Privacy Policy

Learn how Lab24 collects, uses, and protects your personal information when you use the Astell service.

Last updated: December 3 2025

Lab24 (Astell) Privacy Policy

Lab24, Inc. (“Lab24,” “we,” or “us”) operates the Astell software service, a next-generation work platform for teams and individuals. Our services are primarily intended for workplace use by small and medium businesses (around 30–100 employees), though individual users can also sign up to use Astell. We are based in the United States and offer our services through our websites (including labtwofour.com and astell.space) and the Astell web application (collectively, the “Service”).

This Privacy Policy describes how we collect, use, share, and protect personal information when you use our websites or the Astell Service. It applies to any personal data we handle in connection with the Service and our marketing websites. By using our sites or Astell, you agree to the practices described in this Privacy Policy. If you do not agree, please do not use the Service or provide personal information.

The Short & Sweet Version (Our Core Philosophy)

  • We don't sell your data. Period.

  • We keep it in-house. We focus on using minimal data to make our site better for you, not to track you across the internet.

  • Your control matters. We give you clear choices about cookies.

  • Data We Collect: We collect information you provide (such as your name, contact details, and account information), data from your use of our websites and the Astell product (such as usage logs and device information), and content from third-party apps you connect (e.g., Slack messages, Gmail emails, Google Drive files, GitHub issues, Notion pages).

  • How We Use It: We use your information to operate and improve the Astell service, to respond to inquiries, and to support product functionality (like search and task automation). We do not use the content you connect from other apps to train our AI or machine learning models.

  • Data Sharing: We do not sell your personal data. We share information only in limited ways: with trusted service providers that help run our service (e.g., cloud hosting, analytics), with third-party services only when you direct us (for example, if you instruct Astell to send data to an integrated application), or if required by law for safety or legal reasons.

  • Integrations & Your Control: When you connect external accounts (Slack, Gmail, etc.), we act as a data processor for that content – meaning we process it on your behalf and under your instructions. You remain in control of that data. You can disconnect integrations at any time, and data from those integrations will be removed from our systems until account deletion.

  • Cookies & Tracking: We keep tracking minimal. Our websites do not use third-party cookies – only a single first-party cookie is used for analytics if you opt in. We use PostHog for analytics in a cookieless mode by default (no cookie is placed unless you explicitly accept). We do not use any third-party advertising trackers.

  • Data Retention: We retain your data as long as needed to serve you and as required by law. If you delete your account or disconnect a third-party integration, we delete or anonymize the associated data from our systems upon account deletion.

  • Your Choices & Rights: You can decline optional analytics (simply do not opt in to the analytics cookie), disconnect integrated accounts, or delete your Astell account at any time. If you signed up to receive newsletters or marketing emails, you can unsubscribe. If you are an individual user, you can contact us to access or delete your personal data. (For California residents: we do not “sell” your personal information, and you have the right to request access to or deletion of your data.)

  • Contact & Questions: We are a U.S.-based company (Lab24, Inc. in Wilmington, DE). If you have any questions or concerns about your privacy, you can reach us at legal@lab24.com or at our mailing address (251 Little Falls Drive, Wilmington, DE 19808).

What Information We Collect (And Why)

  1. Information from Your Visit (Website Analytics) – To understand how people use our site and improve it, we use an in-house analytics tool called PostHog. We've set it up to be as privacy-friendly as possible.

  2. What it collects: When you visit, PostHog helps us understand things like which pages are popular, how long people stay, if there are any errors, and how you interact with features (like A/B tests or new features we roll out). This data is primarily anonymous and aggregated.

  3. Why we collect it: This helps us fix bugs, decide what content to create next, and roll out new features more effectively.

  4. How it works (Cookies & Local Storage): By default, PostHog runs cookieless. This means it tries to collect anonymous usage data without setting any cookies on your device. However, even in cookieless mode, PostHog may store small, anonymous pieces of information in your browser's localStorage to help track your journey on our site during a single visit or to remember things like your cookie preferences or which version of a feature you see in an A/B test. This data is designed to be temporary and anonymous. If you accept cookies, PostHog will then use a single, first-party cookie. This cookie is set by labtwofour.com (not a third party) and helps us identify you as a unique visitor for a longer period, allowing for more accurate analytics and a more consistent experience across your visits.

