Privacy Policy — Aster

Last updated: 08-04-2026

1) Who is responsible for data processing?

Aster is a web application (PWA) designed to help animal welfare organizations organize their information (members, animals, foster families, etc.).

Data controller: Mickaël Dutfoy

Contact: m.dutfoy@gmail.com

Website: https://aster-app.eu/

Note: Aster is an independent project with no commercial goal.

2) What data is collected?

Aster collects only the data necessary for the application to work, as well as the data users voluntarily enter.

Account-related data

  • Email address (required): account creation, sign-in, and technical communications (e.g., notifications).
  • Password: never stored in plain text (stored as a hash).
  • Phone number: to help members of the same organization contact each other (internal directory). Your phone number will never be used for commercial or advertising purposes by the application or its developer.

Data entered in the application

Depending on how it is used, the application may contain:

  • organization information (name, description, etc.)
  • member data (name / nickname, role in the organization, etc.)
  • animal data (identification, status, notes, etc.)
  • foster families: descriptive information, which may include an address
  • Treasury data (transactions, amounts, categories, notes), which may include information about third parties (e.g. donors, service providers)

Foster-family information may refer to someone who does not use the app (e.g., “Granny Ginette, 91, foster family — Nokia 3310 master race”).

Aster does not collect “hidden” data: no microphone, no GPS, no access to your contacts, etc.

3) Why is this data used?

Data is used to:

  • create and manage user accounts
  • secure access to private areas (data visible only to relevant members)
  • help organizations organize their information (members / animals / foster families)
  • provide support and maintenance (e.g., diagnosing technical issues)
  • Allow organizations to track their treasury (income / expenses)

4) Legal basis (GDPR)

Depending on the situation, processing is based on:

  • performance of a contract: providing the requested service (account, access, features)
  • legitimate interest: security, abuse prevention, maintenance
  • consent: when users voluntarily enter certain information (e.g., notes, extra details)

5) Who can see the data?

  • Data is private by default: access depends on your membership in an organization and your permissions within it.
  • Data is not sold and is not shared for commercial purposes.
  • Certain sensitive data (e.g. treasury) is only accessible to members with the appropriate permissions (admin / manager).

Technical providers (hosting / emails)

Aster relies on technical services to operate:

  • Vercel: application hosting
  • Neon: PostgreSQL database hosting
  • Resend: transactional email delivery

These providers act as technical processors: they process data only to provide the service.

6) Cookies and trackers

Aster uses cookies/storage strictly necessary for operation (e.g., sign-in session, language).

Aster does not include targeted ads, data resale, or intrusive marketing analytics tools.

If this changes in the future, this page will be updated and the app will clearly inform users.

7) Security

Aster implements reasonable security measures, including:

  • hashed passwords
  • authenticated access to private data
  • HTTPS encrypted communications
  • role-based permissions (member / admin, etc.)

No security is absolute, but the goal is to protect data from unauthorized access.

8) Retention period

Data is kept as long as the account is active and/or as long as it is needed for an organization using Aster.

When an account is deleted, related data is deleted or anonymized when possible, while some information may be retained if needed for data integrity (e.g., an organization’s internal history), depending on the case.

9) Your rights (access, correction, deletion)

Under the GDPR, you may request:

  • access to your data
  • correction
  • deletion (“right to be forgotten”) where applicable
  • restriction / objection (depending on the situation)

Contact: m.dutfoy@gmail.com

As the application evolves, some of these actions will be available directly from the interface, without requiring a manual request (for example: editing the user profile, deleting the account).

10) Changes

This policy may change as Aster evolves. The update date is shown at the top of the page.