EFFECTIVE DATE: APRIL 10, 2026  |  LAST UPDATED: APRIL 10, 2026

Data Controller: AstraVeris ("we," "us," or "our") operates the website www.astraveris.ai and associated services including email newsletters, data dashboards, and research tools (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our Service.

By accessing or using the Service, you agree to the terms of this Privacy Policy. If you do not agree, please do not use the Service.

1. Information We Collect

Information you provide directly:

• Email address — when you subscribe to our newsletter, join our Intelligence waitlist, or unlock gated content
• Professional role — when you complete a signup form (e.g., LP/Allocator, GP/Investor, Operator/Founder, Press/Analyst)
• Signup source — which page or form you used to subscribe (e.g., newsletter, intelligence waitlist, finance gate)
• Any information you voluntarily include in correspondence with us

Information collected automatically when you sign up:

• IP country — your country of origin derived from your IP address at the time of signup (we do not store your full IP address in our database)
• User agent — your browser and operating system information at the time of signup

Information collected automatically when you browse:

• Standard HTTP request data processed by our hosting provider (Cloudflare), including IP address, request URLs, and referrer headers. We do not operate any client-side analytics or page-view tracking scripts.
• Email engagement data (open rates, click-through rates) for newsletters delivered by our email provider (Beehiiv), measured via tracking pixels embedded in email content

2. How We Use Your Information

We use the information we collect to:

• Deliver our newsletter and research content to your inbox
• Manage waitlist enrollment and communicate about new product tiers
• Gate access to premium content (e.g., Intelligence-tier data)
• Respond to your inquiries and support requests
• Comply with legal obligations

We do not sell, rent, or share your personal information with third parties for their own marketing purposes. We do not use your data to build advertising profiles or serve targeted ads on our website.

3. Data Storage

When you sign up through any form on our website, your information is stored in a Cloudflare D1 database (our primary subscriber database) and may also be forwarded to our email delivery provider (Beehiiv) to enable newsletter delivery. The data stored includes your email address, professional role, signup source, IP country, and user agent.

Access to subscriber data is restricted to authorized administrators via a protected endpoint requiring a secret authentication key.

4. Third-Party Services

We use the following third-party services to operate the Service. Each processes data in accordance with their own privacy policies:

• Cloudflare — website hosting (Cloudflare Pages), serverless functions (Cloudflare Workers), database (Cloudflare D1), and content delivery. Cloudflare processes your IP address and standard HTTP request metadata as part of serving web pages. Cloudflare Privacy Policy
• Beehiiv — email newsletter delivery and subscriber management. When you subscribe, your email address, role, and signup source may be forwarded to Beehiiv. Beehiiv processes email engagement data (opens, clicks) via tracking pixels. Beehiiv Privacy Policy
• Google Fonts — web font delivery. When you load any page, your browser connects to Google's servers to download fonts. Google may process your IP address in this context. Google Privacy Policy
• Cesium — 3D globe visualization library, loaded from Cesium's CDN only on our Globe page. Your browser connects to Cesium's servers to download the library. Cesium Privacy Policy
• LinkedIn — we may use LinkedIn's advertising platform to promote AstraVeris to professional audiences. We do not install LinkedIn tracking pixels on our website and do not share your email address or personal data with LinkedIn for audience matching. Any advertising is managed through LinkedIn's self-serve platform using LinkedIn's own audience data. LinkedIn Privacy Policy

We also retrieve financial market data from Yahoo Finance via a server-side proxy to display stock tickers. This connection is made server-to-server and does not transmit any of your personal information to Yahoo.

5. Cookies and Local Storage

Cookies set by our Service:

• av_intel — an essential, HttpOnly cookie set when you unlock Intelligence-tier content. It persists for 90 days and is used solely to gate access to premium data endpoints. This cookie is marked Secure and SameSite=Strict, meaning it cannot be read by JavaScript or sent to other websites.

Browser local storage:

• av_subscribe_role — stores your selected professional role locally so you don't need to re-enter it across pages
• av-catalog-collapsed — stores which catalog sections you've expanded or collapsed (UI preference only)
• av_intel_accessed — a flag indicating you've accessed Intelligence content

Email tracking pixels: Our newsletter provider (Beehiiv) may embed tracking pixels in emails to measure open rates and click-through rates. You can block these by disabling images in your email client.

We do not use advertising cookies, cross-site tracking technologies, or client-side analytics scripts. We do not install tracking pixels from LinkedIn, Facebook, Twitter/X, or any other social platform on our website.

