Skip to main content

Privacy Policy

Last updated: January 2026

1. Introduction

Welcome to Asterism ("we," "our," or "us"). We are committed to protecting your privacy and personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website (joinasterism.com), CLI tools, browser extensions, APIs, and related services (collectively, the "Service").

By using the Service, you consent to the data practices described in this policy. If you do not agree with our policies and practices, please do not use the Service.

Data Controller

Asterism Skills, Inc. is the data controller responsible for your personal data. For privacy inquiries or to exercise your rights, contact us at:

For users in the European Economic Area (EEA), we have designated an EU representative who can be contacted at eu-privacy@joinasterism.com.

2. Information We Collect

2.1 Account Information

When you create an account, we collect information from your OAuth provider (GitHub or Google), including:

  • Username and display name
  • Email address
  • Profile picture URL
  • OAuth provider user ID

2.2 Usage Data

We automatically collect information about how you interact with our Service:

  • Skills you view, download, install, or publish
  • API usage patterns and request logs
  • Feature usage and navigation paths
  • Device type, browser, and operating system
  • IP address and approximate geographic location
  • Referring URLs and exit pages

2.3 CLI and Anonymous Telemetry

Our command-line interface (CLI) collects anonymous usage data to improve the Service:

  • Skill names installed (for popularity metrics)
  • Installation source (registry, GitHub, external)
  • Target AI agents used
  • CLI version and platform

This data is collected anonymously and is not linked to your account unless you are logged in. You can disable analytics with the --no-analytics flag.

2.4 Published Content

When you publish skills to our registry, we store:

  • Skill content, metadata, and version history
  • Security scan results
  • Download and usage statistics

Public skills are visible to all users. Private skills are only visible to you and your organization members.

2.5 Skill Execution Data

When you use our Skill Playground or hosted execution features:

  • Inputs you provide to skills during testing
  • Execution logs and outputs (retained for 24 hours for debugging)
  • Execution time and resource usage metrics

Execution data is processed in isolated sandbox environments and is not used to train AI models. Sensitive inputs should not be submitted to the playground.

2.6 Browser Extension Data

If you use our SkillHunt browser extension:

  • URLs of pages where you discover skills (only when you click "Hunt")
  • Skill content you choose to submit
  • Your hunter attribution for gamification

The extension does not track your general browsing history or access data on pages where you don't actively use the extension.

2.7 Social Features

When you use social features, we collect:

  • Comments, reviews, and ratings you post (publicly visible)
  • Users you follow and who follow you
  • Skills you star or endorse
  • Activity that appears in the public feed

Your public profile, including username, avatar, published skills, and activity, is visible to all users. You can control some visibility settings in your account.

2.8 Payment Information

If you subscribe to a paid plan or purchase premium skills, payment processing is handled by Stripe. We do not store your full credit card number. We receive and store:

  • Last four digits of your card
  • Card expiration date
  • Billing address
  • Transaction history

3. Legal Basis for Processing (GDPR)

If you are in the European Economic Area (EEA), we process your personal data based on:

  • Contract Performance: To provide you with the Service you requested
  • Legitimate Interests: To operate, improve, and secure the Service; to prevent fraud; to analyze usage patterns
  • Consent: For optional analytics and marketing communications (which you can withdraw at any time)
  • Legal Obligation: To comply with applicable laws and regulations

4. How We Use Your Information

  • To provide, maintain, and improve our Service
  • To authenticate your identity and manage your account
  • To process transactions and manage subscriptions
  • To communicate with you about service updates, security alerts, and support
  • To analyze usage patterns and improve user experience
  • To detect, prevent, and address security issues and abuse
  • To enforce our Terms of Service and protect our legal rights
  • To calculate skill popularity and leaderboard rankings
  • To provide personalized skill recommendations

5. Automated Decision-Making and AI

We use automated systems to process your data in the following ways:

5.1 Security Scanning

All published skills are automatically scanned for security issues. Skills scoring below 50/100 are automatically rejected. This automated decision helps protect all users from potentially harmful content. Publishers can review scan results and modify their skills to address flagged issues.

5.2 Personalized Recommendations

We use your usage patterns (skills viewed, installed, and starred) to provide personalized skill recommendations. This processing is based on legitimate interests to improve your experience. You can disable personalized recommendations in your account settings.

