This Privacy Policy explains how Astrais Capital Ltd collects, uses, stores, and protects your personal data. We are committed to transparency and compliance with applicable data protection regulations.
Last Updated: January 15, 2026
This Privacy Policy is issued by Astrais Capital Ltd ("Astrais," "we," "us," or "our"), a company registered in England and Wales with its registered office at 71 Queen Victoria Street, London, EC4V 4AY, United Kingdom. Astrais Capital is the data controller responsible for your personal data as described in this document.
We provide a financial technology platform that offers portfolio management tools, market analysis features, investment screening capabilities, and performance reporting services. This Privacy Policy applies to all personal data we collect through our website (astraiscapital.com), our web application, any communications you send to us (including email, telephone, and contact forms), and any other interaction you have with our services.
We take your privacy seriously and are committed to processing your personal data in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations 2003. Where applicable, we also comply with the EU General Data Protection Regulation (Regulation 2016/679) for users located within the European Economic Area.
By accessing or using our platform, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with the practices described here, please discontinue use of our services and contact us to discuss any concerns you may have.
We collect several categories of personal data depending on how you interact with our platform. Below is a detailed breakdown of the types of data we may process:
This includes your first name, last name, and any username or unique identifier you create when registering for an account on our platform.
Your email address, telephone number, and postal address if you provide them through account registration, contact forms, or customer support interactions.
Your Internet Protocol (IP) address, browser type and version, operating system and platform, device type, screen resolution, time zone setting, browser plug-in types and versions, and other technology identifiers on the devices you use to access our platform.
Information about how you use our website and platform, including the pages you visit, features you interact with, the time spent on each page, navigation paths through the site, search queries, click patterns, and the dates and times of your visits.
Your financial goals, risk tolerance preferences, preferred asset classes, watchlist configurations, and dashboard customization settings as provided during onboarding or adjusted throughout your use of the platform.
Details about payments you make to us for subscription services, including payment dates, amounts, and subscription tier. We do not store full credit card or debit card numbers on our servers; these are processed exclusively by our payment processor.
Any content you include in messages sent to us through contact forms, email, or customer support channels, along with metadata associated with those communications such as timestamps and subject lines.
We collect personal data through the following methods:
Direct interactions: When you create an account, fill in forms on our website, subscribe to a paid plan, submit a contact request, correspond with us by email or telephone, or provide feedback on our services, you are directly providing us with personal data. This is the primary way we collect your Identity Data, Contact Data, Profile Data, and Communication Data.
Automated technologies: As you navigate through and interact with our platform, we automatically collect Technical Data and Usage Data. We use the following technologies for this purpose:
Third-party sources: We may receive Technical Data from analytics providers such as Google, advertising networks, and search information providers. If you connect a third-party brokerage account to our platform, we receive read-only portfolio data from that provider based on the permissions you grant during the connection process. We do not receive login credentials for any third-party accounts.
Under Article 6 of the UK GDPR, we must have a valid legal basis for processing your personal data. Below are the legal bases we rely upon for each processing activity:
| Processing Activity | Legal Basis |
|---|---|
| Providing our platform services and managing your account | Performance of a contract (Art. 6(1)(b)) |
| Processing subscription payments | Performance of a contract (Art. 6(1)(b)) |
| Sending service-related communications (e.g., account updates, security notices) | Performance of a contract (Art. 6(1)(b)) |
| Improving our platform, fixing bugs, and analyzing usage patterns | Legitimate interest (Art. 6(1)(f)) |
| Sending marketing emails about new features or offers | Consent (Art. 6(1)(a)) |
| Placing analytics and marketing cookies | Consent (Art. 6(1)(a)) |
| Responding to your contact form submissions or support requests | Legitimate interest (Art. 6(1)(f)) |
| Complying with legal or regulatory obligations | Legal obligation (Art. 6(1)(c)) |
Where we rely on legitimate interest as the legal basis, we have conducted a balancing test to ensure that your interests, rights, and freedoms do not override our legitimate purposes. You have the right to object to processing based on legitimate interest at any time. Please contact us using the details in Section 13 if you wish to exercise this right.
