Privacy Policy
Last updated: April 28, 2026
Join the waitlist for early access to ASTRID.
Over 1,000 people have already signed up to be part of first to experience a healthcare system built for people, not payers.
Questions? Contact privacy@astrodoc.com
AstroDoc, Inc. (“AstroDoc,” “we,” “us,” or “our”) provides ASTRID, an AI-powered health, dental, and veterinary information assistant available at www.myastrid.ai, via mobile apps, and related services (the “Services”). This Privacy Policy explains how ASTRID handles information when you interact with it.
The defining feature of ASTRID’s privacy posture is what we do not do: ASTRID is a stateless service. We do not require accounts. We do not store conversations. We do not retain any personal information after a session ends. Most of the obligations described in conventional privacy policies — data retention schedules, deletion procedures, access requests against held data — do not apply because there is no data to hold.
This Privacy Policy applies to all ASTRID users worldwide, across all agents including the Medical Agent, Dental Agent, and Veterinary Agent. The same protections apply regardless of which agent you use. This Policy is incorporated into our Terms of Service.
ASTRID is an information service only. No clinical, therapeutic, or professional care relationship — including no doctor-patient, dentist-patient, or veterinarian-client-patient relationship (VCPR) — is created through your use of ASTRID. Any clinical care resulting from your use of ASTRID is governed solely by the licensed provider delivering that care.
ASTRID is an artificial intelligence system. You are continuously informed of this through a persistent AI disclosure in the chat interface and a separate consent gate that is repeated weekly. By using ASTRID, you acknowledge that you have read and understood this Privacy Policy and that you are interacting with an AI system, not a human clinician.
When you ask ASTRID a question, your query is processed in real time and a response is generated. Once the session ends, the query, the response, and any information you provided during the conversation are not retained. ASTRID does not maintain a record of your conversation, and you cannot retrieve a past conversation because none is stored.
You may share questions about health (Medical Agent), dental and oral health (Dental Agent), or pet health (Veterinary Agent). You control what you share; ASTRID does not require any specific information. Any information you provide is processed only for the purpose of generating your response and is discarded when the session ends.
Important Note on Animal Health Data: Information about your animal’s health relates to your pet, not to you personally. Animal health data is generally not classified as personal health data under most frameworks. Regardless, all session data is treated identically and is not retained.
ASTRID’s infrastructure providers may briefly process technical metadata associated with a request — such as IP addresses, browser type, or session identifiers — for the purpose of routing the request, applying rate limits, and protecting against abuse. AstroDoc does not collect or retain this technical metadata for marketing, profiling, or analytics. Where infrastructure providers maintain short-term security logs, those logs are governed by the providers’ contractual obligations to AstroDoc, which prohibit using such data for any purpose other than operating the Service.
ASTRID does not collect names, email addresses, phone numbers, dates of birth, account credentials, payment information, precise location, biometric identifiers, social media profiles, contacts, calendar data, photographs, or files. ASTRID does not connect to wearables, health apps, or third-party data sources. ASTRID does not track you across sessions, devices, or websites.
The only use of information you share during a session is to generate the response to your question. Once the response is delivered and the session ends, the information is not retained, analyzed, or repurposed.
Infrastructure-level technical metadata may be processed briefly for security, abuse prevention, and operational reliability. This processing occurs at the infrastructure layer, not the AstroDoc application layer, and is subject to contractual restrictions on the providers handling it.
ASTRID does not use your information for marketing, advertising, AI model training, profiling, third-party sharing, research databases, or any commercial purpose beyond providing your response. There is no continuity across sessions, no personalization across sessions, and no internal record of your past conversations.
ASTRID operates with a small set of infrastructure providers necessary to deliver the Service: a cloud hosting platform, an AI processing partner, a voice synthesis provider for voice agents, and security tooling. These providers process queries solely to generate your response and are contractually prohibited from using session content for their own purposes, retaining content beyond what is required to generate the response, or sharing content with third parties.
ASTRID is built on a proprietary AI infrastructure with multi-LLM referencing. Our AI processing partners operate under contractual restrictions that prohibit using user data for model training and require deletion of session content after response generation. We do not publicly identify specific providers.
We may disclose information when legally required by court order, lawful subpoena, government request, or to protect the rights, property, or safety of AstroDoc, our users, or the public. Because ASTRID does not store conversations, the only information potentially available to legal process is whatever transient technical metadata exists at the infrastructure layer at the time the request is received.
In the event of a merger, acquisition, or asset sale, the operational components of ASTRID may transfer as part of the transaction. Because ASTRID does not retain a user data store, no user data is transferred. The acquiring entity will be bound by the privacy commitments described in this Policy or notify users of any material change.