  5. Where it's stored: Data collected via our PostHog analytics is processed on our behalf and stored on our secure servers in the United States. PostHog acts as our data processor and does not share this data with anyone else.

  6. Information You Provide: When you create an Astell account or contact us, you may provide personal information such as your name, work email address, company or organization name, job title, and any other details you choose to give us. This also includes any content you input directly into Astell.

  7. Third-Party Integration Data: With your permission, we access and ingest data from third-party applications that you connect to Astell. We collect and store this integration data securely in order to provide Astell's features (such as unified search, automation, and workflow integration). Lab24 acts as a data processor for this content – we process and handle that data only on your behalf and according to your instructions. You (or your organization) remain the owner and controller of that data. We do not use your integration content for any purpose except to deliver the Service to you. This data may include:

    • Messages and Communications: Slack channel messages or Gmail emails (including attachments and metadata such as timestamps and senders).

    • Files and Documents: Files from Google Drive or pages from Notion.

    • Tasks and Issues: Project items from tools like GitHub issues or similar work platforms.

  8. Information from Use of the Service (Usage Data): Like most online services, we automatically collect technical and usage information when you use our websites or the Astell app. This includes:

    • Device and Network Information: For example, your IP address, browser type, device type, operating system, and approximate location (e.g., city or country).

    • Usage Details: Logs of your activity on the Service, such as the pages or screens you visit, the features you use, the time spent, errors encountered, and other usage statistics. This helps us understand how the Service is performing and how users are engaging with it.

  9. Cookies and Similar Technologies: We use a minimal number of cookies and similar tracking technologies, as described in the “Cookies & Tracking” section below. For instance, when you log into Astell, we use a cookie or secure browser storage token to keep you logged in. We also use an in-house analytics cookie only if you opt in, which allows us to collect analytics on user interactions with our site and product.

  10. Communications: If you receive emails from us, we track basic engagement metrics (such as whether you opened the email or clicked a link) to help us manage and improve our communications. If you contact our support or send us inquiries, we will keep records of that correspondence and any contact information provided (such as your email address or phone number) in order to respond to you and improve our support services.

  11. Sensitive Data and Children: We do not knowingly collect any sensitive personal information unless you choose to provide it. The Service is meant for general business productivity purposes, and we ask that you do not upload highly sensitive personal data unless necessary. We also do not knowingly collect information from children under 13, and our Service is not directed to children. If you are under 13, you should not use Astell or provide any personal information. If we learn that we have inadvertently collected information from a child under 13, we will delete it.

How We Use Your Information

We use the information collected for the following purposes:

  • Providing the Service: We use your information to operate Astell and deliver its features to you. This includes using data from your connected third-party accounts to enable search results, automations, and integrated workflows as part of Astell's functionality. We process your integration data strictly to provide you with the services you signed up for (for example, indexing your documents and messages so you can search across them, or aggregating tasks from various platforms into one view). All such processing of integration data is done on your behalf and under your direction, consistent with our role as a data processor.

  • Account Administration and Communication: We use your contact and account details to administer your account, provide customer support, and send important operational communications. For instance, we will email you to confirm your sign-up, send billing invoices or payment receipts (if applicable), notify you about important updates or security issues, or respond when you contact us with a question. These communications are part of the Service and are not promotional in nature.

  • Improvement and Development: We analyze usage information (typically in an aggregated, non-identifying manner) to understand how our product is used and to improve Astell. This helps us troubleshoot issues, optimize the user experience, and develop new features. For example, we analyze how often certain features are used or which parts of the interface may be confusing to users, so we can make enhancements. In doing so, we do not examine the specific content of your emails, files, or other integration data for any purpose unrelated to providing the Service. We also use anonymized or aggregated data (stripped of personal identifiers) to improve our algorithms and service performance, but never in a way that would reveal your personal information or integration content to others.

  • Analytics: We use a self-hosted analytics tool (PostHog) to collect basic analytics about usage of our website and app. By default, our analytics run without setting any cookies, which means unless you explicitly opt in, this data is collected in a cookieless manner. Analytics data helps us understand things like how many users visit our site, which pages are popular, and how users navigate through our application. We use this information solely to improve our website and Service. If you opt in to our analytics cookie, the analytics tool may set a first-party cookie that helps us recognize you across sessions (for example, to see if a user returns to the site). All analytics data we collect is used for our internal product improvement purposes and is not shared with third-party advertisers.

  • Marketing and Newsletters: If you explicitly subscribe to our newsletter or other marketing communications (for example, by signing up on our website for updates or insights), we will use your email address to send you those communications. You can opt out of marketing emails at any time by clicking the unsubscribe link in the email or contacting us. We will not send you marketing communications unless you have opted in. (Operational or transactional emails, as noted above, may still be sent as needed for the Service.)

  • Security and Legal Compliance: We use information as necessary to enforce our Terms of Service and other policies, to monitor for fraudulent or suspicious activity, and to protect the security of our users, the Service, and the public. If we detect potential security threats or misuse of our platform, we will use relevant account or usage data to investigate and mitigate the issue. We also use personal information as needed to comply with applicable legal obligations (for example, maintaining required records or responding to lawful requests by government authorities).

  • No AI Model Training: We do not use your personal data or any content from your connected integrations to train or improve our general artificial intelligence or machine learning models. Any AI features in Astell operate on your data only to serve you in the context of the Service, not to build or improve our product generally. In other words, your data and content remain your own. We will not incorporate the specifics of your emails, documents, messages, or other personal content into any AI model used to serve or inform other customers, or for developing our product generally. This commitment helps protect the privacy and confidentiality of your data.

How We Share and Disclose Information

We only share personal data in a few specific circumstances, outlined below:

  • Service Providers (Subprocessors): We use trusted third-party companies to help run and support the Service. These include providers of cloud hosting (to host our application and store data), database and infrastructure services, analytics and error tracking services, and similar support services. These providers act under our instructions and are bound by obligations to protect your information. They only receive access to data necessary to perform their functions for us. For example, if our Service is hosted on a cloud platform, your data is stored on that platform's servers, but the provider has no right to use your data except as needed to provide the hosting. We require all subprocessors to implement appropriate security measures and confidentiality obligations comparable to our own standards. We do not allow our service providers to use your personal information for their own marketing or other purposes.

  • Integrations and User-Directed Sharing: In some cases, you may direct Astell to share information with third-party platforms. For example, if Astell offers a feature where you ask it to send a message in Slack, create a file in Google Drive, or open a ticket in GitHub on your behalf, we will share the necessary data with that third-party service per your request. Any such “write-back” or outbound integration action will only occur if you initiate it (for instance, by clicking a button or issuing a command in Astell to send content to one of your connected apps). Aside from these user-directed cases, we do not send your integration data to any third parties. Your Slack messages, emails, files, and other integrated content remain within Astell and are not disclosed outside our Service unless you explicitly take an action to share them.

  • Business Transfers: If Lab24 is involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, sale of company assets, or other similar transaction or proceeding, your information may be transferred as part of that transaction. In such an event, we will ensure that the successor entity honors the commitments we have made in this Privacy Policy regarding your personal data. You would be notified (e.g., via email or a notice on our website) of any change in ownership or use of your personal information, as well as any choices you may have regarding your personal information in that situation.

  • Legal Compliance and Protection: We may disclose your information if required by law or if we believe in good faith that such disclosure is necessary to: (i) comply with a legal obligation (such as a subpoena or court order); (ii) protect or defend the rights or property of Lab24, our customers, or others; (iii) prevent or investigate possible wrongdoing in connection with the Service (for example, fraud or security incidents); (iv) protect the personal safety of users of the Service or the public in urgent circumstances; or (v) enforce our Terms of Service or other agreements and policies.

  • With Your Consent: Apart from the above, if we need to share your personal information in a way not covered by this Privacy Policy, we will seek your consent. You are free to decline, and if you do, we will not share the information in that manner.

No Selling of Personal Data: We do not sell or rent your personal information to third parties for their advertising or marketing purposes. We do not monetize your personal data by selling it to data brokers or advertisers. If in the future we consider sharing data in a manner that would be considered a “sale” under certain laws (such as the California Consumer Privacy Act), we will update this Privacy Policy and provide appropriate opt-out mechanisms. As of now, we do not engage in such practices.

Our Role as Processor for Integration Data

For content you import from third-party integrations into Astell, that content remains under your ownership and control. In privacy terms, you (or your organization) are the “data controller” for that information, and Lab24 is acting as a “data processor” on your behalf. We will only use and disclose that integration data as needed to provide the Service, in accordance with the instructions you have given us by using Astell and connecting those accounts. We do not use that data for our own independent purposes.

We also do not access or share your integration data except in two scenarios: (1) when it is necessary to troubleshoot or support the Service at your request (for example, if you contact us about a problem and we need to investigate an issue that involves your data); (2) if we are required by law to disclose it (as described above under Legal Compliance; and if so, we will, whenever legally permissible, inform you and only disclose the minimum required).

We take strong measures to keep your integration data secure (see the “Data Security” section below). If you use Astell as part of an organization's account, please note that your organization's administrators may have the ability to access and control data within Astell (including your integration content). In such cases, those administrators are responsible for handling that data in accordance with applicable laws.

Cookies & Tracking Technologies

We strive to use a minimal amount of cookies and tracking technologies on our websites and in the Astell Service:

  • Essential Cookies: These cookies (or similar local storage tokens) are necessary for the Service to function. For example, when you log into Astell, a cookie or secure token is used to keep you logged in as you navigate through the app. These cookies are strictly functional and required to provide you with the Service you requested. They are typically session cookies (which expire when you log out or close your browser) or other short-term cookies.

  • Analytics Cookie (Opt-In Only): We use an in-house analytics solution (powered by PostHog) to collect information about how users interact with our site and product. By default, this analytics runs in a cookieless mode, meaning no cookie is stored on your browser for analytics unless you give consent. You may see a prompt on our website asking if you accept analytics cookies. If you opt in, a first-party analytics cookie will be set on your browser to help recognize you as the same user across visits. This cookie allows us to gather more continuous analytics data (for example, to see that the same user returned and took additional actions). If you decline, we will either not run analytics at all or run it in a strictly anonymous, cookieless mode that does not store any identifier on your device. In any case, we do not use any third-party analytics services that set their own cookies, and we do not use cookies for advertising purposes. You can change your analytics cookie preference at any time (for instance, by adjusting your account settings or using the cookie banner controls on our site).

  • No Third-Party Tracking: We do not use third-party tracking or advertising cookies on our marketing websites or in the Astell application. You will not encounter third-party ads or social media tracking pixels (like the Facebook Pixel) on our site. The only cookies in use are those described above, which are either essential for the Service or used for our own analytics with your permission. In short, using our site or Astell will not result in unrelated third parties collecting your browsing data for advertising purposes.

  • Other Tracking Technologies: Aside from cookies, we use local storage or similar technologies for certain features (for example, to remember your preferences or settings in the app). These are used solely to support the functionality you request. We do not use any invasive tracking techniques such as browser fingerprinting or cross-site tracking.

Do Not Track: “Do Not Track” (DNT) is a setting you can enable in your web browser to indicate that you do not want to be tracked across websites. Currently, there is no universal standard on how to respond to DNT signals. Our websites and Service do not respond to Do Not Track signals from browsers at this time. Because we already minimize tracking and do not engage in cross-site tracking or advertising, a DNT preference does not significantly change the data we collect. If industry standards for DNT emerge in the future, we will adjust our practices and update this section accordingly.

Data Retention

We retain personal information for as long as necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law. In general:

  • Account Information: If you have an Astell account, we keep your account information and associated personal data for as long as your account is active. If you delete your account, we will initiate the deletion of your personal information from our live systems. Some data might remain in our backups or archives for a brief period but will be purged according to our regular cleanup cycles. We also retain any information needed to comply with legal obligations or to resolve disputes, meaning certain limited information may be kept after account deletion as required for compliance.

  • Integration Data: If you disconnect a third-party integration (for example, if you unlink your Slack or Google account from Astell), we will stop collecting data from that source immediately. Data already collected from that integration will be deleted from our systems until account deletion. Similarly, if you delete your entire account, all content fetched from your connected integrations will be deleted within 3 days of account deletion from our active databases. We may retain encrypted backup copies for a limited time as part of routine backup procedures, but we purge those on a scheduled cycle and do not restore them except if needed for disaster recovery. We do not retain your integration content longer than necessary, and only for the purposes of operating and maintaining the Service.

  • Website Analytics Data: Analytics data we collect (especially anonymous or aggregated data) may be retained for a longer period to allow us to analyze trends over time. However, this data is not personally identifiable. If you want us to delete any personal data that has been collected via analytics cookies, you can contact us and we will attempt to identify and delete that data. If you never opted in to analytics cookies, then only anonymous analytics data was collected, which contains no personal identifiers.

  • Email and Communications: If you unsubscribe from marketing emails, we will stop sending them. However, we will keep your contact information on a suppression list to ensure we honor your opt-out request. If you contact our support, we will retain the correspondence to have a record of the issue and how it was resolved for future reference.

Please note that after you delete your account or request deletion of personal information, deletion may not be immediate. We ensure that deletion is carried out safely and completely, which may result in a short delay. Additionally, we retain information as necessary to meet our legal obligations or protect our interests. For example, information needed for tax, audit, or legal compliance purposes is retained for the period required by law. All data retained in this manner remains subject to the safeguards and restrictions outlined in this Privacy Policy.

Data Security

We implement and maintain administrative, physical, and technical safeguards designed to protect your personal information and integration data from unauthorized access, disclosure, or destruction. These security measures follow industry best practices and include:

  • Encryption: We use encryption to protect data in transit and at rest. Data exchanged between your device and our servers is encrypted using secure protocols (HTTPS/TLS). Data stored in our databases or on our servers is also encrypted to protect it from unauthorized access. If you upload files or connect external services like Google Drive, that content is stored encrypted on our servers. Passwords are stored in a hashed form and are never stored in plain text.

  • Access Controls: We limit access to personal data to only those employees and contractors who need it to operate or support the Service. Internal access to systems is controlled and logged, and all personnel with access are bound by confidentiality obligations. Wherever feasible, we utilize automated systems to perform operations on data to minimize human access.

  • Monitoring and Testing: We monitor our systems for security incidents and have procedures to detect and respond to potential breaches. We regularly review and update our security practices to address new threats. We also conduct periodic security assessments and may employ independent third-party experts to test our systems and help identify and fix vulnerabilities.

  • Subprocessor Security: Any third-party service providers (subprocessors) that assist in operating the Service are required to implement strong security measures as well. We carefully vet these subprocessors for their security practices and require them to commit to protecting your data to the same standards that we uphold.

Despite our efforts to protect your information, no method of transmission over the Internet or method of electronic storage is completely secure. Therefore, we cannot guarantee absolute security. You also play an important role in protecting your information: please maintain the security of your account credentials and use secure networks when accessing the Service. If you suspect that the security of your account or data has been compromised (for example, if you suspect unauthorized access to your account), please contact us immediately.

International Data Transfers

Lab24 is based in the United States, and the Astell Service is operated from the U.S. If you access our websites or Service from outside the United States, be aware that your information will be transferred to, stored in, and processed in the United States (and potentially in other countries where we or our service providers have facilities or operations).

If you are located in the European Economic Area (EEA), the United Kingdom, or other regions with data protection laws, your personal information may be transferred to the U.S. for the purposes described in this Privacy Policy. Whenever we transfer personal data internationally, we take steps to protect it in accordance with applicable law. For example, we rely on legally provided mechanisms for data transfer (such as the European Commission's Standard Contractual Clauses or other appropriate safeguards) to ensure that your information is protected.

By using our Service or providing us with your information, you acknowledge that your information will be transferred to and processed in the United States. In all such cases, we will handle your information as described in this Privacy Policy.

Your Rights and Choices

Depending on who you are and where you live, you may have certain rights regarding your personal information. Regardless of jurisdiction, we also provide choices about how your information is used:

  • Access and Correction: You can access and update much of your basic account information (like your name, email, and password) directly in your Astell account settings. If you need help accessing, correcting, or updating other personal information we have about you, you can contact us. We will respond to reasonable requests for access or correction as required by law.

