Built for the strictest regulated environments.
Asthra runs inside your data perimeter, generates only from your sources, cites every claim, and ships an audit ledger with every document. This page is what we tell your security and compliance teams.
How Asthra earns trust.
Closed-system retrieval
Asthra runs closed to the internet by default. It cannot fall back on the model's pretrained knowledge for factual claims. Every retrieval is bounded to the document set you uploaded for the project; if an external lookup is genuinely needed, Asthra pauses and asks the writer to approve a specific request — and records the approval and the result in the ledger.
- →Per-project document index, isolated from other tenants
- →No embeddings or sources shared across customers
- →Out-of-corpus questions are flagged, not answered
Sentence-level provenance
Every generated claim is bound to a retrieved passage with file name, page number, and exact text snippet. Reviewers verify on click; auditors verify after the fact via the ledger.
- →Document-level citations by default; sentence-level on demand
- →Citations survive document export — embedded in .docx
- →Inline gap flags when source data is missing or contradictory
Human in the loop
Writers approve the retrieval plan before drafting. Writers review every section before hand-off. Writers track-change every edit. Asthra never publishes without human sign-off — it can't.
- →Plan-approval gate before generation starts
- →Section-level review and refinement in Word
- →Mandatory writer-confirmation gates for high-stakes edits
Append-only audit ledger
Every plan, retrieval, draft step, gap flag, and writer edit is recorded with timestamp and actor. The ledger is embedded in the document so audit readiness is independent of Asthra's continued operation.
- →Tamper-evident, append-only structure
- →Embedded as a side-channel attachment in the .docx
- →Replays the full document history end-to-end
Where we are
on the regulated-vendor checklist.
SOC 2 Type 1
ReadyAudit-ready controls in place.
SOC 2 Type 2
In progressObservation period underway.
ISO 27001
ReadyControls in place.
GDPR
In progressEU data residency in flight.
HIPAA
In progressBAA-ready posture this year.
EU AI Act
In progressHigh-risk system documentation.
Two deployment modes.
Pick the boundary that matches your data-handling posture.
Asthra-hosted, single-tenant
Fastest to start. Your project data lives in an isolated tenant on Asthra-managed infrastructure with regional residency.
- ✓Single-tenant isolation per customer
- ✓EU and US regional residency
- ✓SSO via SAML / OIDC
- ✓SCIM provisioning & audit log export
- ✓Encryption in transit (TLS 1.3) and at rest (AES-256)
Deploy in your cloud
Maximum control. Asthra's stack runs in your AWS / Azure / GCP account. Your security team owns the network perimeter and the keys.
- ✓Terraform-deployable into AWS, Azure, or GCP
- ✓Customer-managed KMS keys
- ✓VPC peering / PrivateLink for source storage
- ✓Asthra access via break-glass, audit-logged
- ✓Anthropic Claude via your Bedrock or Vertex deployment
Common security questions.
Are our documents used to train any model?
No. Customer documents are never used for model training — neither by Asthra nor by Anthropic. Our enterprise contract with Anthropic excludes customer prompts and content from training and fine-tuning. Each project's source set is isolated and used only to retrieve passages for that customer's own drafts.
Can Asthra access the open internet during drafting?
Only with explicit writer approval. By default the drafting agent runs against the document set you uploaded for that project — closed-system retrieval. If Asthra determines a question genuinely needs an external source, it pauses and asks the writer to approve a specific lookup before fetching anything. Every approval and fetch is recorded in the audit ledger.
How do you prevent hallucination in regulated submissions?
Three mechanisms compound. First, every draft sentence is bound to a retrieved passage in the source set — the model cannot generate a claim without a citation handle. Second, the retrieval system is closed: there is no fallback to pretrained knowledge for factual claims. Third, missing data triggers explicit inline gap flags instead of plausible-sounding text. Combined, these turn hallucination from a "soft" risk into a deterministic ledger entry.
Where does customer data live?
In managed SaaS, customer data lives in single-tenant project storage in the region of your choice (EU or US). In customer-VPC deployments, data never leaves your cloud account — Asthra deploys the application stack into your tenant. Encryption: TLS 1.3 in transit, AES-256 at rest, customer-managed KMS keys in VPC mode.
What does the audit ledger actually contain?
Every plan creation and approval, every retrieval (with file, page, passage offset), every draft generation step (section, token count, citation count), every gap flag, and every writer edit — each with timestamp and actor identity. The ledger is append-only, tamper-evident, and embedded as a side-channel attachment in the .docx. It survives independently of our service so audit readiness doesn't depend on us staying online.
How do you handle Personally Identifiable Information (PII) in source documents?
Most regulated documents (CSRs, PSURs, CERs) are de-identified before they reach a writing team. For documents that contain PII, we support PII redaction prior to indexing and a HIPAA-aligned posture for US deployments. We will sign a Business Associate Agreement (BAA) on request as part of HIPAA-bound engagements.
What happens if Asthra goes away?
The work product survives. Documents drafted with Asthra are standard .docx files with the audit ledger embedded as an attachment — they open in Word with no Asthra dependency. Source documents stay in your storage. The citation graph is exportable as JSON. This is a deliberate design choice: regulatory-submission archives outlive most software vendors.
Ready for security review?
We'll send you our SOC 2 report and security questionnaire pre-populated. Most reviews close in 1–2 weeks.