1 Account security
AsthronAI uses password hashing, login protection, role-based access, session handling, secure cookie settings, and separation between admin, client, staff, and workspace access.
AsthronAI Legal
Security
AsthronAI is designed to protect accounts, conversations, leads, bookings, billing records, and workspace data through practical technical and operational safeguards.
2 Application security
AsthronAI uses authentication checks, tenant-aware access patterns, CSRF protection, input validation, protected admin/client capabilities, and safe handling for important platform actions.
3 Data protection
Sensitive tokens, integration credentials, and operational secrets should be protected with limited access. Workspace data should be accessed only by authorized users and systems that need it to provide the service.
4 Payments
Stripe handles payment processing, checkout, subscriptions, and invoices. AsthronAI should not store raw card details directly. Billing events are processed through controlled Stripe integration flows.
5 Webhook security
Stripe webhooks and customer webhook workflows should use signature validation, event tracking, error handling, idempotency where appropriate, and careful review of outbound payload destinations.
6 Backups and recovery
AsthronAI should maintain database and file backups, protect backup access, document restore steps, and test recovery procedures before relying on backups in production operations.
7 Monitoring and audit logs
Platform events, login activity, billing events, admin actions, webhook events, and important operational changes should be logged where appropriate to support troubleshooting, accountability, and security response.
8 Responsible disclosure
Security issues can be reported to support@asthronai.com. Researchers should not access, modify, delete, disclose, or exfiltrate customer data, and should avoid actions that disrupt AsthronAI or customer websites.
Customer responsibility: use strong passwords, manage staff access, remove inactive users, protect webhook URLs,
review assistant behavior, and keep connected third-party accounts secure.