Do Not Track: Our website does not currently respond to Do Not Track (DNT) browser signals. Because we do not employ client-side analytics or behavioral tracking, your browsing experience is the same regardless of your DNT setting.

6. Data Retention

We retain your personal information only as long as necessary for the purposes described in this policy:

• Subscriber and signup data — retained in our database while you remain subscribed. Upon unsubscription, your record is deleted from our database within 30 days and your Beehiiv subscription is deactivated
• Waitlist data — retained until the waitlist program concludes or you request removal
• Cookies — the av_intel cookie expires after 90 days. Local storage entries persist until you clear your browser data
• Server logs — Cloudflare retains standard HTTP request logs per their data retention policies. We do not maintain separate server logs
• Correspondence — retained as needed to resolve inquiries, then deleted

7. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

• Access — request a copy of the personal data we hold about you
• Correction — request correction of inaccurate or incomplete data
• Deletion — request deletion of your personal data from both our database and Beehiiv
• Portability — request your data in a structured, machine-readable format
• Opt-out — unsubscribe from marketing communications at any time via the unsubscribe link in any email
• Withdraw consent — where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing

To exercise any of these rights, contact us at [email protected]. We will acknowledge your request within 5 business days and complete it within 30 days (or 45 days for California residents under CCPA, with notice of any extension).

8. European Economic Area (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland:

• Legal basis — consent: We process your email address and role based on your consent, which you provide when submitting a signup form. You may withdraw consent at any time by unsubscribing or contacting us
• Legal basis — legitimate interest: We process standard HTTP request data (handled by Cloudflare) based on our legitimate interest in operating and securing the Service, balanced against your privacy rights
• International transfers: Your data may be transferred to and processed in the United States, where Cloudflare and Beehiiv operate. We rely on Standard Contractual Clauses and our service providers' compliance frameworks (including Cloudflare's EU-US Data Privacy Framework certification) to safeguard these transfers
• Supervisory authority: You have the right to lodge a complaint with your local data protection authority at any time. A list of EEA supervisory authorities is available at edpb.europa.eu. For the UK, contact the Information Commissioner's Office (ICO)
• Automated decision-making: We do not make automated decisions about individuals that produce legal or similarly significant effects. Our risk scoring (ARI) and analytics apply to companies and market data, not to individual users

9. California Residents (CCPA/CPRA)

If you are a California resident, you have the following additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

• Right to know — what personal information we collect, use, and disclose (see Sections 1–4 above)
• Right to delete — request deletion of your personal information
• Right to correct — request correction of inaccurate personal information
• Right to opt-out of sale or sharing — we do not sell your personal information as defined by CCPA. We do not share your personal information with third parties for cross-context behavioral advertising
• Right to non-discrimination — we will not discriminate against you for exercising your privacy rights

Categories of personal information we collect:

• Identifiers — email address, IP country, user agent
• Professional information — professional role (self-reported)
• Internet activity — email engagement data (opens, clicks) via Beehiiv

We do not collect sensitive personal information as defined by CCPA/CPRA. We do not use or disclose personal information for purposes beyond those disclosed in this policy. To submit a request, email [email protected] with "CCPA Request" in the subject line. We will verify your identity before processing.

10. Data Security

We implement commercially reasonable technical and organizational measures to protect your personal information, including:

• Encryption of all data in transit (TLS/HTTPS enforced on all pages)
• HttpOnly, Secure, SameSite=Strict flags on authentication cookies
• Secret-key authentication on administrative data access endpoints
• Server-side API key storage (e.g., Beehiiv credentials are never exposed to client browsers)

No method of transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

11. Data Breach Notification

In the event of a data breach affecting your personal information, we will:

• Notify affected individuals without undue delay and no later than 72 hours after becoming aware of the breach, as required by GDPR
• Provide details of the breach, the categories of data affected, and recommended protective actions
• Notify relevant data protection authorities as required by applicable law
• For California residents, comply with California's data breach notification requirements (CA Civil Code § 1798.82)

12. Children's Privacy

The Service is not directed to individuals under the age of 16. We do not knowingly collect personal information from children. If you believe we have inadvertently collected data from a child under 16, please contact us at [email protected] and we will promptly delete it.

13. Third-Party Links

Our Service may contain links to third-party websites, including news sources, government databases, and financial data providers. We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies before providing any personal information.

14. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last Updated" date at the top of this page and, where appropriate, notify subscribers via email. Your continued use of the Service after changes are posted constitutes acceptance of the updated policy.

15. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, contact us at:

• Email: [email protected]
• Website: www.astraveris.ai

AstraVeris
1310 Iris Drive
Charlotte, NC