We use the personal data we collect for the following specific purposes:
Service delivery: To create and manage your account, provide access to our portfolio management dashboard, market analysis tools, investment screening features, risk assessment engine, smart alert system, and performance reporting capabilities. Your Profile Data is used to customize the platform experience according to your stated preferences.
Payment processing: To process your subscription payments securely through our third-party payment processor. We retain records of payment transactions (amounts, dates, subscription tier) for accounting and invoicing purposes but never store full card details on our servers.
Communication: To send you essential service-related messages such as account verification emails, password reset links, subscription renewal reminders, and security alerts. These communications are transactional in nature and do not require separate marketing consent.
Marketing (with consent only): If you explicitly opt in to marketing communications during registration or through your account settings, we may send you emails about new platform features, product updates, educational content related to financial analysis, or promotional offers. You can withdraw your consent at any time by clicking the unsubscribe link in any marketing email or adjusting your preferences in your account settings.
Platform improvement: To analyze aggregated, anonymized usage data to understand how our tools are being used, identify areas for improvement, diagnose technical issues, measure the effectiveness of new features, and make data-driven decisions about future development priorities.
Security and fraud prevention: To monitor for suspicious activity, detect potential security threats, prevent unauthorized access to accounts, and maintain the integrity of our platform infrastructure.
Legal compliance: To comply with applicable laws, regulations, legal processes, or enforceable governmental requests, including tax reporting obligations and responses to valid court orders.
We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including to satisfy legal, accounting, or reporting requirements. The specific retention periods for each data category are as follows:
| Data Category | Retention Period |
|---|---|
| Account data (Identity, Contact, Profile) | Duration of account plus 12 months after account closure |
| Contact form submissions | 24 months from the date of submission |
| Transaction and payment records | 7 years (to comply with UK tax and accounting regulations) |
| Server logs (Technical Data) | 90 days |
| Analytics cookies | 13 months |
| Marketing consent records | Duration of consent plus 36 months after withdrawal |
| Customer support correspondence | 36 months from the last interaction |
When your data reaches the end of its retention period, we will securely delete or anonymize it. Anonymized data, which cannot be linked back to you, may be retained indefinitely for statistical and research purposes. If you request deletion of your account, we will process your request within 30 days, though some data may be retained beyond that period where we are legally required to do so.
We do not sell your personal data to any third party. We share your data only with the following categories of recipients, and only to the extent necessary for the purposes described in this policy:
Payment processors: We use Stripe to process subscription payments. Stripe receives your payment card information directly during checkout and processes it according to its own privacy policy and PCI DSS Level 1 compliance standards. We do not have access to your full card number at any point.
Hosting and infrastructure providers: Our platform is hosted on cloud infrastructure provided by Amazon Web Services (AWS), with data centers located in the EU (Ireland, eu-west-1 region). AWS processes data as a data processor under our instructions, governed by a Data Processing Agreement that includes Standard Contractual Clauses.
Analytics providers: We use Google Analytics to collect anonymized usage statistics. Google acts as a data processor for this purpose. We have enabled IP anonymization in our Google Analytics configuration, meaning your full IP address is never stored by Google on our behalf.
Email service providers: We use a transactional email provider to send service-related and marketing communications. This provider processes your email address and name solely for the purpose of delivering emails on our behalf, under a Data Processing Agreement.
Professional advisors: We may share data with our lawyers, auditors, or accountants when we need professional advice, always under appropriate confidentiality obligations.
Legal authorities: We may disclose your personal data if required to do so by law, regulation, or valid legal process, such as a court order or regulatory inquiry. We will notify you of such disclosure where we are legally permitted to do so.
All third-party service providers are contractually obligated to process your personal data only according to our instructions, to maintain its confidentiality, and to implement appropriate technical and organizational security measures.