ASTRID is an artificial intelligence system within the meaning of Article 3 of Regulation (EU) 2024/1689 (the EU AI Act). ASTRID is positioned as a limited-risk AI system under the AI Act framework, providing health information to users without making autonomous clinical decisions. ASTRID is not classified as a high-risk AI system because it does not perform diagnosis, prescription, treatment planning, or any other function that would meet the criteria of Annex III of the AI Act.
In compliance with Article 50(1) of the EU AI Act, users are continuously informed that they are interacting with an AI system. This disclosure is implemented at three points: a persistent visual indicator in the chat interface, an explicit consent gate that users must affirm before each new period of use (refreshed weekly), and language inside ASTRID’s responses where appropriate. Users cannot interact with ASTRID without first acknowledging that ASTRID is an AI system, not a human clinician.
In compliance with Article 50(2) of the EU AI Act, ASTRID’s responses are AI-generated. The persistent AI disclosure described above serves as the labeling mechanism for AI-generated content within the Service.
Your conversations are never used to train any AI model. ASTRID’s AI processing partners are contractually prohibited from using session content for training, fine-tuning, or model improvement. AI improvements are based on publicly available medical, dental, and veterinary literature, licensed datasets, and synthetic or manually curated training data — never on user conversations.
You have the right to know that you are interacting with an AI system (provided continuously through the disclosure described above), to understand the general purpose of AI processing (described in this Policy), and to object to AI processing by discontinuing use of ASTRID. Because ASTRID does not make autonomous decisions that affect you in any binding way — it provides information for you to consider — the right to human review of automated decision-making generally does not apply. If you have concerns about a specific response, contact privacy@astrodoc.com.
ASTRID’s security posture is shaped by its statelessness. The strongest privacy protection is the absence of stored data: there is no user database to breach, no conversation archive to exfiltrate, no account credentials to compromise.
Communications between users and ASTRID are encrypted using current TLS standards. AI processing partners and infrastructure providers operate within encrypted channels and meet recognized security standards.
AstroDoc personnel with access to operational systems are subject to confidentiality obligations and need-to-know access controls. ASTRID undergoes periodic security review.
If a security incident occurs that affects ASTRID’s processing infrastructure in a way that could plausibly expose user information transiting the system, we will notify affected users and applicable regulators in accordance with the strictest applicable timeline — generally within 72 hours for users in the EU and UK (per GDPR / UK GDPR), and as required by law in other jurisdictions. Because ASTRID does not retain stored personal data, the breach categories most often cited in privacy law are not applicable to AstroDoc’s systems. Notifications will describe what occurred, what categories of information were potentially affected, what corrective steps have been taken, and where users can obtain further information.
No system is fully secure. While we maintain strong protections and minimize the categories of data that could ever be exposed, we cannot guarantee absolute security against all threats.
ASTRID does not retain user conversations, queries, responses, or any user-identifiable information. Sessions are not logged. There is no user database. Information you provide during a session is discarded when the session ends. There is nothing to retrieve later, nothing to delete, and nothing for AstroDoc to access on your behalf.
Infrastructure providers may maintain short-term technical logs (such as request metadata) for security and operational purposes. These logs are governed by the providers’ contractual obligations and standard security practices, not retained by AstroDoc, and not used for any purpose other than operating the Service.
If AstroDoc receives a valid legal preservation request, we will preserve only what we have at the time of the request — which, for stored user data, is nothing.
Because ASTRID stores nothing, the most powerful privacy choice you have is the same one available in any conversation: choose what to share. ASTRID does not require any specific information from you to function.
When you end a session, your conversation ends with it. There is no archive to delete and no stored history to manage.
You have the right to receive information about how ASTRID processes data. This Policy provides that information. For specific questions, contact privacy@astrodoc.com.
If you do not wish ASTRID to process your queries — even ephemerally — the appropriate course is to discontinue use of ASTRID. Because ASTRID processes only what you actively send, ending use ends processing.
We will acknowledge inquiries within five business days and respond substantively within 30 days. For users whose local laws specify shorter timeframes (such as the GDPR’s one-month standard), we will honor those.
AstroDoc is based in the United States. ASTRID’s AI processing infrastructure operates from the United States and other jurisdictions. When you interact with ASTRID, your real-time query may transit international boundaries to reach the AI processing layer and back. This is real-time processing only — no data is stored at any location.
For users in the European Union and European Economic Area, real-time processing transfers to the United States rely on the EU–US Data Privacy Framework and Standard Contractual Clauses with our infrastructure providers, supplemented by the data-minimization fact that nothing is retained.
For users in the United Kingdom, transfers rely on the UK International Data Transfer Agreement, the UK Addendum to EU SCCs, and the same data-minimization architecture.
For users in other jurisdictions, transfers occur subject to appropriate contractual safeguards with infrastructure providers.
