← Back to home
A²STS

Privacy policy

How we process personal data when you use the A2STS platform and related services.

1. General information

This Privacy Policy (the "Policy") explains how operator of the website A2STS.eu (legal@a2sts.eu) (the "Data Controller") processes personal data when you use the https://a2sts.eu platform and related services.

The Policy is prepared in accordance with the GDPR (EU) 2016/679 and the Law on Legal Protection of Personal Data of the Republic of Lithuania.

2. Data we process

When you register and use the Platform we may process:

  • email address;
  • name (if provided);
  • password hash (not plain-text password);
  • account plan, learning progress, exam sessions and results;
  • payment metadata (via Stripe — payment ID, amount; not full card number);
  • technical data (IP address, browser type, cookies).

3. Purposes and legal bases

We process data to:

  • provide Platform services and maintain your account (contract performance);
  • process payments and activate premium plans (contract performance / legitimate interest);
  • ensure security and prevent abuse (legitimate interest);
  • send service messages (e.g. password reset) — contract performance;
  • meet legal obligations (e.g. accounting).

4. Data recipients

Data may be shared with trusted processors that help deliver the service:

  • Stripe — payment processing;
  • Supabase / PostgreSQL hosting — data storage;
  • Hostinger (or other hosting provider) — Platform hosting;
  • IT infrastructure and security service providers.

Data is primarily processed in the EU/EEA. Transfers outside the EEA occur only with a lawful basis and appropriate safeguards.

5. Cookies

We use essential cookies to maintain your login session (e.g. authentication token). Without them, sign-in would not work.

Analytics or advertising cookies are used only with consent if such tools are deployed.

6. Retention periods

Account data is kept while the account is active, or for up to 2 years after last login if the account is unused.

Payment data is retained according to accounting and legal requirements (typically up to 10 years).

You may request deletion where there is no legal basis to retain data.

7. Your rights

Under the GDPR you have the right to:

  • access your data;
  • request rectification or erasure;
  • restrict processing or object;
  • data portability (where applicable);
  • lodge a complaint with the State Data Protection Inspectorate (vdai.lrv.lt).

Send requests to legal@a2sts.eu. We respond within 30 days unless identity verification is required.

8. Data security

We apply organisational and technical measures: HTTPS, password hashing, access control, database isolation.

While we strive to protect data, no internet transmission is 100% secure — use the Platform responsibly.

9. Policy changes

This Policy may be updated. Material changes are published on the Platform.

Last updated: May 2026.