Security & trust

This page provides a high-level overview of how we approach security, privacy, and responsible disclosure for AstraOne.

Log in for diagnosticsAbout (build info)

Last updated: 06 Jan 2026

Hosting & transport security

  • Hosted on Microsoft Azure (UK region deployment).
  • TLS is used to protect data in transit. We aim to operate HTTPS-only across supported endpoints.

Application security

  • Standard security response headers are applied where appropriate (e.g. clickjacking protection, MIME sniffing protection, and related browser hardening controls).
  • Baseline automated scanning is performed (e.g. OWASP ZAP passive baseline checks) to help identify common configuration issues.
  • Access is role-based and scoped at organisation level (multi-tenant separation).

This summary is intentionally high level. If you need client-specific assurance evidence (e.g. controls mapping, DPIA support, security questionnaire responses), please contact us.

Data protection & privacy

  • We handle personal data in line with UK GDPR principles.
  • Access is restricted to authorised users within their organisation.

Where available, you can review our privacy notice and terms of service.

Responsible disclosure

If you believe you’ve found a security vulnerability, please report it privately and allow reasonable time for investigation and remediation.

Security contact
Email: security@astraone.app
Please include: affected URL(s), steps to reproduce, and any relevant screenshots/logs. Please avoid testing that could impact availability (e.g. denial-of-service).
Safe testing guidelines
  • Do not access or modify data that isn’t yours.
  • Do not disrupt service availability or degrade performance.
  • Use the minimum number of requests needed to demonstrate the issue.
  • If you discover sensitive data exposure, stop and report immediately.

We aim to acknowledge reports promptly and will keep reporters updated where appropriate.

Transparency

  • Diagnostics (build/version details) are available to authenticated users via the About page.
  • We will improve this page over time (e.g. adding a status page link and published policies as they become available).