Legal · Operations
Data Security.
The technical and operational controls behind the Asthra service. This document is the working reference your security and IT-risk teams expect during diligence — for the certifications and audit reports, see the Trust center.
Architecture & deployment
Asthra is deployed in two modes. Customers choose at contract time; both are supported through the platform's lifecycle.
| Mode | Description |
|---|---|
| Managed SaaS | Asthra runs in Sangnan's AWS accounts in EU (eu-west-1) or US (us-east-1) regions. Each customer's project storage is logically isolated; encryption keys are managed by Sangnan in AWS KMS. |
| Customer-VPC | Asthra is deployed via Terraform into Customer's AWS, Azure, or GCP account. Source documents, drafts, and inference traffic remain inside Customer's tenant; encryption keys are customer-managed (CMK). |
Tenancy model
The Managed SaaS control plane is multi-tenant; project data planes are single-tenant per customer with row-level isolation enforced at every query path. Customer-VPC mode is fully single-tenant by definition.
Closed-system retrieval as a control. The drafting agent has no unattended path to the open internet. All evidence comes from a customer-defined source set inside the deployment perimeter by default; any external lookup requires explicit writer approval per request and is recorded in the audit ledger. This is an architectural property of the Service, not a policy.
Encryption
- In transit — TLS 1.3 with strong cipher suites for all client-to-service and service-to-service traffic, including the Word add-in to backend channel;
- At rest — AES-256-GCM via cloud-native KMS for object storage, databases, and audit-log archives;
- Customer-managed keys — supported in Customer-VPC mode and as an option in Managed SaaS for enterprise tiers;
- Key rotation — annual minimum, more frequent on demand or after any indicator of exposure.
Access control
Authentication
- SAML 2.0 and OIDC SSO required for all production environments;
- SCIM 2.0 user provisioning and deprovisioning;
- MFA enforced for Sangnan personnel; MFA required for any direct (non-SSO) admin access.
Authorization
- Role-based access control with separate roles for writer, reviewer, QPPV / qualified evaluator, and admin;
- Project-scoped access; users only see projects they are explicitly assigned to;
- Sangnan personnel access to Customer Data is prohibited by default and gated by customer-approved support tickets.
Network security
- All ingress through WAF with managed rule sets and rate limiting;
- Private subnets for compute and data tiers; no direct internet egress for the drafting agent;
- VPC peering / PrivateLink available on enterprise tiers;
- IP allow-listing supported for admin console access.
Logging & monitoring
Two distinct log streams operate side by side:
- Operational logs — application, infra, and security events flow into a SIEM with 24×7 alerting; retained 13 months;
- Audit ledger — append-only, per-document record of every drafting action; embedded in the .docx and exportable as JSON. Lifetime of the document.
Customer admin consoles expose user-activity logs; ledger access is gated to authorized reviewers via the Word add-in and admin API.
Incident response
We operate a documented incident-response program with named on-call roles, a severity rubric, and defined escalation paths. Notification commitments:
- Confirmed customer-data incident — written notice within 72 hours of confirmation, including known facts and remediation status;
- Material service incident — status-page notification within 30 minutes; post-incident review within 5 business days;
- Regulator-reportable event — coordinated notice and documentation per the customer's controller obligations.
Vulnerability management
- Continuous SCA on all dependencies; CVSS-based remediation SLAs (critical: 7d, high: 30d, medium: 90d);
- Annual third-party penetration test against the Managed SaaS production environment; report available under NDA on the Trust center;
- Coordinated disclosure program; security@asthra.ai is monitored and triaged within 1 business day;
- SAST and secret scanning on every pull request; signed releases.
Personnel security
- Background checks for all employees with production access, where permitted by local law;
- Security awareness training on hire and annually thereafter;
- Confidentiality obligations contractually binding; survive termination;
- Just-in-time, peer-approved access for any direct production system intervention.
Business continuity & disaster recovery
- Multi-AZ deployment for Managed SaaS production;
- Encrypted, point-in-time backups with cross-region replication;
- RTO 4 hours, RPO 1 hour for Managed SaaS production;
- BCDR plan exercised semi-annually; results summarized on the Trust center.
AI-specific controls
Standard cloud-security hygiene is necessary but not sufficient for an AI system in regulated workflows. The controls below are additive.
- Closed-system retrieval by default — the drafting agent has no unattended path to external sources; any internet lookup requires explicit writer approval per request and is recorded in the audit ledger;
- No model training on Customer Data — contractually enforced with our model providers;
- Provenance enforcement — every generated assertion is bound to a retrieved passage and recorded in the citation graph;
- Gap surfacing — missing data triggers explicit, ledger-recorded gap flags rather than plausible-sounding text;
- Model versioning — every draft records the model and prompt-template versions in use; pinned per project for reproducibility;
- Pre-promotion validation — model upgrades go through a regression suite against historical sources before production rollout.
Need the security packet?
SOC 2 report, penetration test summary, DPA, BAA, and the AI Act technical file — available under NDA on request.