Security Without Compromise

AstorX was architected for organisations where data protection is non-negotiable. Your data stays in your cloud, governed by your policies, under your control.

Your Data, Your Cloud

Zero-Trust Data Architecture

AstorX deploys entirely in the customer's Azure subscription. Every component runs in their tenant. You maintain full governance, visibility, and control over every aspect of the platform. Deployment is flexible: fully containerized in your cloud, on your own Kubernetes infrastructure, or in hybrid configurations that keep your most sensitive workloads on-premises.

Your Subscription

All resources provisioned inside your Azure tenant. Complete infrastructure sovereignty.

Your Policies

Your existing governance, network rules, and compliance controls apply to AstorX seamlessly.

Your Control

AstorX never stores, processes, or accesses your data outside your environment. Complete data containment.

Defence in Depth

Infrastructure Security

  • Private network isolation — all services communicate over private endpoints
  • Managed identity authentication — no passwords or API keys stored
  • Encryption at rest with AES-256
  • Encryption in transit with TLS 1.2+
  • Customer-managed encryption keys supported

Application Security

  • Enterprise SSO with Microsoft Entra ID
  • Role-based access control — Admin, Analyst, Contributor, Viewer
  • Tender-scoped permissions with granular controls
  • Human-in-the-loop validation for all AI outputs
  • Comprehensive audit logging of all user actions

AI Safety

  • Multi-layered content filtering and validation
  • Purpose-built scope boundaries — cannot be repurposed
  • Full audit trails with AI vs. human authorship tracking
  • Prompt injection protection and input validation
  • No data retention for model training or improvement

Compliance Framework

GDPR
Customer is data controller. AstorX is not a data processor.
Data Residency
You choose the Azure region. Data never leaves your selected geography.
GxP Compliance
Runs on your validated Azure environment with full audit trails.
Encryption
Customer-managed keys supported for maximum control.
Audit & Logging
Every access logged in your Azure Activity Log for complete traceability.
AI Data Policy
Your data is never used for model training or improvement.

Publisher Access Controls

When AstorX needs access for updates or support, you remain in control. Every access request is transparent, limited, and auditable.

Access Requested
AstorX initiates a time-limited access request with specific purpose and scope.
Customer Approval
You explicitly review and approve each access request through your Azure portal.
Granted Access
Access is provisioned with a pre-defined expiry window.
Full Audit Trail
Every action is logged in your Azure Activity Log for complete visibility.
Automatic Expiry
Access expires automatically. You can revoke at any time.

Enterprise-Grade Security Posture

Comprehensive security controls and compliance standards built into every deployment.

SOC 2-Aligned Controls
Security controls designed to SOC 2 Type II standards
Azure Marketplace Certified
Verified enterprise-ready solution
Microsoft Entra ID
Enterprise identity integration
TLS 1.2+
Modern encryption in transit
AES-256
Strong encryption at rest
Security Documentation
Available upon request for customers

Security Questions? Let's Talk.

Our security team is ready to discuss your specific compliance requirements and how AstorX meets them.

Request a Security Review