Because ASTRID does not retain data, the privacy concerns most commonly associated with international data transfers — long-term storage in foreign jurisdictions, secondary use, government access to historical records — are largely inapplicable. The transfer is the processing, and the processing ends when the session ends.
A note on the rights described below: most jurisdictional privacy frameworks confer rights such as access, correction, deletion, and portability that apply to data the controller holds. Because AstroDoc holds no personal data, most of these rights are not practically applicable. The right to be informed about processing, the right to object to processing, and the right to lodge complaints with supervisory authorities apply regardless of whether data is stored, and we honor those rights for all users.
Legal Bases for Processing: ASTRID processes user queries on the basis of contract performance (delivering the requested information) under Article 6(1)(b), and where health-related context is voluntarily shared, on the basis of explicit consent under Article 9(2)(a). Processing is real-time only and ceases when the session ends.
Your GDPR Rights: You have the right to be informed of processing (this Policy), to access information about how processing occurs (contact privacy@astrodoc.com), to object to processing (by ending use of ASTRID), to withdraw consent (by ending use of ASTRID), to be free from solely automated decisions that produce legal or similarly significant effects on you (ASTRID provides information, not binding decisions), and to lodge complaints with a supervisory authority.
Data Protection Officer: privacy@astrodoc.com. EU Representative: Available upon request per Article 27. Supervisory Authority: edpb.europa.eu
Similar rights apply under the UK GDPR and the Data Protection Act 2018. Information Commissioner’s Office: ico.org.uk, 0303 123 1113.
Under the California Consumer Privacy Act and California Privacy Rights Act, California residents have rights to know what personal information is collected, used, and shared; to delete personal information; to correct inaccurate personal information; to opt out of “sale” or “sharing”; to limit use of sensitive personal information; and to be free from discrimination for exercising these rights.
Application to ASTRID: AstroDoc does not collect or retain personal information of California residents. AstroDoc does not “sell” or “share” personal information within the meaning of the CCPA. There is no personal information for AstroDoc to delete or correct, because none is held. Sensitive personal information (which would include health information shared during a Medical Agent or Dental Agent session) is processed only to generate the user’s real-time response and is not retained.
Authorized Agents: Permitted with verifiable written authorization. Contact: privacy@astrodoc.com, subject: “California Privacy Request.” Phone: (702) 478-5080.
The Washington My Health My Data Act (MHMDA) applies to “consumer health data” of Washington residents. AstroDoc’s MHMDA posture follows directly from ASTRID’s stateless architecture:
Collection. AstroDoc does not collect consumer health data of Washington residents within the meaning of MHMDA. ASTRID processes user queries in real time and discards all session content when the session ends. No consumer health data is retained.
Sharing. AstroDoc does not share consumer health data with third parties. Real-time processing by AI infrastructure providers occurs under contractual restrictions that prohibit the use of session content for any purpose other than generating the user’s response.
Sale. AstroDoc does not sell consumer health data and does not engage in any practice that could be characterized as such.
Geofencing. AstroDoc does not use geofencing technology around any healthcare facility or other location for any purpose. ASTRID does not use precise location data and does not detect proximity to physical locations.
Consent. Because no consumer health data is collected, retained, shared, or sold, no separate consent regimes for collection or sharing are required. The continuous AI disclosure and the user’s voluntary submission of queries provide the only consent relevant to the processing that does occur.
Consumer Health Data Privacy Policy. This Section 10.4 serves as AstroDoc’s Consumer Health Data Privacy Policy under MHMDA and is linked separately from the ASTRID homepage.
Rights of Washington Residents. Washington residents have the right to confirm whether AstroDoc collects, shares, or sells their consumer health data (the answer is no), to access any consumer health data AstroDoc holds (none is held), to delete any consumer health data AstroDoc holds (none is held), and to withdraw consent to collection or sharing (no collection or sharing occurs). Washington residents who believe their rights under MHMDA have been violated may file a complaint with the Washington State Attorney General.
Contact: privacy@astrodoc.com, subject: “Washington Health Data Request.”
AstroDoc is headquartered in Las Vegas, Nevada. Nevada residents have rights under Nevada Revised Statutes Chapter 603A, including the right to opt out of the sale of covered information. AstroDoc does not sell covered information, personal information, or any user data. There is no covered information to sell, because none is collected or retained. Contact: privacy@astrodoc.com, subject: “Nevada Privacy Request.”
Residents of Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, and other states with comprehensive privacy laws have rights to access, correct, delete, and opt out of certain processing. Because AstroDoc does not retain personal information, the practical scope of these rights is limited to what AstroDoc holds, which is nothing. Contact privacy@astrodoc.com with your state and the nature of your request.
Canadian users have rights under PIPEDA to access, challenge accuracy, withdraw consent, and file complaints. AstroDoc does not retain personal information of Canadian users. Office of the Privacy Commissioner of Canada: priv.gc.ca, 1-800-282-1376.
