Privacy Policy
Last updated
Your privacy matters to us. This Privacy Policy explains what personal data we collect when you use Asterune, why we collect it, how long we keep it, and what rights you have over it.
Asterune is operated by Solarius B.V., a company registered in the Netherlands (Chamber of Commerce: 34262929). As an EU-based company, we are subject to the General Data Protection Regulation (GDPR) and take our obligations under it seriously.
If you have any questions about this policy or how your data is handled, contact us at [email protected].
1. What data we collect
1.1 Account information
When you create an account, we collect:
- Username β your chosen display name on Asterune
- Email address β used for account access, security notices, and transactional communications
- Password β stored as a one-way cryptographic hash; we never store or have access to your plain-text password
- Date of birth β used to apply age-appropriate content settings and comply with legal obligations regarding minors
- Gender β provided optionally at registration or in your profile settings
- Phone number β collected when you choose to verify your phone number; required to access voice chat features. Your phone number is used solely for verification and to enable voice chat access, and is not shared with other users.
1.2 Content you upload
Any content you submit to Asterune is stored and associated with your account, including:
- Avatar configurations and customizations
- Game assets, scripts, and creative works
- Profile images and other media
- Messages and chat history
- Voice chat recordings (see below)
Voice chat
Asterune includes a voice chat feature available to users who have verified their phone number. When you participate in a voice chat session, the audio is temporarily recorded and retained for 30 days for the purpose of moderation and platform safety. After this period, recordings are permanently deleted.
Voice chat recordings may be processed in the following ways:
- Automated screening β recordings may be analysed by automated systems to detect abusive content, hate speech, or other violations of our Community Guidelines.
- Human review β in cases where automated screening flags a potential violation, or in response to a report from another user, a member of our moderation team may listen to a recording.
Recordings are accessed only for moderation purposes and are not used for advertising or shared with third parties outside of the processors listed in section 4. Voice chat is only available to users who have completed phone number verification.
1.3 Technical and device data
When you use Asterune, we automatically collect certain technical data, including:
- IP address β used for security, fraud prevention, and general location inference (country/region level)
- Hardware identifiers β collected from the Asterune client to detect multi-accounting, ban evasion, and fraudulent activity
- Browser or client type and version
- Operating system
- Session data β including login timestamps, session duration, and in-platform activity logs
Asprot anticheat
Asterune uses a proprietary anticheat system called Asprot, which runs in userspace on your device while you are using the Asterune client. Asprot collects the following data to detect cheating, unauthorized software, and ban evasion:
- Hardware identifiers (CPU, GPU, motherboard, and device serial information)
- Integrity checksums of Asterune client files
Asprot analyzes the following data in real time, but does not transmit it to our servers:
- Running processes and their signatures
- Memory patterns indicative of known cheats or unauthorized software
Asprot operates only while the Asterune client is open and does not run in the background after you close it. The data it collects is transmitted to our servers and handled in accordance with this policy. Use of the Asterune client requires Asprot to be active β it cannot be disabled without also being unable to connect to the platform.
1.4 Payment data
When you make a purchase, payment is processed by Stripe. We do not store your full card details. We retain a record of the transaction, including the amount, date, and a tokenized reference provided by Stripe, for billing, refund, and fraud prevention purposes.
1.5 Analytics data
We run self-hosted analytics to understand how Asterune is used and to improve the platform. This data is aggregated and does not identify you individually. No third-party analytics services are used.
2. Why we collect it and our legal basis
Under GDPR, we must have a lawful basis for processing your personal data. The table below sets out why we collect each category of data and the legal basis we rely on.
| Purpose | Data used | Legal basis |
|---|---|---|
| Creating and managing your account | Username, email, password, DOB | Contract |
| Applying age-appropriate content settings | Date of birth | Legal obligation / legitimate interests |
| Detecting and preventing fraud and ban evasion | IP address, hardware identifiers, activity logs | Legitimate interests |
| Processing payments and managing billing | Transaction records, email | Contract |
| Sending transactional emails (receipts, security alerts, account notices) | Email address | Contract |
| Sending push and in-platform notifications | Device token, account data | Contract / consent |
| Platform analytics and improvement | Aggregated usage data | Legitimate interests |
| Verifying phone number and enabling voice chat access | Phone number | Contract / consent |
| Voice chat moderation and platform safety | Voice chat recordings | Legitimate interests / legal obligation |
| Complying with legal obligations | Any relevant data | Legal obligation |
We do not use your personal data for automated decision-making or profiling in ways that produce legal or similarly significant effects.
