Compliance

Compliance

We're building Aster to enterprise security standards from the start. Here's an honest snapshot of where each framework stands.

SOC 2 Type II

In progress

Our controls are being implemented and monitored ahead of a Type II observation window, targeting 2026. We can share our current security posture on request.

ISO 27001

On the roadmap

Planned once SOC 2 is complete. Our information security practices already follow ISO-aligned controls.

GDPR

Compliant

We process personal data lawfully, support data subject requests (access, export, deletion), and offer a Data Processing Agreement. EU data can be processed in-region.

Controls in place today

Encryption in transit (TLS 1.2+) and at rest (AES-256)
Role-based access control with audit logging
Least-privilege, short-lived credentials for internal access
Regular backups with tested restore
Security review of every vendor before it becomes a subprocessor
Documented incident response and breach notification

If you need a specific attestation for procurement, get in touch and we'll tell you exactly where we are. We won't claim a certification we don't yet hold.

Related legal documents

Start from a shortlist, not a pile.

Create your workspace and let Aster read, score and schedule for you. Free to start, no card required.