Privacy Policy
Last updated: 2026-06-11
1. Introduction
Astral Messenger places great importance on privacy protection and respect for its users' personal data.
This Privacy Policy aims to explain what data is collected, for what purposes, how it is protected, and what rights users have.
This policy is established in accordance with the General Data Protection Regulation (GDPR) and applicable regulations.
2. Data Controllers
The ASTRALMESSENGER service is jointly operated by two companies acting as joint controllers within the meaning of Article 26 GDPR:
FACTORIZE, EURL, 14 rue de la Lys, 59181 Steenwerck, France, RCS 922 530 639, VAT FR54922530639, represented by Aurélien PISKORSKI.
MAXKEN, SARL, 34 place du Général de Gaulle, bureau 3, 59800 Lille, France, RCS 821 612 611, VAT FR42821612611, represented by Max BRYSELBOUT.
No Data Protection Officer (DPO) has been designated, as appointment is not mandatory given our current processing activities (Article 37 GDPR).
For any request related to your personal data: contact@astralmessenger.com.
3. Personal Data Collected
Astral Messenger only collects data strictly necessary for the operation of the service.
- Email address
- Account identifier
- Content of messages exchanged within the service
- Billing information (excluding banking data)
- IP address
- Connection data (date, time, browser)
- Technical data necessary for site operation
- Technical device fingerprint (fraud and abuse prevention)
- Service usage and advertising measurement data (only with your consent)
No banking data is stored by Astral Messenger.
4. Purposes of Processing
Personal data is collected for the following purposes:
- Providing access to the guidance service
- Managing user accounts
- Processing payments and subscriptions
- Ensuring the security and proper functioning of the service
- Preventing fraud and abuse (in particular multiple-account creation)
- Measuring audience and service usage in order to improve it (with your consent)
- Measuring the effectiveness of our advertising campaigns (with your consent)
- Responding to support requests
- Complying with legal obligations
Your data is never resold. No advertising tracker is set without your consent.
5. Legal Basis for Processing
Data processing is based on:
- Performance of the contract (account creation and management, access to the service, subscription)
- User consent (non-essential cookies and trackers: PostHog audience measurement, Google Ads advertising)
- Legitimate interest of Astral Messenger (security, fraud and abuse prevention, service improvement)
- Applicable legal obligations
6. Processing of Conversations
Messages exchanged in Astral Messenger are processed automatically to provide guidance responses.
Conversations may be temporarily stored for technical purposes and analyzed globally to improve the service.
Without individual analysis for commercial or advertising purposes.
7. Data Retention Period
Astral Messenger retains personal data as long as the user account is active, then for a limited period after deletion to comply with legal obligations.
Billing data is retained in accordance with applicable accounting obligations.
8. Recipients and Sub-processors
Data may be accessed by authorized internal teams of the publishers and by the technical sub-processors strictly necessary to operate the service:
- OVH SAS (France) : hosting of the application and databases.
- Stripe Payments Europe Ltd (Ireland), with its parent company Stripe Inc. (United States) : payment and subscription processing. No full banking data is transmitted to Astral Messenger.
- OpenAI, L.L.C. (United States) : provider of the AI model used to generate the service's responses.
- Functional Software, Inc. – Sentry (United States) : automated collection of application errors (logs, traces) for diagnostic and reliability purposes.
- Plausible Insights ehf (Iceland / EEA) : anonymous website audience measurement, with no cookies and no personal data.
- PostHog, Inc. (United States — data hosted in the European Union) : product audience measurement, enabled only with your consent.
- Google Ireland Limited (Ireland) : measurement of the performance of our advertising campaigns (Google Ads), enabled only with your consent.
Each sub-processor is bound by a contract compliant with Article 28 GDPR and subject to strict confidentiality and security obligations.
9. Transfers Outside the European Union
Some data may be transferred to providers located outside the European Union, notably Stripe Inc., OpenAI, L.L.C., Sentry and Google LLC (United States). Product audience measurement data (PostHog) is hosted within the European Union.
Such transfers are governed by the Standard Contractual Clauses adopted by the European Commission (Decision (EU) 2021/914) and, where applicable, by the provider's certification under the EU–US Data Privacy Framework.
Astral Messenger ensures that the level of data protection remains compliant with GDPR requirements.
10. Data Security and Fraud Prevention
Astral Messenger implements appropriate technical and organizational measures to protect personal data against unauthorized access, loss, alteration, and disclosure.
When you sign up and log in, we collect a technical fingerprint of your device (as a hash), your IP address, your user agent (browser) and connection logs (sign-up and login events, with timestamps), in order to detect and prevent abuse, in particular the creation of multiple accounts and the exploitation of welcome offers.
This processing relies on our legitimate interest in protecting the service and preventing fraud (Article 6(1)(f) GDPR, Recital 47) and, for the retention of connection logs, on a legal obligation (Article 6(1)(c) GDPR). This data is retained for 12 months.
You have a right to object (Article 21 GDPR). However, as these measures are strictly necessary for the security of the service, we may continue this processing despite your objection (compelling legitimate grounds); moreover, connection logs cannot be erased before the legal retention period expires.
11. User Rights
In accordance with the GDPR, each user has the following rights:
- Right of access to their data
- Right of rectification
- Right to erasure
- Right to restriction of processing
- Right to object
- Right to data portability
12. Account Deletion
Users may request the deletion of their account and personal data.
Deletion is carried out within a reasonable timeframe, subject to legal retention obligations.
13. Cookies and Trackers
Astral Messenger uses cookies and trackers grouped into three categories, which you can accept or decline via the banner shown on your first visit:
- Strictly necessary : essential for the operation of the site (authentication, security, preferences) and for fraud and abuse prevention (a technical device fingerprint is used at sign-up and login). They cannot be disabled.
- Audience measurement : anonymous statistics via Plausible Analytics (a cookieless tool, exempt from consent under CNIL guidelines) and, only with your consent, usage statistics via PostHog (hosted in the European Union) to understand how the application is used and improve it.
- Marketing & advertising : measurement of the performance of our advertising campaigns (Google Ads). These trackers are disabled by default and are only set with your consent.
When you arrive on the site via a partner link, a technical attribution cookie (30-day duration) identifies the origin of your visit. You can change your consent choices at any time via the “Cookie preferences” link at the bottom of the page.
14. Protection of Minors
Astral Messenger is intended for adult audiences.
No voluntary collection of data concerning minors is carried out.
15. Policy Changes
This Privacy Policy may be modified at any time.
Any substantial modification will be brought to the attention of users.
16. Complaints
In case of disagreement or difficulty regarding the processing of personal data, the user may file a complaint with the competent authority.
17. Contact
For any questions regarding the protection of personal data, please contact us via the contact address available on the site.
Astral Messenger is committed to handling personal data with discretion, respect, and responsibility, to ensure a safe and reliable guidance space.