Last updated 16 March 2026
1.1 Astute Graphics Limited (company number 6465495) of Unit 1.03, Shell Store, Canary Drive, Hereford, HR2 6SR, ENGLAND is the controller for personal data it processes in connection with accounts, support, usage analytics, and service operations. Astute Graphics Limited is registered with the UK Information Commissioner’s Office (ICO) under registration number ZA326808. Astute Entity Limited (company number 16325129) is our holding company.
1.2 Paddle.com acts as the Merchant of Record for all purchases. Paddle is the independent controller for customer billing and payment data, which it processes in order to complete transactions, apply taxes, meet compliance requirements, and fulfil its own legal obligations. Further information on how Paddle handles personal data can be found in Paddle’s privacy policy: https://www.paddle.com/legal/privacy
2.1 Categories of personal data we may collect and process include:
(a) Identity and contact data (name, email address, account details, billing address);
(b) Technical data (device information, operating system, IP address, browser type);
(c) Usage and activity data (interactions with the Services, feature usage, preferences, logs, telemetry and structured activity logs including: account actions, licencing and activation requests, subscription and entitlement actions, team management actions e.g. invitations, membership changes, role changes, project and shared resource actions, administrative and security-related actions, audit logs and access logs);
(d) Licensing data (Information necessary to validate licences and generate licensing payloads, including user identifier, hardware identifier, and system login name.)
(e) Support data (queries, troubleshooting communications, diagnostic logs voluntarily provided);
(f) Marketing and communications data (preferences, opt-ins, unsubscribes);
(g) Payment and tax data for any orders directly processed.
2.2 Purposes of Processing
(a) Provide, operate, maintain and secure the Services.
(b) Verify licences and manage software activations, enforce license terms and prevent misuse or abuse.
(c) Provide team-based collaboration features, maintain audit logs of account, team, licensing, subscription and shared resource actions. Where you use shared or team-based features, certain activity information (such as actions taken within a team or shared project) may be visible to authorised team members or administrators as part of the functionality of the Service.
(d) Investigate misuse, resolve disputes, and ensure service integrity.
(e) Improve features and product performance.
(e) Process transactions, respond to support requests and comply with legal and regulatory obligations.
(f) Communicate important service information.
2.3 Legal bases for processing:
(a) Contract performance (providing the Services you purchase);
(b) Legitimate interests (service improvement, fraud prevention, usage analytics with safeguards);
(c) Consent (marketing emails or optional features requiring permission);
(d) Legal obligation (accounting, tax, compliance with authorities).
3.1 When you first download the Astute Manger you will be asked if you agree to Plugin Usage Data Collection. Plugin usage data collection is optional and you can opt-out at this stage or at anytime from the My account page in the Astute Manager.
From the My account page you can update your permission settings at anytime, download the information as a CSV file, and delete any product usage data that has been generated since the last download.
If you are opted-in, we will collect a Unique ID for each action of Astute Graphics tools used and some native tools, alongside a time & date stamp.
We collect this data to assist us with future product development and to understand how our service is used. None of the data we collect will be passed to third parties. Astute Graphics cannot view your screen or artwork. We will not be able to see how the plugins are being used, only which plugins have been used.
3.2 Data is collected using the AG Core plugin. The Astute Manager will automatically install AG Core as it now becomes integral to the running of Astute Manager. Please note that having AG Core installed does not mean that your data is being collected unless you have opted in. Please see What is AG Core? for more information.
3.3 Data Collection for Teams
If you are part of a Team, your Team Owner, Team Manager or Team Leader will control all plugin data collection settings for Teams and Team Members. Please see Data Collection for Teams.
3.4 Data Collection for Resellers
The End User Team Manager will control all plugin data collection settings. Please see the Reseller section on this page Data Collection for Teams.
3.1 We use the following service providers (“sub-processors”) to process personal data on our behalf: Paddle (MoR), MailChimp, Capsule CRM, Google (email, analytics, reviews), Zendesk, Databricks, AWS (hosting), and XERO (accounting). A current list of sub-processors and their roles is maintained in our Annexes.
3.2 We may disclose data to competent authorities where required by law or court order.
5.1 Personal data may be processed outside the UK/EEA. Where this occurs, we rely on appropriate safeguards such as:
(a) adequacy regulations recognised by the UK government;
(b) the UK International Data Transfer Agreement (IDTA); or
(c) the EU Standard Contractual Clauses (SCCs) as applicable via our providers.
6.1 We retain personal data, plugin usage data, activity and audit logs for as long as necessary to provide the Services and fulfil the purposes above.
6.2 Payment records required by law may be retained after service termination in accordance with statutory requirements.
6.3 We do not retain Asset metadata (for example, file names) after Asset deletion, other than minimal logs required by law.
7.1 You may have the following rights under UK GDPR and equivalent data protection laws: to access your data; to rectify inaccurate data; to erase data; to restrict processing; to object to processing (including for direct marketing); to port data to another provider; and to withdraw consent where processing relies on consent. You may also lodge a complaint with the UK Information Commissioner’s Office (ico.org.uk) or with your local data protection authority if based outside the UK.
7.2 To exercise rights, contact hello@astutegraphics.com. You also have the right to complain to the UK Information Commissioner’s Office (ico.org.uk).
8.1 We apply technical and organisational measures to protect personal data, including: encryption in transit (HTTPS) and at rest (server-side encryption); role-based access controls; logging and monitoring; separation of environments; and vulnerability management and patching. These measures are proportionate to the risks presented and are regularly reviewed.
9.1 We may send service emails (transactional/operational). Marketing emails are sent with consent where required and include an unsubscribe option.
10.1 The Services are intended for adults (18+). We do not knowingly collect personal data from children.
11.1 We may update this Notice from time to time.