We're building Aster to enterprise security standards from the start. Here's an honest snapshot of where each framework stands.
SOC 2 Type II
In progressOur controls are being implemented and monitored ahead of a Type II observation window, targeting 2026. We can share our current security posture on request.
ISO 27001
On the roadmapPlanned once SOC 2 is complete. Our information security practices already follow ISO-aligned controls.
GDPR
CompliantWe process personal data lawfully, support data subject requests (access, export, deletion), and offer a Data Processing Agreement. EU data can be processed in-region.
If you need a specific attestation for procurement, get in touch and we'll tell you exactly where we are. We won't claim a certification we don't yet hold.
Related legal documents
Create your workspace and let Aster read, score and schedule for you. Free to start, no card required.