Privacy Policy

Last Update: March 21st, 2026

This is the first version of our Privacy Policy.

By using TFM and any other services provided by Astar Labs ("we", "us", "our"), you agree to this Privacy Policy. If you do not agree, please discontinue use of the service.

1. Who We Are

Astar Labs is a hobby project run by a single individual based in Belgium, European Union. TFM is an AI assistant built and operated entirely in-house. We are not a company, and we do not have investors, advertisers, or commercial partners.

2. What Data We Collect

We collect and store the following data:

  • Conversation content - the messages you send to TFM and the responses it generates, but only if you have explicitly opted in to data collection (see Section 5).
  • Feedback data - if you like or dislike a response and optionally provide a reason, that feedback is stored alongside the relevant conversation turn. This is only collected if you have opted in.
  • Session ID - a randomly generated anonymous identifier stored in a cookie in your browser. This ID is used solely to associate messages within a single session. It is not linked to any personal information, and regenerated every time you open a new browser session.

We do not collect your name, email address, IP address, device information, or any other personally identifiable information.

3. What We Do Not Collect

To be explicit:

  • We do not collect or store personal identifiers of any kind.
  • We do not use advertising or external analytics platforms.
  • We do not use tracking pixels, fingerprinting, or any cross-site tracking mechanisms.
  • We do not sell, share, or license your data to any third party.
4. How We Use Your Data

Conversation content and feedback data collected under opt-in consent are used exclusively for the following purposes:

  • Model training - improving future versions of TFM by using real conversation data as training examples.
  • RLHF dataset creation - your likes, dislikes, and optional feedback reasons are used to build a reward model dataset to improve response quality in future training cycles.

Your data is never used for advertising, profiling, or any commercial purpose.

5. Your Consent (Opt-In)

Data collection is opt-in only. When you first use TFM, you will be presented with a prompt asking whether you consent to your conversation data being used for training purposes. You may:

  • Accept - your conversation content and feedback will be stored for training purposes.
  • Decline - nothing beyond your session cookie (see Section 2) is stored.

You may withdraw your consent at any time by clearing your browser cookies. Because we do not store any personal identifiers, we have no way to retroactively identify or remove previously collected conversation data linked to your prior session IDs. Since those session IDs rotate every browser session and carry no personal information, the stored data is effectively anonymous and cannot be traced back to you.

6. Cookies

We use a single cookie to store your anonymous session ID. This cookie:

  • Contains no personal information.
  • Is regenerated on every new browser session.
  • Is used solely to maintain continuity within a session.

We do not use third-party cookies, advertising cookies, or analytics cookies.

7. Data Storage and Transfers

All data is stored on servers hosted by Hetzner, located within the European Union. Compute resources are rented from Vast.ai, also configured within EU regions. Your data does not leave the European Union.

8. Data Retention

Conversation and feedback data collected under your consent is retained indefinitely, as it forms part of our training dataset. Because this data carries no personal identifiers, we are unable to isolate and delete data associated with a specific user upon request. We acknowledge this limitation transparently.

Session ID cookies are ephemeral and cleared when you close your browser.

9. Your Rights Under GDPR

As a user located in the European Economic Area, you have the following rights under the General Data Protection Regulation (GDPR):

  • Right of access - you may request information about what data we hold.
  • Right to rectification - you may request correction of inaccurate data.
  • Right to erasure - you may request deletion of your data. Because all stored data is anonymised and not linked to any personal identifier, we are unable to isolate records belonging to a specific individual, but we will assist to the best of our ability.
  • Right to restriction of processing - you may request that we limit how we use your data.
  • Right to object - you may object to our processing of your data at any time by declining or withdrawing consent.
  • Right to data portability - you may request a copy of data we hold, to the extent it is technically feasible given our anonymisation approach.

To exercise any of these rights, please contact us at the address below. We will respond within 30 days.

10. Legal Basis for Processing

Under GDPR, we process personal data on the basis of consent (Article 6(1)(a)). You explicitly opt in before any conversation data is collected. You may withdraw this consent at any time (see Section 5).

11. Children's Privacy

TFM is intended for users aged 13 and older. We do not knowingly collect data from children under the age of 13. If you believe that a child under 13 has used TFM and their conversation data may have been stored, please contact us immediately at the address below and we will make every effort to identify and remove the relevant data.

12. Third-Party Services

We use the following third-party infrastructure providers:

  • Hetzner (hetzner.com) - server hosting, based in the EU.
  • Vast.ai (vast.ai) - GPU compute rental.

Neither provider has access to conversation content beyond what is inherent in providing infrastructure services. We do not use any third-party analytics, advertising, or data processing services.

13. Policy Updates

When this policy is updated, the Last Updated date at the top of this page will change. We have no way to proactively notify users of changes, as we do not store contact information. We encourage you to check this page occasionally. Continued use of TFM after a policy update constitutes acceptance of the revised policy.

Previous version of this policy will be linked here when available.

14. Contact

For any privacy-related questions, GDPR requests, or concerns regarding children's data, please reach out to:

Astar Labs - brent.vandenabbeel@astar-technologies.space

We will do our best to respond within 30 days.