Security

Security byDesign

We treat security as a foundational engineering requirement — not a compliance checkbox. Here's how we protect your data and our systems.

SOC 2 Type II · CertifiedGDPR · CompliantNDPR · CompliantISO 27001 · In ProgressPOPIA · Compliant

🔒

Encryption at Rest

AES-256 for all stored data. Encryption keys managed via AWS KMS with automatic rotation.

🔐

Encryption in Transit

TLS 1.3 enforced on all connections. HSTS enabled. Certificate pinning on mobile clients.

🛡️

SOC 2 Type II

Annually audited by an independent third party. Report available to enterprise clients under NDA.

⬡

ISO 27001 Aligned

Our ISMS follows ISO 27001 controls. Full certification in progress for Q3 2026.

👤

Access Control

Role-based access control (RBAC) with least privilege. MFA enforced for all internal systems.

📋

Penetration Testing

Quarterly automated scans + annual manual pen test by Cobalt.io certified testers.

Responsible Disclosure

Found a Vulnerability?

Report it to security@astralearnia.com before public disclosure. We acknowledge within 24 hours and resolve critical issues within 14 days. We do not take legal action against good-faith researchers.

⏱ 24h acknowledgement🔧 14-day critical SLA

Security Reports

Request Our SOC 2 Report

Qualified enterprise prospects can request our full SOC 2 Type II report, penetration testing summary, and GDPR DPA template — available under NDA.

Request Access →