Astra

Desktop Required

For the best experience, please access the bez dashboard on a desktop or laptop computer with a larger screen.

The dashboard contains complex workflows and tools that are optimized for desktop viewing.

Go to home

Astra Security & Privacy Policy

Last updated: Aug 02, 2025

At Astra, we build products that understand & comply with the jewelry industry's high bar for security and privacy. Safeguarding your data and ensuring you understand exactly how we handle it is central to our mission. This document explains our security posture and privacy practices in clear, concise terms.

By using the Service, You agree to the collection and use of information in accordance with this Policy.

Definitions

For the purposes of this Privacy Policy:

  • Account means a unique account created for You to access our Service or parts of our Service.
  • Affiliate means an entity that controls, is controlled by, or is under common control with a party, where “control” means ownership of 50% or more of the shares, equity interest, or other securities entitled to vote for election of directors or other managing authority.
  • Company (referred to as either “Astra”, “We”, “Us” or “Our” in this Policy) refers to Astra Engineers, Inc.
  • Cookies are small files placed on Your device by a website containing details of your browsing history among its many uses.
  • Country refers to New York, United States.
  • Device means any device that can access the Service such as a computer, smartphone, or tablet.
  • Personal Data is any information that relates to an identified or identifiable individual.
  • Service refers to the Website.
  • Service Provider means any natural or legal person who processes the data on behalf of the Company.
  • Usage Data refers to data collected automatically, either generated by the use of the Service or from the Service infrastructure itself (e.g., the duration of a page visit).
  • Website refers to Bez, accessible from usebez.ai.
  • You means the individual accessing or using the Service, or the company, or other legal entity on behalf of which such individual is accessing or using the Service, as applicable.

1. Security

1.1 Shared-Responsibility Model

Astra runs on best-in-class cloud infrastructure. We rely on Firebase (Authentication, Firestore, Storage), Vercel (application hosting, firewall, and edge network), and Redis Cloud. These vendors secure the physical facilities and core platform; Astra is responsible for configuring and using those services securely within our application.

1.2 Employee Access and Governance

Every employee accepts our security policy during onboarding, and least-privilege, role-based permissions limit access to production systems. The CTO reviews the policy each July (most recently in July 2025) or sooner if a material change requires it.

1.3 Application Security Measures

All traffic travels over TLS-encrypted HTTPS. Secrets and API keys live only in environment variables, never in the codebase. Data at rest is encrypted by our cloud providers. Automated testing, peer code reviews, and audit logs for privileged actions help us catch issues before they reach production.

1.4 Incident Response

Should we discover unauthorized access to, or disclosure of, personal data, we will notify affected users and any relevant regulators without undue delay, as required by law.

2. Privacy

2.1 Information We Collect

Account data – your name, email address, and a password hash when you create an account.

User-supplied content – images you upload or generate (encrypted) and prompts sent to our AI services.

Usage data – logs of device type, browser version, IP address (not stored, only if you ask for IP locking), and interaction events captured automatically for security and analytics.

2.2 Third-Party Sub-Processors

To deliver the Service we share data with: Firebase, Vercel, Redis Cloud and Replicate. Each provider operates under its own security and compliance program, and we contractually require them to protect your data.

2.3 Your Choices and Rights

You may access or delete your personal data at any time from your account settings, or by emailing us. We do not knowingly collect information from children under 13.

2.4 Data Retention

We store your data while your account remains active, or as needed to operate the Service.

2.5 Delete Your Personal Data

You have the right to delete or request that we assist in deleting Personal Data that we have collected about you.

Where available, the Service allows you to delete certain information from within your account settings. You may also contact us to request access to—or deletion of—any personal information you have provided. Please note we may retain some data when we have a legal obligation or lawful basis to do so.

2.6 Disclosure of Your Personal Data

Business Transactions

If Astra is involved in a merger, acquisition, or asset sale, your Personal Data may be transferred. We will provide notice before your Personal Data is transferred and becomes subject to a different Privacy Policy.

Law Enforcement

Under certain circumstances, Astra may be required to disclose your Personal Data if required to do so by law or in response to valid requests by public authorities (e.g., a court or government agency).

Other Legal Requirements

Astra may disclose your Personal Data in the good-faith belief that such action is necessary to:

  • Comply with a legal obligation
  • Protect and defend the rights or property of the Company
  • Prevent or investigate possible wrongdoing in connection with the Service
  • Protect the personal safety of users of the Service or the public
  • Protect against legal liability

Security of Your Personal Data

While we strive to use commercially acceptable means to protect your Personal Data, remember that no method of transmission over the Internet or method of electronic storage is 100% secure.

2.7 Children's Privacy

Our Service does not address anyone under the age of 13. We do not knowingly collect personally identifiable information from anyone under the age of 13. If you are a parent or guardian and you are aware that your child has provided us with Personal Data, please contact us so that we can take steps to remove that information.

2.8 Links to Other Websites

Our Service may contain links to other websites not operated by Astra. If you click a third-party link, you will be directed to that site. We strongly advise you to review the privacy policy of every site you visit. We have no control over—and assume no responsibility for—the content, privacy policies, or practices of any third-party sites or services.

3. Changes to This Policy

When we revise this document, we update the "Last updated" date above and, for material changes, notify you by email or in-app message before the new terms take effect.

4. Contact

Questions or requests? Reach us at privacy@astra-engineering.co.