Data protection
Your data is encrypted with AES-256 at rest and TLS 1.2 or higher in transit — encrypted everywhere it lives and everywhere it moves. Data is hosted in the United States on leading cloud infrastructure. Access is restricted on a least-privilege basis, and our sub-processors are vetted and listed in the Trust Center.AI data handling
Your data is never used to train models — not ours, and not any third party’s. Your prompts, your data, and the outputs your agents generate are processed to run your workflow and nothing else. AI providers process your data in transit only, with no retention.Isolated execution
Every agent runs in its own sandboxed environment, provisioned per workload and torn down when the job is done. There is no shared state between customers.Access control
Role-based access control with least-privilege by default, and granular permissions you manage. Portal credentials are encrypted, access-controlled, and stay yours — you can rotate or revoke access at any time, and agents are scoped to the narrowest permissions required.Healthcare
Asteroid is built to handle protected health information and signs Business Associate Agreements (BAAs) with covered entities and business associates.Reports and documentation
Our SOC 2 Type II report and penetration test summary are available through the Trust Center, accessible under NDA where required. For the full picture, see asteroid.ai/security.For security questions or to report an issue, please contact our team.

