Security

Security by design

Astrada is built on enterprise-grade security principles. Handling card transaction data is a responsibility we take seriously — our infrastructure is designed to meet the most demanding requirements.

PCI DSS v4
GDPR
CCPA
Certifications & Practices

Enterprise-grade from day one

Our security infrastructure is built for platforms that handle sensitive financial data at scale.

PCI DSS v4 Level 1

Certified as a PCI DSS v4 Level 1 Service Provider — the highest level of payment card industry compliance.

TLS 1.2 / 1.3 Encryption

All communications are encrypted with TLS 1.2 or TLS 1.3. Data at rest is encrypted with AES-256.

GDPR & CCPA Compliant

Full compliance with GDPR and CCPA regulatory frameworks. Data processing agreements available on request.

OAuth2 Authentication

API-based OAuth2 authentication with scoped access tokens and automatic token rotation.

Penetration Testing

Regular third-party security penetration testing conducted by independent security firms.

ASV Scans

Frequent Approved Scanning Vendor (ASV) scans to identify and address vulnerabilities proactively.

FAQ

Common security questions

Astrada is certified as a PCI DSS v4 Level 1 Service Provider. You can request our Attestation of Compliance (AOC) by contacting security@astrada.co.
Yes. Astrada is fully compliant with both GDPR and CCPA. We provide Data Processing Agreements (DPAs) to all customers upon request.
All data in transit is encrypted using HTTPS with TLS 1.2 or TLS 1.3. Data at rest is encrypted using AES-256 encryption.
Yes. A current list of sub-processors is available on request. Contact privacy@astrada.co for details.
Summary findings from our most recent third-party penetration test are available under NDA. Contact security@astrada.co to request access.
If you believe you have found a security vulnerability, please report it responsibly by emailing security@astrada.co. We take all reports seriously and will respond promptly.
We do not currently operate a bug bounty program. However, we welcome responsible disclosure of any security issues via security@astrada.co.
We can provide our PCI DSS AOC, penetration test summaries (under NDA), and details of our security architecture during your evaluation process. Reach out to security@astrada.co to get started.
Contact

Get in touch

For security inquiries, compliance documentation, or privacy requests.

Security

security@astrada.co

Compliance docs, vulnerability reports

Privacy

privacy@astrada.co

DPAs, data subject requests

Support

support@astrada.co

Technical support, account issues

Build with confidence

Enterprise-grade security infrastructure, so you can focus on building your platform.

Contact Sales → View API Docs