Security You Can Trust
At Astronaut, we understand how important it is to protect both your customers and your data. That's why we constantly invest in best-in-class security practices to keep your customers safe and secure at every layer. We also implement robust privacy controls like anonymizing user data and conduct regular audits to ensure compliance with global regulations.
1. Data Security and Infrastructure
1.1 Cloud Infrastructure
Our services are hosted on Amazon Web Services (AWS) cloud infrastructure. We implement industry-standard security measures and follow AWS best practices for secure cloud deployment.
1.2 Data Encryption
All data in transit is encrypted using TLS 1.3 protocol to ensure secure transmission. We protect all data at rest using AES-256 encryption standards. Our encryption keys are managed through AWS Key Management Service (KMS) with FIPS 140-2 validation to ensure the highest level of security. Every connection to our application is secured through HTTPS protocol at https://app.astronaut.chat.
1.3 Network Security
Our services operate exclusively within a private virtual network on AWS. We implement default-deny firewall rules with explicit allowlisting of required services and ports. Network access controls and security groups are configured to restrict traffic to authorized sources only. For enhanced reliability and security, we maintain multi-region deployment capabilities for critical applications and data.
2. Data Privacy and Protection
2.1 Data Anonymization
Our system utilizes only platform-provided identifiers from Discord, Slack, and T elegram. We have made a deliberate choice not to collect or store personally identifiable information (PII). The internal identifiers we use are generated using CUID2 and are designed to carry no inherent user information. We do not perform any matching or correlation with external data sources.
2.2 Data Access Controls
We enforce role-based access control (RBAC) throughout our systems. Our security policies strictly adhere to the principle of least privilege. We require multi-factor authentication (MFA) for all system access without exception. Access reviews are conducted on a quarterly basis to ensure appropriate permissions. Every user must maintain unique credentials for system access. We conduct background checks for all employees who have access to data.
2.3 Data Segregation
Customer data is logically separated using unique identifiers to ensure complete isolation. Our access controls are designed to prevent any unauthorized cross-customer access. We maintain a strict policy that production data is never moved to non production environments. Customer data is used exclusively for purposes specified in contractual agreements.
3. Monitoring and Incident Response
3.1 Security Monitoring
We maintain continuous monitoring using AWS GuardDuty for comprehensive threat detection. Our systems generate real time alerts for any suspicious activities. We actively monitor API activity, deployments, access patterns, and data transfers. All system and application logs are retained in AWS CloudWatch for 14 days.
3.2 Incident Response
We commit to providing security breach notifications within 72 hours of detection. Our incident response framework defines clear severity levels and response times. Critical vulnerabilities must be remediated within 24 hours. High-severity issues are addressed within 48-72 hours. Medium-severity issues are resolved within 7 days. Low-severity issues are remediated within 30 days.
3.3 Data Deletion
We ensure customer data is securely destroyed upon service termination. This deletion process encompasses all backups and indices. We employ certified information shredding procedures for any decommissioned systems.
4. Compliance and Updates
4.1 Security Standards
Our organization is actively pursuing SOC 2 certification. We provide regular security awareness training for all employees. Our team continuously implements and updates security best practices. Security controls undergo regular review and updates to maintain effectiveness.
4.2 Third-Party Data Sharing
We maintain a strict policy against sharing raw or identifiable customer data with third parties. Our operational data sharing is limited to basic event data and internal identifiers, used exclusively for error logging purposes.
4.3 Backup and Recovery
We maintain a Recovery Point Objective (RPO) of 4 hours and a Recovery Time Objective (RTO) of 4 hours. All our backups are protected using AWS RDS encryption with AES-256 standards.
5. Development and Deployment
5.1 Environment Security
We maintain separate environments for development, testing, staging, and production. Every change undergoes thorough testing before production deployment. Security patches and updates are regularly applied to all systems. We ensure all dependencies are kept current with both minor and major updates enabled.
6. Modifications to Terms
We reserve the right to modify these terms at any time. Customers will be notified of any material changes to these terms of service.
For questions about these terms or our security practices, please contact chris@astronaut.chat.