Legal

Privacy policy

Effective April 13, 2026. This Privacy Policy applies to www.rastro.ai and the landing pages, resources, tools, and demo workflows we make available from this site.

Who we are

Rastro AI ("Rastro", "we", "us", or "our") operates this public website and related evaluation workflows. If you have privacy questions or want to exercise a privacy right, you can contact us at augustin@rastro.ai.

This Privacy Policy does not automatically replace any separate data processing agreement, master services agreement, order form, or other written contract that may apply to a customer relationship. If a separate written agreement conflicts with this page, the written agreement controls for that covered relationship.

What information we collect

Contact and communications data, such as your name, company, email address, and the contents of messages or demo requests you send us.

Evaluation and tool inputs, such as URLs you ask us to analyze, notes you provide, CSV files you upload for demo-account creation, and the outputs generated from those requests.

Technical and usage data, such as IP address, browser and device details, approximate geolocation derived from IP, referring pages, timestamps, and page or tool usage events needed to operate and secure the site.

Shared-session data created in public demo flows, including a session ID, the submitted URL, and generated results saved so that a share link can load the same session later.

Booking or follow-up information we receive when you choose to continue a conversation or scheduling flow through linked services.

How we use personal data

We use personal data to operate the site, respond to you, provide previews and demo workflows, generate requested outputs, create evaluation accounts when you ask us to, secure our systems, investigate misuse, understand aggregate site usage, and meet legal or contractual obligations.

For users in the EEA, UK, or similar jurisdictions, our legal bases may include taking steps at your request before entering into a contract, performing a contract, complying with law, pursuing legitimate interests such as operating and securing the site, and, where required, consent.

Consistent with our public product commitments, we do not use customer-submitted catalog data to train general-purpose models.

How we share personal data

We do not sell personal data. We may share personal data with service providers that help us operate the website and related workflows, subject to appropriate contractual and operational controls.

Hosting, infrastructure, storage, caching, and monitoring providers, including AWS services such as EKS, Bedrock, S3, ElastiCache, and CloudWatch, for application and evaluation workflows.

Hosting and site analytics providers, including Vercel, for site delivery, performance, and usage reporting.

Storage and infrastructure providers, including Supabase, for saved sessions and related application storage.

Workflow orchestration providers, including Temporal Cloud, for long-running product and evaluation workflows.

Model and automation providers, including OpenAI, when a submitted request requires model processing to generate a preview, demo result, or related output.

Email and operational communications providers, including Resend, where follow-up or product communications are sent through those services.

Monitoring and observability providers, including Datadog, for service reliability and operational troubleshooting.

Scheduling or external-service providers when you choose to follow a link or complete a workflow on a third-party site, such as Cal.com.

Professional advisers, auditors, counterparties in a transaction, or public authorities where disclosure is reasonably necessary or legally required.

Demo workflows and shared links

Some public workflows on this site save generated session data so a link can reopen the same result later. Those sessions are designed for sharing and collaboration, not for storing secrets or sensitive personal data. Anyone who receives the share link may be able to access the associated session content.

Please do not submit regulated, highly sensitive, or unnecessary personal data into public demo or shareable flows unless you are comfortable with that handling and authorized to do so.

Retention

We keep personal data for as long as reasonably necessary to provide the requested workflow, maintain records of the interaction, secure the service, resolve disputes, enforce agreements, and comply with legal obligations. Retention periods may vary based on the type of request, the data involved, and whether a customer relationship follows.

International transfers

Rastro works with service providers that may process data in more than one jurisdiction. Where personal data is transferred across borders, we rely on the safeguards required or appropriate for the relevant transfer, which may include contractual commitments and similar transfer mechanisms.

Your rights

Depending on where you live, you may have rights to request access to personal data, correction, deletion, restriction, objection, portability, or withdrawal of consent where consent is the basis for processing. You may also have the right to complain to a supervisory authority. To make a request, email augustin@rastro.ai.

If you are evaluating a customer relationship and need a data processing agreement, you can request one through the same contact path.

Security, children, and updates

We use reasonable technical and organizational measures to protect personal data, but no method of transmission or storage is completely secure. This site is intended for business users and is not directed to children. We may update this Privacy Policy from time to time by posting a revised version on this page with a new effective date or updated date.