Skip to main content

HIPAA Compliance

HIPAA Compliance Badge
Our platform is fully HIPAA compliant, ensuring all health information is properly protected according to federal requirements.

SOC 2 Type II

SOC 2 Type II Compliance Badge
We are SOC 2 Type II compliant, demonstrating our commitment to security, availability, and confidentiality controls.
We have also undergone a successful external penetration test. For complete documentation visit our Trust Center.

Data protection

Your data is encrypted with AES-256 at rest and TLS 1.2 or higher in transit — encrypted everywhere it lives and everywhere it moves. Data is hosted in the United States on leading cloud infrastructure. Access is restricted on a least-privilege basis, and our sub-processors are vetted and listed in the Trust Center.

AI data handling

Your data is never used to train models — not ours, and not any third party’s. Your prompts, your data, and the outputs your agents generate are processed to run your workflow and nothing else. AI providers process your data in transit only, with no retention.

Isolated execution

Every agent runs in its own sandboxed environment, provisioned per workload and torn down when the job is done. There is no shared state between customers.

Access control

Role-based access control with least-privilege by default, and granular permissions you manage. Portal credentials are encrypted, access-controlled, and stay yours — you can rotate or revoke access at any time, and agents are scoped to the narrowest permissions required.

Healthcare

Asteroid is built to handle protected health information and signs Business Associate Agreements (BAAs) with covered entities and business associates.

Reports and documentation

Our SOC 2 Type II report and penetration test summary are available through the Trust Center, accessible under NDA where required. For the full picture, see asteroid.ai/security.
For security questions or to report an issue, please contact our team.