LEGAL
This placeholder overview describes the security practices Astral aims to follow. Replace with finalized, audited statements before launch.
Security is built into how we design, build, and operate Astral. This page summarizes the practices we aim to follow, including technical controls, internal processes, and vendor management. It is placeholder copy and should be replaced with audited statements.
We use encryption in transit and at rest for sensitive data. Transport security is enforced with modern TLS configurations, and storage systems are configured to protect information from unauthorized access.
We collect only the data needed to operate Astral and retain it for defined periods. Access to production data is limited to authorized personnel with a business need.
We use role-based access controls, least-privilege principles, and multi-factor authentication for internal systems. Administrative actions are logged and periodically reviewed.
Our infrastructure uses segmentation, firewalls, and continuous patching to reduce exposure. We monitor for unusual activity and apply updates to address vulnerabilities in dependencies and services.
We collect logs and metrics to detect operational issues and suspicious behavior. Alerts are routed to on-call responders to investigate and remediate potential incidents.
We maintain incident response playbooks covering detection, containment, recovery, and communication. In the event of a material incident, we will notify affected users and partners as required by law and contractual obligations.
We evaluate security practices of critical vendors and require appropriate safeguards through contractual terms. Where possible, we limit the scope of data shared with third parties.
If you believe you have found a security issue, please report it to security@astral.trading. Provide clear steps to reproduce and avoid accessing data that is not yours. We will acknowledge reports promptly and work toward remediation.
You can help protect your account by using strong passwords, enabling multi-factor authentication, and reviewing access permissions for any connected services. Notify us immediately if you suspect unauthorized activity.
We maintain backups and recovery procedures designed to minimize downtime and data loss. Restoration objectives vary by system and are tested on a regular cadence.
For security questions, contact security@astral.trading. For general support, email placeholder@astral.trading.