Security
by design
by design
As an enterprise-ready platform, we follow Security by Design principles that ensure data is safe and protected, so you can focus on growing your business and serving your customers.
We've got you covered
- Certified as a PCI-DSS v4 Level 1 Service Provider
- Frequent ASV scans
- GDPR & CCPA compliant
- API-based OAuth2 authentication
- Regular third-party security penetration testing
- TLS 1.2 or TLS 1.3 encryption on all communications
Frequently asked questions
Is Astrada PCI-DSS compliant?
Yes. Astrada is certified as a PCI-DSS v4 Level 1 Service Provider and undergoes annual PCI-DSS audits on our product, infrastructure, policies, and procedures. We can provide an Attestation of Compliance (AoC) upon request, under NDA. Reach out to security@astrada.co for help on compliance.
Is Astrada GDPR, GDPR-UK and CCPA compliant?
Yes. Astrada is GDPR, GDPR-UK, and CCPA compliant. Reach out to privacy@astrada.co for any privacy-related requests.
Is your data encrypted?
Yes. Astrada provides industry-standard encryption at rest (AES-256) and in transit (HTTPS/TLS).
Where can I find a list of sub-processors?
If you are looking for information on Astrada’s sub-processors, please email support@astrada.co.
Can you provide a pen test report?
The latest penetration test report can be provided to customers after signing an NDA. For more details, contact us at support@astrada.co.
How can I report security issues?
If you find a security issue that may put our customer data at risk, please email it to security@astrada.co. We are committed to securing our customer data and we review all security issues reported to us.
Astrada does not have a bug bounty program in place and does not provide payments for reports of security issues.
Astrada does not have a bug bounty program in place and does not provide payments for reports of security issues.
Does Astrada have a security bounty program?
Astrada does not have a bug bounty program in place and does not provide payments for reports of security issues.
Is your product secure?
Yes. Astrada undergoes at least annual penetration tests by an independent third-party security services provider and employs automatic code and network security scanners that continuously verify the security of our code, servers, and networks. Besides annual penetration tests, Astrada undergoes any necessary penetration tests according to our change management policy.