Security

Your business data is critical. Here's how we protect it.

Encryption

All data is encrypted in transit using TLS 1.3. Sensitive data at rest is encrypted using AES-256. Passwords are hashed using bcrypt with per-user salts.

Tenant Isolation

Every business account is fully isolated at the database level. Your data is never mixed with or accessible by other tenants. All API requests are scoped to your organization.

Authentication

We use JWT-based authentication with httpOnly cookies to prevent XSS attacks. Sessions expire automatically, and all authentication tokens are cryptographically signed.

Infrastructure

Our services are hosted on industry-leading cloud providers with SOC 2 compliance. We use rate limiting, security headers (via Helmet), and CORS policies to protect against common attack vectors.

Monitoring

We maintain structured audit logging for all critical operations. Unusual activity is flagged automatically, and we perform regular security reviews of our codebase.

Reporting Vulnerabilities

If you discover a security vulnerability, please report it responsibly to security@astrastudio.in. We take all reports seriously and will respond within 48 hours.