Data Security and Privacy

Data Security and Privacy

Data Security and Privacy

Your Data, Our Commitment to Security

Your Data, Our Commitment to Security

Your Data, Our Commitment to Security

At Astreva, we prioritize your privacy and data security. Our robust security practices encompass secure development, data isolation, encryption, operational security, and organizational security measures. With us, your data is in safe hands.

At Astreva, we prioritize your privacy and data security. Our robust security practices encompass secure development, data isolation, encryption, operational security, and organizational security measures. With us, your data is in safe hands.

At Astreva, we prioritize your privacy and data security. Our robust security practices encompass secure development, data isolation, encryption, operational security, and organizational security measures. With us, your data is in safe hands.

Data Security

Data Security

Data Security

Data security practices.

Data security practices.

Data security practices.

Discover our data security engagements: 

  • Secure development practices: We ensure that all changes and new features undergo rigorous security checks and evaluations before being deployed to production, including vulnerability scanning, code analysis, and manual code verification processes.

  • Data isolation: We keep your data separate and secure. Your information is stored exclusively on our dedicated VPCs and is not shared with any third party without your consent.

  • Data retention: Your data is retained during your use of Astreva services and deleted 60 days after subscription cancellation, with invoicing and service entries kept for accounting and legal purposes.

  • Encryption: Customer data is securely encrypted, ensuring data protection through server-side encryption with AES-256.

  • Workplace:  We prioritize security by implementing strict access control measures using access cards and CCTV monitoring. Authorized personnel are granted access to specific locations, and entry and exit activities are carefully monitored.

  • Data centers: Our dedicated VPCs are hosted in a highly secure infrastructure provided by Amazon Web Services. Access to the data center floor is strictly controlled through multi-factor authentication, ensuring that only authorized personnel with specific roles can enter.

Discover our data security engagements: 

  • Secure development practices: We ensure that all changes and new features undergo rigorous security checks and evaluations before being deployed to production, including vulnerability scanning, code analysis, and manual code verification processes.

  • Data isolation: We keep your data separate and secure. Your information is stored exclusively on our dedicated VPCs and is not shared with any third party without your consent.

  • Data retention: Your data is retained during your use of Astreva services and deleted 60 days after subscription cancellation, with invoicing and service entries kept for accounting and legal purposes.

  • Encryption: Customer data is securely encrypted, ensuring data protection through server-side encryption with AES-256.

  • Workplace:  We prioritize security by implementing strict access control measures using access cards and CCTV monitoring. Authorized personnel are granted access to specific locations, and entry and exit activities are carefully monitored.

  • Data centers: Our dedicated VPCs are hosted in a highly secure infrastructure provided by Amazon Web Services. Access to the data center floor is strictly controlled through multi-factor authentication, ensuring that only authorized personnel with specific roles can enter.

Discover our data security engagements: 

  • Secure development practices: We ensure that all changes and new features undergo rigorous security checks and evaluations before being deployed to production, including vulnerability scanning, code analysis, and manual code verification processes.

  • Data isolation: We keep your data separate and secure. Your information is stored exclusively on our dedicated VPCs and is not shared with any third party without your consent.

  • Data retention: Your data is retained during your use of Astreva services and deleted 60 days after subscription cancellation, with invoicing and service entries kept for accounting and legal purposes.

  • Encryption: Customer data is securely encrypted, ensuring data protection through server-side encryption with AES-256.

  • Workplace:  We prioritize security by implementing strict access control measures using access cards and CCTV monitoring. Authorized personnel are granted access to specific locations, and entry and exit activities are carefully monitored.

  • Data centers: Our dedicated VPCs are hosted in a highly secure infrastructure provided by Amazon Web Services. Access to the data center floor is strictly controlled through multi-factor authentication, ensuring that only authorized personnel with specific roles can enter.

Operational Security

Operational Security

Operational Security

Operational security practices.

Operational security practices.

Operational security practices.

Discover our operational security engagements:

  • Candidate information: Astreva utilizes publicly available information from the internet for its sourcing and behavioral analysis. We are fully compliant with GDPR regulations and prioritize candidate privacy. Candidates have the option to opt-out from our database at any time by clicking here.

  • Data backup: Client databases are replicated across multiple availability zones in near real-time. We perform daily backups of customer data, storing encrypted and compressed files in AWS. In the event of a data recovery request within the retention period, we ensure secure access and restore the data based on its size and complexity.

  • Incident Response: Astreva's Incident Response Program employs proactive measures to detect, analyze, and swiftly respond to security incidents, ensuring effective communication and minimizing the risk of future occurrences. In the unlikely event of an incident, our stringent notification policy guarantees prompt communication with all customers within 24 hours, providing timely updates and maintaining transparency throughout the resolution process.

Discover our operational security engagements:

  • Candidate information: Astreva utilizes publicly available information from the internet for its sourcing and behavioral analysis. We are fully compliant with GDPR regulations and prioritize candidate privacy. Candidates have the option to opt-out from our database at any time by clicking here.

