Legal
Privacy Policy
Effective June 16, 2026 · Last updated June 17, 2026
This Privacy Policy explains what information Crown collects, how we use it, and the choices you have. It applies to our website, web application, and related services (together, the "Service"). By using Crown, you agree to this policy.
1. Who we are
Crown is operated by Astral AI Inc., a Delaware corporation headquartered in San Francisco, California ("Crown", "we", "us", or "our"). We are the controller of the personal information described here. For privacy questions or requests, contact us at savannah@astral.now.
2. Information we collect
Information you give us
- Account information. Your email address, and a password if you sign up with one. If you sign in through a provider such as Google, we receive basic account identifiers from that provider.
- Your content. The prompts, briefs, documents, files, images, and other material you create or upload, along with the outputs generated for you and the chat history within your documents.
- Connector credentials. If you link an outside account or supply your own API key for an optional connector (for example, a code repository or a video tool), we store what is needed to connect on your behalf. Secrets are encrypted before they are stored.
- Communications. If you contact us or send feedback, we keep your message and the email address you used.
Information we collect automatically
- Usage and billing data. Records of the features you use and the credits they consume, so we can run quotas and billing. This includes counts such as text, image, design, and video generations and the associated cost to serve them.
- Analytics and device data. Information about how you interact with the Service, such as the pages and features you view, the actions you take, referring links, your device and browser type, and the approximate location derived from your IP address. We collect this through a third-party product-analytics provider to understand and improve the Service.
- Session recordings. We may capture replays of your interactions with the Service, such as clicks, navigation, and scrolling, to diagnose problems and improve usability. These recordings are configured to mask sensitive input, including the text you type and your password.
- Diagnostic logs. To diagnose failures and improve reliability, we keep internal diagnostic records of how the AI agent handled a request, including the instruction you sent, the steps and tools the agent ran, and the outcome (including errors). These records are stored in our own systems, are not shared with new third parties, and are kept for a limited period.
- Session data. Essential cookies and similar technologies that keep you signed in and your session secure (see Cookies below).
Payment information
When you subscribe to a paid plan, our payment processor (Stripe) collects and processes your card details directly. We do not receive or store your full card number. We retain limited billing information such as your customer and subscription identifiers, plan, subscription status, and the last four digits of your card.
3. How we use your information
- to provide, maintain, and improve the Service and generate the content you ask for;
- to create and secure your account and authenticate you;
- to process payments, manage subscriptions, and enforce usage limits;
- to respond to your messages and provide support;
- to measure and analyze how the Service is used, through analytics and session recordings, so we can diagnose problems and improve it;
- to monitor for abuse, protect the Service, and keep it reliable and secure;
- to comply with legal obligations and enforce our Terms.
We do not sell your personal information, and we do not use your content to train our own foundation models.
4. AI processing of your content
Crown generates content using artificial intelligence. To do this, the prompts and content you submit are sent to third-party AI providers that produce text, image, and video outputs on our behalf. These providers process your content to return results to you. We share only what is needed to generate the output you request. We encourage you not to include sensitive personal information in your prompts or documents.
5. How your information is shared
We share information with service providers ("subprocessors") that help us run the Service, and only as needed for them to perform their work for us. These include:
| Provider | Purpose |
|---|---|
| Cloud database and storage provider | Hosting your account, documents, and generated assets |
| Third-party AI providers | Generating text, image, design, and video output from your prompts and content |
| Stripe | Processing payments and managing subscriptions |
| Product analytics provider | Measuring product usage and recording sessions to diagnose issues and improve the Service |
| Connector and integration providers | Managed authentication for optional connectors you choose to enable |
| Email and messaging providers | Sending account emails such as password resets and relaying feedback you send us |
When you choose to share a document, Crown creates a link that anyone who has it can open without signing in. A shared link stays active until you turn off sharing for that document. It does not expire on its own, and anyone holding the link can see the current version of the document, including later edits, until you revoke it.
We may also disclose information when required by law or legal process, to protect the rights, safety, and security of Crown, our users, or the public, or in connection with a merger, acquisition, or sale of assets, in which case we will continue to protect your information under this policy or notify you of any change.
6. Cookies
We use cookies and similar local storage for two purposes. First, essential cookies keep you signed in, maintain your session, and remember basic interface preferences; the Service cannot function without them. Second, we use analytics cookies and similar technologies, provided through our product-analytics provider, to understand how the Service is used and to record sessions so we can improve it. We do not use cookies for third-party advertising, and we do not sell the information they collect. You can block non-essential cookies through your browser settings, but blocking essential cookies may prevent you from signing in.
7. Data retention
We keep your information for as long as your account is active or as needed to provide the Service. Your documents and content are retained until you delete them or close your account. Images and other media you upload or generate are stored by our cloud storage provider and served from links that are not publicly listed but can be opened by anyone who has the link. These files may remain accessible through their links for a period after you delete the document that referenced them. Billing and usage records are kept as needed for accounting, audit, and legal purposes. Connector credentials are kept until you disconnect them. Internal diagnostic logs of agent activity are kept for a limited period and then deleted. When information is no longer needed, we delete it or anonymize it within a reasonable period, subject to legal retention requirements.
8. How we protect your information
We use reasonable technical and organizational measures to protect your information. Access to your data is restricted to your account through row-level security, connector secrets are encrypted at rest, and traffic to the Service is encrypted in transit. Sensitive credentials such as our AI provider keys are held on our servers and never exposed to your browser. No method of transmission or storage is completely secure, so we cannot guarantee absolute security.
9. Your rights and choices
You can access and update your account information, edit or delete your documents, disconnect connectors, and close your account at any time. Depending on where you live, you may have additional rights, such as the right to access, correct, delete, or receive a copy of your personal information, or to object to or restrict certain processing. To make a request, email us at savannah@astral.now. We will respond as required by applicable law, and we will not discriminate against you for exercising these rights. We do not sell or share your personal information for cross-context behavioral advertising.
10. Data location
We are based in the United States, and your information is processed in the United States and in other countries where our service providers operate. If you access the Service from outside the United States, you understand that your information may be transferred to and processed in countries whose data protection laws may differ from those in your country.
11. Children
The Service is not directed to children, and you must be at least 18 years old to use it. We do not knowingly collect personal information from anyone under 18. If you believe a minor has provided us information, contact us and we will delete it.
12. Changes to this policy
We may update this Privacy Policy from time to time. When we make material changes, we will post the updated policy here with a new effective date and, where appropriate, notify you in the app. Your continued use of the Service after the changes take effect means you accept the updated policy.
13. Contact
If you have questions or requests about your privacy, email us at savannah@astral.now.
