Privacy Policy

Effective date: March 7, 2026 · Asterwise Labs Private Limited

1. Introduction

Asterwise Labs Private Limited ("we", "us") operates the Asterwise API. This Privacy Policy explains how we collect, use, and protect information when you use our Service.

2. Information We Collect

Account information: email address provided when creating an API key.
Usage data: API endpoint called, timestamp, HTTP status code, response time.
Billing information: processed by Dodo Payments during checkout — we do not store payment card details.
Communication data: emails you send to [email protected].
Technical data: IP address, used for rate limiting and abuse prevention.

3. What We Do Not Store

Birth data (dates, times, locations) submitted in API requests is not intentionally persisted to our application database. However, standard infrastructure logs maintained by our hosting provider (Railway) may temporarily retain request data as part of normal operations. These infrastructure logs are retained for no more than 30 days. We do not store, log, or retain the personal data of third parties whose birth information is used in API calculations in any application-level database.

4. How We Use Information

To authenticate API requests and enforce rate limits.
To process payments and manage plans.
To send transactional emails (payment confirmation, plan expiry notices).
To monitor Service health and debug issues.
To comply with applicable law and regulatory requirements.

5. Legal Basis for Processing

Under the Digital Personal Data Protection Act 2023 (DPDPA) and other applicable laws, we process your personal data on the following legal bases:

Contractual necessity: Processing required to provide the Service, authenticate requests, and manage your plan.
Legitimate interest: Processing required to ensure Service security, prevent abuse, and improve the Service using anonymized data.
Legal obligation: Processing required to comply with applicable Indian law, including tax and financial record-keeping obligations.

Consent: Where we rely on consent as a legal basis, you provide consent at the time of account registration by accepting our Terms of Service and Privacy Policy. You may withdraw consent at any time by deleting your account via the dashboard.

6. Data Retention

API key and account data is retained for the duration of your account. Usage logs are retained for 90 days. You may request deletion of your account data by emailing [email protected]. Upon account deletion, personal data is deleted within 30 days except where retention is required by applicable law.

7. Third Party Services

We use the following third-party services:

Dodo Payments: payment processing (dodopayments.com/privacy).
Resend: transactional email delivery.
Railway: cloud infrastructure hosting.
Redis (Railway): in-memory rate limit counters. No personal data stored.
Sentry: error monitoring. May capture anonymized stack traces and request metadata for debugging. No birth data or payment data is sent to Sentry.

These services have their own privacy policies and data handling practices.

8. Cookies

Our website and API do not use cookies. Authentication state is stored in your browser's localStorage, not in cookies. We do not use any analytics, tracking, or advertising cookies. No cookie consent banner is displayed because no cookies are set.

9. Your Rights

Under the Digital Personal Data Protection Act 2023, you have the following rights regarding your personal data:

The right to obtain information about what personal data is being processed and the basis for processing.
The right to correction of inaccurate or incomplete personal data.
The right to erasure of personal data where it is no longer necessary for the purpose for which it was collected.
The right to grievance redressal — you may raise a complaint with us at [email protected] and we will respond within 30 days.
The right to nominate another individual to exercise these rights on your behalf in the event of your death or incapacity.

To exercise any of these rights, contact us at [email protected] with the subject line 'Data Rights Request'.

Grievance Officer: For complaints or queries regarding your personal data under the Digital Personal Data Protection Act 2023, contact our Grievance Officer at [email protected]. We will acknowledge your complaint within 48 hours and resolve it within 30 days.

10. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. Data is hosted on Railway infrastructure located in the European Union. Despite these measures, no method of transmission over the internet is 100% secure, and we cannot guarantee absolute security. Your data may be stored and processed outside India, including in the European Union. By using the Service, you consent to this transfer. Asterwise will ensure that such transfers comply with applicable data protection laws including the DPDPA 2023.

11. Contact

Asterwise Labs Private Limited
Fatehabad, Haryana, India
GSTIN: 06ABDCA8258P1Z2
CIN: U62011HR2025PTC136714
[email protected]