3. Cookies and tracking
Asterune uses a minimal set of cookies, all of which are strictly necessary for the platform to function. We do not use advertising cookies, tracking pixels, or third-party analytics cookies.
| Cookie | Provider | Purpose |
|---|---|---|
| Session / authentication | Solarius (first-party) | Keeps you logged in |
| Security / bot protection | Cloudflare | DDoS mitigation and traffic filtering |
| Payment session | Stripe | Secures the checkout flow |
Because these cookies are strictly necessary for the service to operate, they do not require your consent under EU cookie law. We do not set any non-essential cookies.
4. Who we share your data with
We do not sell your personal data to any third party, ever.
We share data only with the following processors, strictly as necessary to provide the service:
Cloudflare
All traffic to Asterune passes through Cloudflare's network for DDoS protection, security filtering, and content delivery. Cloudflare processes IP addresses and request metadata as part of this service. Cloudflare is a GDPR-compliant processor operating under standard contractual clauses. Cloudflare Privacy Policy
Stripe
Payment processing is handled by Stripe. When you make a purchase, you are submitting your payment details directly to Stripe, which processes them under its own privacy policy. We receive a transaction token and confirmation from Stripe but do not handle raw card data. Stripe Privacy Policy
Email provider
We use a third-party email provider to deliver transactional emails such as account verification, password resets, and billing receipts. This provider processes your email address and the content of emails sent on our behalf. They do not use this data for their own marketing purposes.
Infrastructure
Asterune's servers and databases are self-hosted. Your data does not transit through third-party cloud providers outside of the processors named above.
5. Data retention
We retain your personal data for as long as your account is active or as necessary to provide the service. Specific retention periods are as follows:
| Data | Retention period |
|---|---|
| Account data (username, email, DOB, gender) | Until account deletion, plus up to 30 days for recovery |
| Uploaded content | Until deleted by you or removed by moderation, or until account deletion |
| Transaction records | 7 years (Dutch tax and accounting law) |
| Server and activity logs | 90 days on a rolling basis |
| Hardware identifiers (ban evasion records) | Up to 5 years from the date of a permanent ban |
| Voice chat recordings | 30 days on a rolling basis, then permanently deleted |
| Phone number (verified) | Until account deletion or removal of phone verification by the user |
When you delete your account, your personal data is permanently deleted from our systems within 30 days, except where we are required by law to retain certain records (e.g. financial transaction data).
6. Data relating to minors
Asterune collects date of birth from all users and uses automated signals to infer age. Users who are identified as minors receive additional protections by default, including stricter content filtering and restricted communications settings.
We do not knowingly collect data from children under the age of 13. If we become aware that an account belongs to a child under 13 without verified parental consent, we will delete the account and associated data promptly.
If you are a parent or guardian and believe your child under 13 has registered on Asterune, please contact us at [email protected].
7. Your rights under GDPR
As a data subject under GDPR, you have the following rights:
- Right of access β you can request a copy of the personal data we hold about you
- Right to rectification β you can ask us to correct inaccurate or incomplete data
- Right to erasure β you can ask us to delete your personal data, subject to our legal retention obligations
- Right to restriction β you can ask us to restrict how we process your data in certain circumstances
- Right to data portability β you can request your data in a structured, machine-readable format
- Right to object β you can object to processing based on legitimate interests
- Right to withdraw consent β where processing is based on consent (e.g. push notifications), you can withdraw it at any time without affecting the lawfulness of prior processing
To exercise any of these rights, contact us at [email protected]. We will respond within 30 days. We may need to verify your identity before fulfilling a request.
If you are not satisfied with how we handle your request, you have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) at autoriteitpersoonsgegevens.nl, or with the supervisory authority in your country of residence if you are based in another EU member state.
8. International data transfers
Asterune's infrastructure is self-hosted. To the extent that your data is processed by Cloudflare or Stripe, it may be transferred outside the European Economic Area. Both processors rely on Standard Contractual Clauses (SCCs) approved by the European Commission to ensure adequate protection for such transfers.
9. Security
We take appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These include encrypted data storage, hashed passwords, access controls, and regular security reviews.
No system is completely secure. If you believe your account has been compromised, contact us immediately at Solarius support.
In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the Autoriteit Persoonsgegevens within 72 hours as required by GDPR, and will notify affected users where required.
10. Changes to this policy
We may update this Privacy Policy from time to time. When we do, we will update the date at the top of this page. For material changes, we will notify you by email or via an in-platform notice. Continued use of Asterune after the effective date of any update constitutes acceptance of the revised policy.
Contact and data controller
Solarius B.V.
VAT ID: NL-8188.17.147.B01
Chamber of Commerce: 34262929
Privacy enquiries: [email protected]
General support: solarius.me/support