ASTRO Privacy Statement
Last updated: April 11, 2026
1. What this document is
This is not a generic privacy policy.
This document explains:
- what data exists in ASTRO
- why it exists
- how it is used
- what will never happen to it
If a capability is not described here, it is not part of ASTRO.
2. Core principle
ASTRO is built on a simple rule:
Data exists to establish truth, trust, and operation — not to be harvested, sold, or exploited.
2.1 What this document does not do
This document does not:
- obscure behavior behind legal language
- claim rights we do not exercise
- reserve the ability to change core data practices without notice
If a capability is not described here, it is not part of ASTRO.
3. What ASTRO is (and is not)
ASTRO is:
- a membership network
- a property identity registry
- a trust and verification system
- an owner-to-owner exchange layer
ASTRO is not:
- an advertising platform
- a data broker
- a surveillance system
- a behavioral targeting engine
We do not monetize attention.
We do not monetize personal data.
We do not sell access to users.
4. Categories of data
4.1 Identity data (Member layer)
Collected when you join:- name
- authentication and session data
- account creation
- secure access
- communication related to your membership
4.2 Property data (Registry layer)
When a property is added, claimed, verified, or operated within ASTRO, the property record includes its address, along with:
- city and state
- canonical property identity (VPI)
- descriptive and media information
- establish and maintain a real property record
- support verification and trust
- bind the property to its canonical identity
- support operational and program functions
Every property in ASTRO has a real address in its underlying record.
Whether that address is shown publicly depends on the surface and the owner’s settings.
4.3 Verification data (Trust layer)
When you verify a property:
- listing control signals
- supporting documentation (only when required)
- verification outcomes and timestamps
- confirm that a real person controls a real property
- enable participation in the ASTRO Network
4.4 Exchange data (Operations layer)
When using the Owners Exchange:
- stay requests
- confirmed stays
- timestamps and state transitions
- execute and enforce exchange mechanics
- maintain system integrity
No economic or ledger activity occurs until a stay is confirmed.
4.5 Ledger data (Travelcoin)
If you participate in exchange:
- ledger entries
- posting groups
- derived balances
- record value exchange between members
- maintain accounting integrity
The ledger is append-only. Balances are derived, not edited.
4.6 Program data (optional participation)
If you use programs (e.g., Honor Pantry, Concierge, AArtners):
- order or transaction data
- fulfillment details
- vendor interaction data (when applicable)
- execute the program you chose to use
4.7 Guest interaction data (property-level)
When a guest interacts with a property surface:
- page views
- interactions within the guest experience
- provide the house guide and property experience
- support optional program features
We do not track guests across the internet.
5. What we do NOT collect
We do not:
- track you across other websites
- build advertising profiles
- ingest third-party behavioral datasets
- scrape personal data from unknown sources
- record private communications for resale
If a feature would require this, it is not part of ASTRO.
6. How data is used
Data is used only to:
- operate the system
- establish trust
- execute member actions
- communicate with you
Nothing else.
7. What we will never do
We will not:
- sell your data
- rent your data
- share your data with advertisers
- manipulate visibility using your data
- use your data to compete against you
ASTRO does not run an ad marketplace.
There is no incentive to extract or exploit your data.
8. Data sharing
With service providers
We may share limited data with service providers (e.g., email, payments) strictly to operate the system.
They are:
- limited to required data only
- contractually restricted
- not permitted to use data independently
With other members
Data is shared only when required by system function:
- public property pages are public by design
- exchange participants see relevant stay information
With authorities
We disclose data only when legally required.
Each such disclosure is:
- recorded with a timestamp (UTC)
- associated with a legal basis
- tied to a specific request or case identifier
If a disclosure cannot be recorded, it does not occur.
Canary statement (datetime-aware):
As of April 11, 2026, no authority has requested data on any ASTRO member or guest.
9. Data retention
We retain data according to its role:
- identity data: retained while your account exists
- property registry data: persistent by design
- ledger data: permanent (append-only system of record)
- verification records: retained for audit and trust integrity
Some data cannot be deleted without breaking system integrity.
10. Your control
You can:
- update your profile information
- control public-facing property content
- choose whether to participate in programs
- close your account
However:
- registry identity and historical records may persist as part of network integrity
11. Security
We use:
- authenticated sessions
- controlled access boundaries
- separation of public and private data layers
Security is treated as a system requirement, not a feature.
12. System design boundaries
ASTRO is intentionally built with hard limits:
- no hidden mutation of user data
- no silent rewriting of identity or property information
- append-only economic records
- auditable system behavior
These are enforced by how the system is built.
13. Changes to this statement
If this document changes:
- changes will be explicit
- material changes will not be hidden
14. Contact
For any privacy-related questions:
Final note
Most platforms ask for your trust and then monetize your data.
ASTRO is structured differently:
The system works without needing to exploit your data.
This is not a promise.
It is how the system is built.