Your personal data is primarily stored and processed within the United Kingdom and the European Economic Area (EEA). However, some of the third-party service providers we use are based in the United States, which means your data may be transferred outside the UK and EEA in certain circumstances.
When we transfer personal data to countries that the UK or EU has not deemed to provide an adequate level of data protection, we ensure that appropriate safeguards are in place. These safeguards include:
You may request a copy of the safeguards we have in place for any international transfer by contacting us using the details in Section 13.
Under the UK GDPR and EU GDPR (where applicable), you have the following rights in relation to your personal data. These rights are not absolute and may be subject to exceptions under applicable law:
You have the right to request a copy of the personal data we hold about you, along with information about how we process it. We will provide this information within 30 days of receiving your verified request, free of charge for the first copy.
You have the right to request correction of any personal data that is inaccurate or incomplete. You can update most of your account information directly through your platform settings, or contact us for assistance.
You have the right to request deletion of your personal data in certain circumstances, such as when the data is no longer necessary for the purpose for which it was collected, or when you withdraw consent. We may retain certain data where we have a legal obligation or legitimate reason to do so.
You have the right to request that we restrict the processing of your personal data in certain situations, for example, while we verify the accuracy of data you have contested.
You have the right to receive your personal data in a structured, commonly used, machine-readable format and to transmit it to another controller without hindrance, where processing is based on consent or contract performance and is carried out by automated means.
You have the right to object to the processing of your personal data based on legitimate interest. Upon receiving your objection, we will cease processing unless we can demonstrate compelling legitimate grounds that override your rights or where the processing is required for the establishment, exercise, or defense of legal claims.
Where we process your data based on consent (for example, marketing emails or non-essential cookies), you have the right to withdraw that consent at any time. Withdrawal does not affect the lawfulness of any processing that occurred before you withdrew consent.
How to exercise your rights: To exercise any of these rights, please send an email to [email protected] with the subject line "Data Subject Request" and a clear description of which right you wish to exercise. We will verify your identity before processing your request and respond within 30 days.
Right to complain: If you are unsatisfied with how we handle your data or your request, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's supervisory authority for data protection. The ICO can be contacted at ico.org.uk or by telephone at 0303 123 1113. For users in the EU, you may also contact the relevant supervisory authority in your member state of residence.
Our platform and services are not directed at individuals under the age of 16. We do not knowingly collect personal data from children under 16 years of age. Our account registration process requires users to confirm that they are at least 16 years old (or 18 in jurisdictions where the minimum age for financial services is higher).
If we become aware that we have inadvertently collected personal data from a child under 16, we will take immediate steps to delete that data from our systems. If you are a parent or guardian and believe that your child has provided us with personal data without your consent, please contact us at [email protected] and we will promptly address the matter.
We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or business operations. When we make changes, we will update the "Last Updated" date at the top of this policy.
For significant changes that materially affect how we process your personal data, we will take reasonable steps to notify you in advance. Notification methods may include sending an email to the address associated with your account, displaying a prominent notice on our website, or presenting an in-app notification the next time you log in to the platform.
We encourage you to review this Privacy Policy periodically to stay informed about how we protect your data. Continued use of our platform after changes are posted constitutes your acknowledgement of the updated policy. If you disagree with any revisions, you should discontinue use of the platform and contact us to request account deletion.
If you have any questions about this Privacy Policy, wish to exercise your data protection rights, or have concerns about how your data is being processed, please contact us using the details below:
Astrais Capital Ltd — Data Protection Contact
We aim to respond to all privacy-related inquiries within 5 business days. For formal data subject requests under GDPR, we will provide a substantive response within 30 calendar days of receiving your verified request.
If you believe we have not handled your data in accordance with applicable law, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, United Kingdom, or online at ico.org.uk. We kindly ask that you contact us first so we have an opportunity to address your concerns before you escalate to the supervisory authority.