AstroMate

Legal

Privacy Policy

Last updated · 23 April 2026

This Privacy Policy explains how AstroMate ("we", "us") collects, uses, stores, and shares personal data when you visit astro-mate.net or use the AstroMate software. It is written to meet the transparency requirements of the EU General Data Protection Regulation (GDPR) and the ePrivacy Directive.

If you have any questions about this policy or how we handle your data, contact us at support@astro-mate.net.

1. Who is the data controller

The controller of personal data processed through this site is Dimitar Krastev, with a registered address at Lozen Park, Sofia, Bulgaria, contact email dimitar.krastev@astro-mate.net. We are not required to appoint a Data Protection Officer; privacy matters can be addressed to the controller directly at that address, or to support@astro-mate.net for general inquiries.

2. What data we collect and why

2.1 Account and subscription data

When you subscribe, PayPal provides us with your name, email address, and subscription identifier. We use this to issue and deliver your license key, keep the subscription active, send subscription-related transactional emails, and comply with tax and accounting obligations. Legal basis: performance of the subscription contract (GDPR Art. 6(1)(b)) and legal obligation (Art. 6(1)(c), bookkeeping).

2.2 License activation data

When an AstroMate instance validates a license, the installation sends a randomly generated installation UUID together with the license key. We store the installation UUID, the timestamp of the last validation, and whether the installation is currently the active one for that license. This lets us enforce the one-concurrent-install rule each license is sold with. We do not collect hardware identifiers, serial numbers, MAC addresses, or location data. Legal basis: performance of the subscription contract and legitimate interest in preventing license abuse (Art. 6(1)(b) and (f)).

2.3 Contact form submissions

If you use the contact form, we receive your name, email address, and message. We use it solely to reply to you and resolve the query. Legal basis: legitimate interest in answering inbound communication (Art. 6(1)(f)).

2.4 Technical logs

Our servers keep short-term access logs including IP address, user agent, request path, and timestamp. These are used for debugging, abuse prevention, and security. Legal basis: legitimate interest in operating a functioning, secure service (Art. 6(1)(f)).

2.5 Analytics and advertising data

We use Google Consent Mode. Google’s tags (Analytics and Ads) load on every visit but start in a denied state: until you consent, they store no cookies and send only anonymized, cookieless signals that cannot identify you. Meta (Pixel) and Reddit (Pixel and Conversions API) are not loaded at all unless you consent.

If — and only if — you give consent through the cookie banner, these tags may set cookies and receive your IP address, browser fingerprint signals, and pseudonymous event data so we can measure advertising effectiveness and optimize campaigns. Legal basis for cookies and identifiable measurement: consent (Art. 6(1)(a) and ePrivacy Art. 5(3)); the cookieless signals sent before consent rely on our legitimate interest in basic, non-identifying measurement (Art. 6(1)(f)). You can withdraw consent at any time by clearing the relevant cookies or by using the consent banner.

3. Cookies and similar technologies

We use three categories of cookies and storage:

  • Strictly necessary — stores your cookie consent choice and keeps temporary subscription-management session state. Cannot be switched off and does not require consent.
  • Analytics — Google Analytics (GA4). Loaded on every visit through Google Consent Mode, but in the default denied state it sets no cookies and sends only anonymized, cookieless pings. Analytics cookies and identifiable measurement are enabled only after you consent. Used to understand aggregate traffic and conversion behavior. Typical retention: up to 14 months.
  • Marketing — Google Ads tags load on every visit via Consent Mode (no cookies until you consent); Meta Pixel and Reddit Pixel are loaded only after consent. Used to measure advertising conversion and build audiences for remarketing. Retention controlled by each provider.

4. Who we share data with (processors and recipients)

We do not sell personal data. We share it only with providers that help us run the service, each under a data processing agreement where applicable:

  • PayPal (Europe) S.à r.l. et Cie, S.C.A. — payment processing and subscription billing.
  • MailerSend / MailerLite, UAB — transactional email delivery (license keys, contact replies, subscription notices).
  • Google Ireland Limited — analytics (GA4) and advertising (Google Ads), via Google Consent Mode (cookieless until you consent).
  • Meta Platforms Ireland Limited — advertising and conversion measurement (Meta Pixel), consent-gated.
  • Reddit, Inc. — advertising and conversion measurement (Reddit Pixel and Conversions API), consent-gated.
  • DigitalOcean, LLC — hosting of static media assets (CDN).

Some of these providers are based outside the European Economic Area. Transfers to such providers are covered either by an adequacy decision or by EU Standard Contractual Clauses, depending on the provider.

5. How long we keep your data

  • Subscription and billing records — kept for the duration of the contract and retained afterwards for up to 10 years to meet tax and accounting obligations.
  • License and installation records — kept for as long as the license is active; deleted or anonymized within 12 months after the subscription ends.
  • Contact form messages — kept for up to 24 months after the last exchange, then deleted.
  • Technical logs — kept for up to 30 days.
  • Analytics and advertising data— per each provider's retention settings (typically up to 14 months for GA4).

6. Your rights under GDPR

You can exercise the following rights at any time by emailing support@astro-mate.net:

  • Access a copy of the personal data we hold about you (Art. 15).
  • Have inaccurate data corrected (Art. 16).
  • Have your data deleted where it is no longer needed or was processed on the basis of consent you have withdrawn (Art. 17).
  • Restrict how we process your data (Art. 18).
  • Receive your data in a portable, machine-readable format (Art. 20).
  • Object to processing that is based on legitimate interest, including direct marketing (Art. 21).
  • Withdraw consent at any time, without affecting prior use.

If you believe we have not handled your data lawfully, you have the right to lodge a complaint with your national data protection authority. In Bulgaria this is the Commission for Personal Data Protection (Комисия за защита на личните данни) — see cpdp.bg. You may also complain to the supervisory authority in your own EU country of residence.

7. Security

We apply industry-standard measures to protect your data, including TLS encryption in transit, access controls, and segregation of duties. Payment card details are never seen or stored by us — PayPal handles them directly. No method of transmission over the internet is 100% secure; we commit to notifying you and the competent authority within 72 hours if a personal data breach occurs, as required by GDPR Art. 33 and 34.

8. Children

AstroMate is not directed at children under 16. We do not knowingly collect data from children. If you believe a child has provided us with personal data, please contact us and we will delete it.

9. Changes to this policy

We may update this Privacy Policy from time to time. The date at the top of the page shows when it was last revised. Material changes will be announced on the website and, where we have your email address, by email.

10. Contact

Questions, requests, or concerns regarding this Privacy Policy or your personal data should be sent to support@astro-mate.net.

We use cookies to understand how you use our site and to improve your experience. This includes analytics (Google Analytics) and advertising measurement (Google Ads, Reddit, Meta).