Legal  //  Last updated 16 June 2026

Privacy Policy

This policy explains how Astor Holdings ("we", "us", "our") collects, uses, and protects your personal data when you use the platform. It complies with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and, where applicable to users in the European Economic Area, the EU General Data Protection Regulation (EU GDPR 2016/679).

1. Who we are

Astor Holdings, Sydney, Australia. Contact: admin@astorholdings.com.au. We are the data controller for the personal data you provide to us. We do not have a separate EU representative at this time; EU users may contact us directly at the email address above for all data protection matters.

2. What data we collect

  • Account data: your email address and a hashed version of your password, collected when you register.
  • Property addresses: the UK addresses or postcodes you choose to monitor or analyse for planning and property activity.
  • Usage data: the date and time you accepted our Terms and Conditions, pages you visit, planning applications you view, and actions you take on the platform.
  • Planning & property activity: we store records of applications and analysis tied to your monitored addresses so we can send you alerts and avoid duplicate notifications.
  • Email preferences: your choices about which emails you receive, including any consent you give for use of anonymised data to improve our AI models.
  • IP address: recorded at account creation for security and legal compliance purposes.

We do not collect payment card information (handled directly by Stripe), phone numbers, or any special category data as defined under UK/EU GDPR.

3. How we use your data

  • Providing the service (contract performance, Article 6(1)(b)): to create and manage your account, monitor planning applications near your chosen addresses, and send you email alerts when relevant applications are found.
  • AI-generated summaries and analysis (legitimate interest, Article 6(1)(f)): we pass public planning and property data to AI APIs to generate plain-English summaries, analysis, and synthesis. We do not send your personal details to the AI provider — only the public underlying data.
  • Legal compliance (legal obligation, Article 6(1)(c)): we retain records of your acceptance of our Terms and Privacy Policy to demonstrate compliance with UK/EU GDPR requirements.
  • Service improvement — aggregate analysis (legitimate interest, Article 6(1)(f)): aggregate, anonymised analysis of how the service is used to improve its performance. This does not involve identifying individual users.
  • AI model training for commercial purposes (consent, Article 6(1)(a)): where you have explicitly opted in via your profile settings, we may use anonymised patterns from your usage (such as which planning applications you viewed or marked as relevant) to train and improve our AI models, including for commercial purposes. Your name, email address, and property addresses are never included. You may withdraw this consent at any time through your Profile page; withdrawal does not affect the lawfulness of processing before withdrawal.
  • Marketing emails (consent, Article 6(1)(a)): where you have opted in, we may send you product update and news emails. You may opt out at any time through your Profile page or via the unsubscribe link in any such email.

4. Third parties we share data with

We share your data with the following third parties only to the extent necessary to operate the service:

  • Render (render.com): our web hosting provider. Render Privacy Policy.
  • Neon (neon.tech): our PostgreSQL database provider, where your account and property data is stored. Neon Privacy Policy.
  • Anthropic (anthropic.com): our primary AI provider, used to generate summaries, analysis, and synthesis from public planning and property data. We do not send your name, email, or address to Anthropic. Anthropic Privacy Policy.
  • OpenAI (openai.com): a secondary AI provider used for some summarisation and classification tasks on public data. We do not send your name, email, or address to OpenAI. OpenAI Privacy Policy.
  • Resend (resend.com): our email delivery provider, used to send alert and digest emails. Resend Privacy Policy.
  • Stripe (stripe.com): our payment processor for subscription billing. Stripe handles all payment card data directly; we do not store card details. Stripe Privacy Policy.

We do not sell your personal data. We do not share your data with advertisers or any other third parties not listed above.

5. International data transfers

Some of our third-party providers (including Anthropic, OpenAI, and Resend) are based in the United States. Where your data is transferred outside the UK or EEA, we ensure that appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the relevant authority. By using the service you acknowledge these transfers may occur.

6. Data retention

  • Account data: retained while your account is active. If you delete your account, your email address and property addresses are deleted within 30 days.
  • Planning & property records: retained for up to 3 years to support historical comparison and avoid duplicate alerts.
  • Terms and Privacy Policy acceptance records: retained for 6 years after account closure to demonstrate legal compliance.
  • IP address (at signup): retained for 12 months for security purposes, then deleted.
  • Marketing consent records: retained until consent is withdrawn, plus 6 years thereafter to demonstrate compliance.
  • AI training consent records: retained until consent is withdrawn, plus 6 years thereafter.

7. Your rights

Under UK GDPR and EU GDPR, you have the following rights:

  • Access (Article 15): request a copy of the personal data we hold about you.
  • Rectification (Article 16): ask us to correct inaccurate data.
  • Erasure (Article 17): ask us to delete your account and personal data ("right to be forgotten").
  • Portability (Article 20): receive your data in a machine-readable format (CSV or JSON on request).
  • Restriction (Article 18): ask us to limit processing of your data in certain circumstances.
  • Object (Article 21): object to processing based on legitimate interest, including profiling.
  • Withdraw consent (Article 7(3)): where we rely on consent (marketing emails, AI training), withdraw it at any time without affecting the lawfulness of prior processing, via your Profile page or by emailing us.
  • Not be subject to automated decisions (Article 22): we do not make solely automated decisions that produce legal or similarly significant effects about you.

To exercise any of these rights, email us at admin@astorholdings.com.au. We will respond within one calendar month (extendable by a further two months for complex requests).

UK users: you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk or by calling 0303 123 1113. EU users: you have the right to lodge a complaint with your national data protection supervisory authority; a list is available at edpb.europa.eu.

8. Cookies

We use only a single session cookie to keep you logged in while you use the site. This cookie is strictly necessary for the service to function and is deleted when you close your browser or log out. We do not use tracking, analytics, or advertising cookies, and no third-party cookies are set by our site. As our cookie use is strictly necessary, no cookie consent banner is required under UK PECR or EU ePrivacy rules.

9. Data security

We use industry-standard measures to protect your data, including encrypted HTTPS connections, hashed password storage (we never store passwords in plain text), and access controls limiting who can access the database. In the event of a personal data breach likely to result in a high risk to your rights and freedoms, we will notify you without undue delay.

10. Children

Astor Holdings is not intended for use by anyone under the age of 18. We do not knowingly collect data from children. If we become aware that we have collected data from someone under 18, we will delete it promptly.

11. Automated decision-making and profiling

We use automated processing to match planning applications to your registered watches and to generate risk scores and analysis for applications and sites near your monitored properties. These automated processes assist you in identifying relevant activity but do not produce legal or similarly significant decisions about you — you review and act on AI-generated outputs independently.

12. Changes to this policy

If we make significant changes to this policy, we will notify you by email or by displaying a prominent notice on the site at least 14 days before the changes take effect. The "last updated" date at the top of this page always reflects the most recent version.

13. Contact us

For any privacy-related queries or to exercise your rights, email admin@astorholdings.com.au. We aim to respond within one calendar month.