps to delete it.

Changes to this policy

We may update this privacy policy from time to time. We will post the updated version on this page and update the effective date above.

Contact us

If you have any questions about this privacy policy or our privacy practices, contact:

Astroflow (Swedish sole proprietorship)
Website: astroflowtrading.com
Email: privacy@astroflowtrading.com