Australian users have rights under the Privacy Act 1988 to access, correct, complain, and withdraw consent. AstroDoc does not retain personal information of Australian users. Office of the Australian Information Commissioner: oaic.gov.au, 1300 363 992.
New Zealand users have rights to access, request correction, and complain. AstroDoc does not retain personal information of New Zealand users. Office of the Privacy Commissioner: privacy.org.nz, 0800 803 909.
Regardless of where you reside, AstroDoc does not retain your personal data, does not sell or share your queries with advertisers, does not use your conversations to train AI models, and does not engage in tracking or profiling. If your local law confers privacy rights, we will honor those that apply to ASTRID’s processing upon verified request. Contact: privacy@astrodoc.com.
ASTRID is not intended for use by children under 13 years of age and is not intended for independent use by minors of any age. Where parental supervision is permitted by applicable law, a parent or legal guardian may supervise a minor’s use of ASTRID.
Jurisdictional thresholds:
ASTRID is a health information service. Some health questions a minor might ask — particularly those relating to mental health, sexual health, reproductive health, substance use, or self-harm — are sensitive and benefit from the involvement of a trusted adult, a clinician, or a youth-appropriate health resource. ASTRID does not replace the judgment of a parent, guardian, or healthcare provider. If you are a minor facing something difficult, we encourage you to talk to a trusted adult or use a youth-specific helpline in your country.
Because ASTRID does not collect personal information from any user — including children — there is no data set of children’s information for AstroDoc to manage, delete, or restrict. If we become aware that a child under 13 has been using ASTRID independently without appropriate parental supervision, we will respect any parental request communicated to us through the contacts below.
Parents and legal guardians may contact AstroDoc to express concerns about a minor’s use of ASTRID or seek any other relief available under applicable law. Because AstroDoc does not retain conversations, requests for retrieval or deletion of a minor’s past conversations cannot be fulfilled — nothing is stored to retrieve or delete.
ASTRID’s prompts are designed to handle sensitive topics — including suicide and self-harm content — with appropriate care, and to direct users to crisis resources when relevant. These protections apply to all users, including minors using ASTRID with parental supervision.
Contact: privacy@astrodoc.com, subject: “Parental Privacy Inquiry.”
ASTRID’s website may use a minimal set of cookies and similar technologies. Because ASTRID does not maintain user accounts or persistent profiles, the cookie footprint is intentionally small.
Strictly necessary (no consent required): Session integrity, security, and load balancing during an active session. These cookies do not track you across sessions or websites.
Functional (consent-based where required): Language and accessibility preferences for the duration of a session.
Analytics and advertising: ASTRID does not currently use analytics cookies that profile individual users, and does not use advertising cookies. If this changes in the future, we will update this Policy and obtain consent before deployment in jurisdictions where consent is required.
For users in the European Union, the United Kingdom, and other jurisdictions where consent is required for non-essential cookies, ASTRID’s website displays a consent interface before any non-essential cookie is set. The consent interface offers a granular choice — you can accept all, reject all, or select categories — and the “reject” option is presented as prominently as the “accept” option, in accordance with EU and UK regulator guidance.
ASTRID honors browser-based Do Not Track (DNT) signals for non-essential cookies. ASTRID honors Global Privacy Control (GPC) signals where required by law as an opt-out of “sale” or “sharing” — though, as described elsewhere in this Policy, AstroDoc does not engage in selling or sharing personal information.
ASTRID may include links to third-party websites, such as the websites of medical, dental, or veterinary organizations whose guidelines ASTRID references. This Policy does not apply to those sites; their own privacy policies do.
ASTRID does not integrate social media login. If AstroDoc operates social media accounts, those platforms have their own privacy policies governing how data is handled when you interact with AstroDoc on those platforms.
We may update this Policy when ASTRID’s architecture, features, or applicable law changes. The current version is always available at the URL where you obtained this Policy.
For material changes — particularly any change that introduces collection or retention of personal data — we will provide prominent notice on the ASTRID homepage and within the chat interface. Where applicable law requires renewed consent, we will obtain it before any new collection begins.
For clarifications, formatting changes, or non-material updates, we will update the “Effective Date” at the top of this Policy.
You may request previous versions of this Policy at privacy@astrodoc.com.
Email: privacy@astrodoc.com
Mail: AstroDoc, Inc., Attn: Privacy Officer, 851 S. Rampart Blvd., Suite 110, Las Vegas, NV 89145
Phone: (702) 478-5080
privacy@astrodoc.com | (702) 478-5080
With AstroDoc: Email privacy@astrodoc.com with the subject “Privacy Complaint.” We will acknowledge within five business days and respond within 30 days. We do not retaliate against users who file privacy complaints.
With Regulatory Authorities:
