Security

ASTIS is built to protect customer data and reduce exposure from email infrastructure risk. We keep your existing email provider for delivery (Microsoft 365, Gmail, SMTP) while enforcing decryption control through managed keys, organization policies, TTL, and audit—separately from mailbox storage.

Our security principles

Separation of concerns

Delivery and mailbox storage remain with your provider; decryption control is enforced via ASTIS policies and keys.

Least privilege

Access to systems and data is minimized and reviewed.

Defense in depth

Multiple layers of controls for infrastructure, application, and operational processes.

Data minimization

Collect and store only what is necessary to operate the service.

Compliance

GDPR (EU/EEA)

We support GDPR-aligned data protection practices and provide a DPA for business customers.

US Privacy (CCPA/CPRA)

We support privacy rights requests (access/deletion) where applicable and maintain privacy practices aligned to US state privacy requirements.

SOC 2

SOC 2-aligned controls: in progress (policies, evidence collection, and independent audit planning).

Regulated Industries

ASTIS Enterprise supports enhanced governance requirements via BYOK/HYOK options, extended audit retention & exports, and contractual controls (SLA, DPA).

Data Protection

Robust measures to protect sensitive information and adhere to industry standards.

Data at rest

All production datastores are encrypted at rest. Sensitive fields are additionally protected at the application level where applicable.

Data in transit

TLS is enforced for data transmitted over potentially insecure networks.

Backups & retention

Encrypted backups are performed on a defined schedule. Backup retention: 30 days.

Product Security

Decouple delivery from security

ASTIS does not replace your email provider.

Your provider handles:

  • Message routing & delivery
  • Mailbox storage (IMAP/Exchange)
  • Provider-side backups and retention

ASTIS handles:

  • Encryption key control for protected content
  • Organization policies (who can decrypt)
  • TTL (time-bound access)
  • Security-relevant audit events

If a mailbox provider is compromised

Mailbox access (IMAP compromise, account takeover, provider-side exposure, backups) does not automatically grant plaintext access to ASTIS-protected message content, because decryption is controlled separately via policies and TTL.

TTL and time-bound access

ASTIS supports TTL (time-to-live) for protected messages:

  • Policies can enforce default TTL per organization
  • After TTL expiration, decryption access is stopped according to policy
  • TTL reduces long-term exposure from mailbox retention and backups

Policies and audit

Organization-wide policies define decryption rules and security defaults. Security-relevant actions are recorded for audit purposes:

  • Policy changes
  • Administrative actions
  • Decryption-related events

Security Controls

Infrastructure Security

Unique production database authentication enforced

Encryption key access restricted

Access control procedures established

Organizational Security

Asset disposal procedures utilized

Production inventory maintained

Portable media encrypted

Product Security

Data encryption utilized

Control self-assessments conducted

Penetration testing performed

Internal Security Procedures

Continuity and disaster recovery plans established

Continuity and disaster recovery plans tested

Cybersecurity insurance maintained

Data and Privacy

Data retention procedures established

Customer data deleted upon leaving

Data classification policy established

Access Control & Operational Security

Identity and access management

  • Production access is restricted to authorized personnel
  • Administrative access uses strong authentication (MFA) and is logged
  • Access is reviewed on a recurring schedule
  • Separation of environments: dev / staging / production

Change management & secrets

  • Infrastructure and application changes follow a review process
  • Critical changes require approvals and are traceable
  • Secrets are not stored in source control
  • Secrets are rotated and restricted by environment and role

Monitoring, Detection & Incident Response

Monitoring & alerting

Availability and security signals are monitored continuously. Alerts are triaged with defined on-call procedures.

Vulnerability management

Dependencies are monitored for known vulnerabilities. Security patches are prioritized based on severity and exposure.

Incident response

We maintain an incident response process with escalation, containment, and post-incident review. For Enterprise customers, notification terms are governed by contract/DPA.

Subprocessors & Data Locations

Subprocessors

Detailed list of subprocessors available at /legal/subprocessors

Primary data regions

EU / US (configurable for Enterprise customers)

Data retention and deletion

See Privacy Policy for retention details

Responsible Disclosure

If you believe you have found a security vulnerability, please email [email protected] with:

  • A detailed description
  • Steps to reproduce
  • Impact assessment (if known)

We aim to acknowledge reports within 72 hours and are committed to working with security researchers to verify and address any potential vulnerabilities in a timely manner.

Frequently Asked Questions