Last updated: February 1, 2025
Astra Bastion (“we”, “us”, “our”) operates the ASTRA NEXUS platform. This policy describes how we collect, use, and protect your information.
We collect information you provide directly, including account registration details (name, email, organization), usage data from the ASTRA BASTION platform, and technical data such as browser type, IP address, and device information. We also collect AI model metadata, trust score data, and compliance assessment results as part of the platform's core functionality.
We use collected information to provide and improve the ASTRA BASTION platform, generate trust scores and compliance reports, send notifications and alerts, provide customer support, and ensure platform security. We do not sell personal data to third parties.
We implement industry-standard security measures including AES-256 encryption at rest, TLS 1.3 in transit, role-based access control (RBAC), multi-tenant data isolation via PostgreSQL Row Level Security, regular penetration testing, and SOC 2 Type II compliance. All AI model interactions are logged and auditable.
We retain account data for the duration of your subscription plus 90 days. Audit logs are retained for the period required by applicable regulations (minimum 7 years for financial services clients). Trust score history is retained for 3 years. You may request data deletion at any time, subject to regulatory requirements.
ASTRA BASTION integrates with cloud providers (AWS, Azure, GCP), identity providers (Okta, Microsoft Entra ID), SIEM platforms, and AI model providers as configured by your organization. Data shared with these services is governed by their respective privacy policies and your integration configuration.
Depending on your jurisdiction, you may have rights including: access to your personal data, correction of inaccurate data, deletion of your data, data portability, objection to processing, and withdrawal of consent. For GDPR, DPDPA, and CCPA requests, contact privacy@astrabastion.com.
ASTRA BASTION operates globally. Data may be transferred to and processed in jurisdictions outside your country. We use Standard Contractual Clauses (SCCs) and ensure adequate data protection measures are in place for all cross-border transfers.
We may update this privacy policy from time to time. We will notify you of material changes via email or an in-platform notification at least 30 days before the changes take effect.
For privacy-related inquiries, contact our Data Protection Officer at privacy@astrabastion.com or write to: Astra Bastion, Bangalore, India.