  • Deletion: You have the right to request deletion of your personal information. You can delete your Astell account through your account settings; this will remove your profile information and associated personal data from the active Service. As noted under Data Retention, we will delete your data within a reasonable period after your request or account closure, and we will only retain what is necessary for legal or internal business reasons. If you prefer, you can contact us to request deletion of specific data (for example, if you cannot delete something yourself through the interface). Please note that deleting your account will remove your access to the Service and may be irreversible for the data associated with it.

  • Disconnecting Integrations: If you have connected third-party apps to Astell, you can disconnect them at any time via your account's integration settings. Once disconnected, we stop collecting new data from them immediately. Data previously collected from that source will be deleted from our systems upon account deletion unless you reconnect the integration within that timeframe. This gives you control over which external data sources are linked to Astell and allows you to revoke access whenever you want.

  • Opt-Out of Analytics Cookies: You can choose not to opt in to our analytics cookie. If you initially opted in but change your mind later, you can clear our cookies or use a “Cookie Settings” link on our site (if available) to change your preference. You can also use your browser settings to delete or block cookies, though blocking essential cookies may affect site functionality. Declining or disabling the analytics cookie means we will collect less data about your visit, which is fine – core features of the Service will still function normally.

  • Marketing Communications: If you receive our newsletter or other promotional emails, you can unsubscribe at any time by clicking the “unsubscribe” link in those emails or by contacting us. Even if you opt out of marketing messages, we may still send you transactional or service-related communications (such as account notifications or customer service responses), since those are not promotional.

  • California Privacy Rights: If you are a California resident, the California Consumer Privacy Act (CCPA), as amended by the CPRA, provides you with specific rights regarding your personal information. These include the right to:

  • Know what personal information we collect about you, how we use it, and what categories of third parties we share it with (as described in this Privacy Policy).

  • Access a copy of the personal information we have collected about you.

  • Delete your personal information (with some exceptions, such as when we need to keep certain data to comply with legal obligations).

  • Opt out of the sale or sharing of your personal information. (As noted above, we do not sell your personal information, nor do we share it for cross-context behavioral advertising, so there is no need to opt out in that regard.)

  • Not receive discriminatory treatment for exercising any of these rights. We will not discriminate against you for exercising your rights (for example, we will not deny you services or provide a different quality of service just because you made a privacy request).

If you are a California resident and wish to exercise any of these rights, please contact us using the information in the Contact Us section below. We will need to verify your identity before fulfilling certain requests (for example, we may ask you to log into your account or provide information associated with your account). If you have an authorized agent making a request on your behalf, we will require proof of the agent's authorization and may also verify your identity directly with you as required by law.

  • GDPR and Other International Rights: If you are in the European Union, United Kingdom, or another jurisdiction with data protection laws (for example, Brazil's LGPD or Canada's PIPEDA), you may have the right to request access to the personal data we hold about you, to request correction or deletion of your data, to restrict or object to our processing of your data, and to request portability of your data. We aim to provide you with similar control over your data no matter where you live. You can exercise applicable rights by contacting us, and we will process your request in accordance with applicable law. Please note, if you use Astell as part of an organization's account (for example, your employer's account), we may refer your request to the appropriate data controller (such as your employer), since they may bear primary responsibility for your data in that context.

Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, or legal requirements. If we make material changes to how we handle your personal information, we will notify you in advance (for example, by sending an email to the address associated with your account or by displaying a prominent notice on our website or within the Service).

The “Last updated” date at the top of this Privacy Policy indicates when the current version became effective. We encourage you to review this Privacy Policy periodically for any updates. If you continue to use the Service after a revised Privacy Policy has been posted, you acknowledge and accept the changes, to the extent permitted by law.

If the changes are significant or required by law, we will obtain your consent where required. For minor updates that do not materially affect your rights, we may not provide an explicit notice, so please check back occasionally.

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or how your information is handled, please contact us:

Lab24, Inc.
Attn: Privacy Team
251 Little Falls Drive
Wilmington, DE 19808, USA
Email: legal[at]labtwofour.com

We will do our best to address your inquiry promptly and thoroughly. If you contact us to exercise a privacy right, we may need to request certain information to verify your identity for security purposes.

Thank you for trusting Lab24 and Astell with your work data and personal information. We are committed to safeguarding your privacy and enabling you to use our Service with confidence.

Astell
Astell helps teams focus on what mattersContext aware copilot for your work
Get started