5.3 AI-Assisted Features

Optional features like AI skill generation and voice-to-skill transcription use third-party AI services. When you use these features:

  • Your prompts and inputs are sent to AI providers (Anthropic, OpenAI)
  • Generated content may be stored with your account
  • Usage counts toward your plan limits

AI providers process data according to their own privacy policies. We do not use your content to train AI models.

5.4 Fraud Prevention

We use automated systems to detect and prevent abuse, including fake downloads, review manipulation, and spam. Accounts flagged for abuse may be temporarily restricted pending human review. You can appeal automated decisions by contacting support.

6. Information Sharing

We do not sell your personal information. We may share information with:

5.1 Service Providers

We use third-party services to operate our platform:

5.2 Other Disclosures

  • Law Enforcement: When required by law, subpoena, or legal process
  • Safety: To protect the rights, property, or safety of Asterism, our users, or others
  • Business Transfers: In connection with a merger, acquisition, or sale of assets
  • Public Information: Your public profile and published skills are visible to all users

7. International Data Transfers

Your information may be transferred to and processed in countries other than your own, including the United States. These countries may have different data protection laws.

When we transfer data internationally, we use appropriate safeguards such as:

  • Standard Contractual Clauses approved by the European Commission
  • Data Processing Agreements with our service providers
  • Technical and organizational security measures

8. Data Retention

We retain your personal data for as long as necessary to provide the Service and fulfill the purposes described in this policy:

  • Account Data: Until you delete your account, plus 30 days for backup recovery
  • Published Skills: Until you unpublish them or delete your account
  • Usage Logs: 90 days for debugging and security; aggregated analytics retained longer
  • Transaction Records: 7 years for tax and legal compliance
  • Anonymous Telemetry: Aggregated indefinitely for service improvement

9. Data Security

We implement appropriate technical and organizational measures to protect your personal information:

  • Encryption in transit (TLS 1.3) and at rest
  • Secure authentication with OAuth 2.0
  • API key hashing (SHA-256)
  • Regular security audits and penetration testing
  • Access controls and audit logging
  • Automatic security scanning of all published skills

While we strive to protect your information, no method of transmission or storage is 100% secure. If you discover a security vulnerability, please report it to security@joinasterism.com.

Your Security Responsibilities

You are responsible for:

  • Keeping your API keys confidential and not sharing them
  • Rotating API keys if you suspect compromise
  • Using environment variables instead of hardcoding keys
  • Reviewing skills before installing them in your environment
  • Reporting suspicious skills or security issues

If you believe your API key has been compromised, immediately delete it in your dashboard and create a new one.

10. Your Privacy Rights

Depending on your location, you may have the following rights:

  • Access: Request a copy of your personal information
  • Correction: Request correction of inaccurate data
  • Deletion: Request deletion of your account and associated data
  • Portability: Export your data in a machine-readable format
  • Restriction: Request limitation of processing
  • Objection: Object to processing based on legitimate interests
  • Withdraw Consent: Withdraw consent for optional processing

To exercise these rights, visit your account settings or contact us at privacy@joinasterism.com. We will respond within 30 days.

11. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to Know: What personal information we collect, use, and disclose
  • Right to Delete: Request deletion of your personal information
  • Right to Opt-Out: We do not sell personal information
  • Right to Non-Discrimination: We will not discriminate against you for exercising your rights

To exercise your CCPA rights, contact us at privacy@joinasterism.com with subject line "CCPA Request".

12. Children's Privacy

The Service is not intended for children under 13 years of age (or 16 in the EEA). We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately at privacy@joinasterism.com and we will delete it.

13. Cookies and Tracking

We use cookies and similar technologies for authentication, preferences, and analytics. For detailed information about the cookies we use, please see our Cookie Policy.

Do Not Track

We respect Do Not Track (DNT) browser settings. When DNT is enabled, we will not load analytics cookies or track your browsing behavior.

14. Data Breach Notification

In the event of a data breach that affects your personal information, we will:

  • Notify affected users within 72 hours of discovery (or as required by law)
  • Notify relevant supervisory authorities as required
  • Provide information about the breach and steps we are taking
  • Offer guidance on protecting yourself

15. Third-Party Links

Our Service may contain links to third-party websites or skills that link to external resources. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any personal information.

16. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

  • Posting the new policy on this page
  • Updating the "Last updated" date
  • Sending an email notification for significant changes
  • Displaying a notice in the Service

Your continued use of the Service after changes constitutes acceptance of the updated policy.

17. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

For EEA residents, you also have the right to lodge a complaint with your local data protection supervisory authority.

Related Policies