How we protect your data
This page describes what Astropulse actually does to protect your data and infrastructure access. We only state what we can back up.
Data protection
Credentials encrypted at rest
Stored integration credentials are encrypted at rest using AES-256-GCM.
Encrypted in transit
All data exchanged between your browser, the CLI, and Astropulse services is encrypted in transit.
Scoped cloud access
Configure cloud access with scoped IAM permissions. You can revoke access at any time from your cloud provider console.
Access control and oversight
Organization-scoped access
Users operate within their own organization. Access to clusters, applications, and operational data is scoped at the organization level.
Approval gates
Sensitive write workflows support approval gates for explicit human confirmation before execution.
Audit trails
Platform operations are auditable. You can review what actions were taken, when, and by whom.
Deployment options
Managed (Nova Cloud)
Hosted by Astropulse. Operational data is stored in our infrastructure with encryption at rest and in transit. Stored integration credentials are encrypted at rest using AES-256-GCM.
Self-managed
Deploy Astropulse inside your own cloud account (AWS, GCP, or Azure). Data handling depends on your configuration: local model execution can keep operational data inside your boundary, while enabled external providers process the data sent to them. Available to Enterprise customers.
AI provider data handling
Hosted Nova AI routes conversations according to the configured model lane. For Astropulse-managed provider access, we select commercial API terms and defaults that do not use API data for model training by default. Customer-provided credentials and enabled external providers are governed by their applicable settings and terms. Provider policies may change, so refer to their published documentation.
Anthropic (Claude)
May be used in managed routing. Data is not used for model training under commercial API terms.
OpenAI
May be used in managed routing. API data is not used to train models by default.
Security contact
To report a vulnerability or ask a security question, email us at contact@astropulse.io. We review all reports and follow up as appropriate.
Please do not disclose potential vulnerabilities publicly until we have had an opportunity to investigate and respond.