What we collect.

Astor signs you in with Sign in with Apple. Apple sends us a stable, opaque identifier that does not include your real Apple ID. If you choose to share an email, Apple may give us a relay address ending in privaterelay.appleid.com; we use it only to reach you about your account.

That identifier is what we store as you. We do not see your name, your phone, your contacts, your calendar, your photos, your microphone, or your location. We never ask for them.

When you ask Astor to write a volume, the topic, your level/voice/length choices, and the chapter text it generates pass through our HTTPS proxy at marginalia-api-three.vercel.app. The proxy fans those requests out to two upstream model providers:

• Anthropic — for the prose, chapter structure, and margin replies.
• OpenAI — for the engraved-style plates and dropcaps that illustrate the volume.

Your highlights and the questions you put to the margin pass the same way, along with the surrounding paragraph so the reply can stay in the voice of the page.

We do not send your identity to the model providers. The request to Anthropic and OpenAI carries only the text needed to compose the reply — not your account identifier.

Your library lives on your Mac. We hold a small server-side record so the app can sign you back in: the Apple identifier, the date you joined, and a short audit log of API calls (timestamp, route, status code) we keep for thirty days for abuse-prevention.

Anthropic and OpenAI process the prompts under their own retention policies. Per their terms, API requests are not used to train their models, and inputs are retained for a short operational window (typically up to 30 days for abuse monitoring) before deletion. See:

• Anthropic privacy policy
• OpenAI privacy policy

• No third-party analytics SDKs. No Google, no Mixpanel, no Segment, no Sentry, no Crashlytics.
• No advertising identifiers (IDFA, IDFV). Astor does not request them and does not link them.
• No selling of personal information. There is no buyer to sell to and never will be.
• No reading of your other documents. Astor never asks the system for files outside the volumes it wrote.
• No training on your reading. Your prompts and highlights are not used to improve any model.

You can ask us, by writing to yask123@gmail.com, to:

• Show you everything we hold about your account.
• Correct anything that looks wrong.
• Delete your account and the server-side record entirely. We will do this within fourteen days and confirm by email.

If you are in the EU, UK, or California, the rights afforded by GDPR, the UK GDPR, and the CCPA apply to your data. We treat every reader as if those rights applied, regardless of where they read.

Astor is not directed to children under 13, and we do not knowingly collect personal information from them. If you believe a child under 13 has registered an account, write to us and we will delete the record.

If the policy materially changes — if we ever begin collecting something we don't collect today — we will say so on this page and, for changes that affect existing accounts, by email before they take effect. The effective date at the top of this page reflects the current version.