  • Data backup: Client databases are replicated across multiple availability zones in near real-time. We perform daily backups of customer data, storing encrypted and compressed files in AWS. In the event of a data recovery request within the retention period, we ensure secure access and restore the data based on its size and complexity.

  • Incident Response: Astreva's Incident Response Program employs proactive measures to detect, analyze, and swiftly respond to security incidents, ensuring effective communication and minimizing the risk of future occurrences. In the unlikely event of an incident, our stringent notification policy guarantees prompt communication with all customers within 24 hours, providing timely updates and maintaining transparency throughout the resolution process.

Discover our operational security engagements:

  • Candidate information: Astreva utilizes publicly available information from the internet for its sourcing and behavioral analysis. We are fully compliant with GDPR regulations and prioritize candidate privacy. Candidates have the option to opt-out from our database at any time by clicking here.

  • Data backup: Client databases are replicated across multiple availability zones in near real-time. We perform daily backups of customer data, storing encrypted and compressed files in AWS. In the event of a data recovery request within the retention period, we ensure secure access and restore the data based on its size and complexity.

  • Incident Response: Astreva's Incident Response Program employs proactive measures to detect, analyze, and swiftly respond to security incidents, ensuring effective communication and minimizing the risk of future occurrences. In the unlikely event of an incident, our stringent notification policy guarantees prompt communication with all customers within 24 hours, providing timely updates and maintaining transparency throughout the resolution process.

Organizational Security

Organizational Security

Organizational Security

Organizational security practices.

Organizational security practices.

Organizational security practices.

Our organizational security engagements:

  • Security training:  All employees undergo comprehensive training on information security, privacy, and compliance, including incident response reporting and communication protocols. Additional security training may be provided based on their role, especially for configuring and managing client services or cloud spaces.

  • Security team: Our team is committed to maintaining a secure infrastructure by regularly upgrading our systems and software to prevent any security vulnerabilities. We provide domain-specific training to our developers and consulting teams to ensure they follow best practices and adhere to security procedures.

  • Endpoint security: We prioritize data security with encrypted workstations, restricted use of removable media, and two-factor login authentication for applications and access points. Employees are required to create strong passwords that are periodically changed for enhanced security.

  • Vendors and sub-processors: We choose vendors and sub-processors with stringent security measures and GDPR compliance. Before adding any new sub-processor, we inform our customers in advance to ensure their security and privacy policies align with our standards.

  • Customer security: To maintain account security, follow these practices: use a strong password, enable multi-factor authentication, keep devices and software updated, establish access controls in Astreva, restrict access to trusted networks, and be cautious of phishing and malware threats.

Our organizational security engagements:

  • Security training:  All employees undergo comprehensive training on information security, privacy, and compliance, including incident response reporting and communication protocols. Additional security training may be provided based on their role, especially for configuring and managing client services or cloud spaces.

  • Security team: Our team is committed to maintaining a secure infrastructure by regularly upgrading our systems and software to prevent any security vulnerabilities. We provide domain-specific training to our developers and consulting teams to ensure they follow best practices and adhere to security procedures.

  • Endpoint security: We prioritize data security with encrypted workstations, restricted use of removable media, and two-factor login authentication for applications and access points. Employees are required to create strong passwords that are periodically changed for enhanced security.

  • Vendors and sub-processors: We choose vendors and sub-processors with stringent security measures and GDPR compliance. Before adding any new sub-processor, we inform our customers in advance to ensure their security and privacy policies align with our standards.

  • Customer security: To maintain account security, follow these practices: use a strong password, enable multi-factor authentication, keep devices and software updated, establish access controls in Astreva, restrict access to trusted networks, and be cautious of phishing and malware threats.

Our organizational security engagements:

  • Security training:  All employees undergo comprehensive training on information security, privacy, and compliance, including incident response reporting and communication protocols. Additional security training may be provided based on their role, especially for configuring and managing client services or cloud spaces.

  • Security team: Our team is committed to maintaining a secure infrastructure by regularly upgrading our systems and software to prevent any security vulnerabilities. We provide domain-specific training to our developers and consulting teams to ensure they follow best practices and adhere to security procedures.

  • Endpoint security: We prioritize data security with encrypted workstations, restricted use of removable media, and two-factor login authentication for applications and access points. Employees are required to create strong passwords that are periodically changed for enhanced security.

  • Vendors and sub-processors: We choose vendors and sub-processors with stringent security measures and GDPR compliance. Before adding any new sub-processor, we inform our customers in advance to ensure their security and privacy policies align with our standards.

  • Customer security: To maintain account security, follow these practices: use a strong password, enable multi-factor authentication, keep devices and software updated, establish access controls in Astreva, restrict access to trusted networks, and be cautious of phishing and malware threats.