1. Introduction
This Privacy Policy describes how AstraDesk, published by Staz Technologies, collects, uses and protects your personal data when using our website and SaaS application.
2. Data Collected
We collect the following data:
- Account data: name, first name, email address, password (hashed), company, role.
- Billing data: address, VAT number, payment method (via secure provider).
- Usage data: login logs, actions in the application, IP address, browser.
- Communication data: support messages, emails, contact forms.
- Marketing data: newsletter subscription, communication preferences.
3. Processing Purposes
Your data is used to:
- Provide and improve the Astradesk service
- Manage your account and subscription
- Provide customer support
- Send communications (newsletter, updates, offers)
- Ensure security and prevent fraud
4. Legal Basis for Processing
Processing is based on:
- Contract performance (account creation and management)
- Consent (newsletter, cookies, marketing communications)
- Legitimate interest (service improvement, statistics)
- Legal obligations (billing, accounting)
5. Retention Period
- Account data: for the duration of service use, then 3 years after the last activity.
- Billing data: 10 years (legal obligation).
- Marketing data: until consent withdrawal.
6. Data Sharing
We share certain data with:
- Hosting provider: OVH / Scaleway (France)
- GDPR-compliant subcontractors
No data is sold or transferred to third parties for commercial purposes.
7. Data Security
We implement technical and organizational measures to protect your data:
- TLS encryption for all communications
- Strict access control
- Regular and secure backups
- Internal audit of security practices
8. Your Rights
In accordance with GDPR, you have the following rights:
- Right of access, rectification, erasure
- Right to object and limit processing
- Right to data portability
- Right to withdraw your consent at any time
- Right to lodge a complaint with the CNIL
To exercise these rights: Contact Form
9. Cookies and Trackers
Our site uses cookies:
- Necessary cookies for operation (session, security)
- Analytical cookies (Google Analytics)
- Marketing cookies
A consent banner allows you to manage your preferences.
10. Newsletter and Communication
When you subscribe to the newsletter, your email is processed based on consent. You can unsubscribe at any time via the link in each email.
11. Hosting and Transfers
Data is hosted by OVH, Scaleway and Staz Technologies, located in France.
No transfer outside the European Union is made without adequate safeguards (standard contractual clauses, Privacy Shield certification).
12. Amendments
We may update this Privacy Policy at any time. The last update date is indicated at the top of this page.
13. Commitments Regarding Artificial Intelligence (AI)
Astradesk incorporates certain artificial intelligence features designed to improve support efficiency and ticket management (automatic analysis, classification, assisted writing, response suggestions, etc.).
13.1. Transparency and Purposes
Data processing performed via AI has the sole purpose of:
- assisting users in ticket management and resolution;
- improving the relevance of proposed responses;
- optimizing user experience and service performance.
No fully automated decision producing legal or significant effects is made without human intervention.
13.2. Data Used
AI models can process the following data:
- ticket and comment content;
- metadata (categories, priorities, response times);
- anonymized or pseudonymized data from application usage.
Sensitive personal data (e.g. health, banking, political opinions, etc.) should not be entered in ticket fields and are in no case processed by AI.
13.3. Hosting and Confidentiality
AI processing is performed:
- either internally, on Staz Technologies secure servers hosted in France;
- or, for certain features, via strictly selected third-party providers (OpenAI and Anthropic), subject to GDPR-compliant contractual clauses.
No customer data is used to train third-party AI models, unless explicitly stated and with prior consent.
13.4. Anonymization and Retention
Before any transmission to an external AI service, data is anonymized or pseudonymized when possible. Generated results are stored only for service operation and are not used for unrelated subsequent processing.
13.5. Control and Right to Object
Users retain the right to object to AI use for their own data. In this case, certain automatic features may be disabled without impact on general service access.
13.6. Security and Audit
Staz Technologies commits to:
- regularly audit AI flows and their providers;
- ensure traceability of model calls;
- maintain high standards of security and compliance.