Data Processing Agreement.

This Data Processing Agreement describes how Astry processes personal data on your behalf when you run the product, the roles each party holds under the GDPR, and the technical and organizational measures that protect that data. It forms part of the agreement between you and Astry.

1. Roles of the parties

For personal data processed inside your workspace, you are the controller and Astry is the processor. You decide which sources to connect and what is processed. Astry processes that data only on your documented instructions.

Astry runs inside your own cloud under the BYOC model. Much of the processing happens entirely within your security boundary, on infrastructure you control, and Astry holds no credentials to your environment.

2. Subject matter and duration

The subject matter is the processing needed to operate Astry as your company brain: ingesting the sources you connect, compiling them into a structured knowledge base, and answering queries against it under access control. Processing lasts for the term of your agreement and ends when the service ends, subject to the return and deletion terms below.

3. Nature and purpose of processing

Astry processes personal data to:

• ingest content from the sources you connect and keep it in incremental sync;
• compile that content into a structured knowledge base;
• answer queries in natural language, with sources, under access control.

Processing is limited to these purposes. Astry does not use your content to train shared or third-party models.

4. Categories of data and data subjects

The categories of personal data and the data subjects are determined by you, because they depend on the sources you connect. They may include:

• your employees, contractors and other workspace users;
• the people referenced in your messages, meetings, files and records.

Content can include any personal data present in connected Slack, Google Drive, Microsoft SharePoint, WhatsApp and meeting sources, or anything you push through the REST ingest API. Sensitive content is detected and redacted at ingest, and access controls travel with the data.

5. Sub-processors

Astry keeps the sub-processor surface deliberately small. Because the product runs in your cloud, most sub-processors are ones you already control:

• Your cloud provider — Azure, GCP or AWS — hosts the deployment in your own account.
• Your identity provider — Okta, Microsoft Entra ID or Google Workspace — federates sign-in over OIDC.
• Your model host — you choose where inference runs. Pin it to EU-only hosts, or run fully local and air-gapped with Ollama. An egress guard checks every outbound call against a host allowlist and fails hard on anything else.

Astry gives notice of any change to sub-processors so you can object. See the BYOC model for how this is deployed.

6. Security measures

Astry applies technical and organizational measures appropriate to the risk:

• Per-request isolation. Before inference, the Trust Layer copies only the files the asker is cleared to see into a throwaway sandbox, writes a manifest of just those files, runs the model with that directory as its world, then deletes the sandbox. Files outside your clearance are physically absent from the request, so the model cannot reference or even discover them.
• Access control. Four workspace roles, with file-level access enforced before the model exists. Permissions inherit from your source systems and missing membership means no access. There is no parallel permission store.
• Encryption. TLS in transit over HTTPS, and AES-256-GCM at rest — an authenticated cipher whose tag detects tampering. The envelope format is versioned with a key id, so keys rotate through a keyring without re-encrypting data. Keys come from your KMS, or from a key only you hold under BYOC.
• Self-hosted in your cloud. Under BYOC, Astry runs entirely inside infrastructure you own and holds no credentials to your environment. The Astry control plane sees only operational metadata — version, uptime, user count, vault size, connector states — and never your content, conversations or audit bodies.
• Identity. OIDC single sign-on with your identity provider — Okta, Microsoft Entra ID or Google Workspace — with directory provisioning.
• Audit. An append-only, WORM log records every query, resource, action, latency and cost. The application database role has insert and select only; update and delete are revoked at the database, so records cannot be altered after the fact.
• Anomaly detection. Built-in checks flag unusual access patterns for review.
• Data-loss prevention. A deterministic, regex-first scan runs at ingest across categories such as emails, national IDs, IBANs, card numbers and API keys. Critical findings are redacted before anything is indexed, so no model sees the raw secret.

Read the full security model for detail.

7. International transfers and residency

You control where inference runs. A workspace can pin all inference to EU-only providers, so model processing stays within the EU. For fully local inference, Ollama keeps processing inside your own environment.

Where any processing transfers personal data outside the EEA, Astry relies on recognized safeguards such as the Standard Contractual Clauses.

8. Data subject rights and assistance

Astry helps you meet requests from data subjects. Because access inherits from your source systems and every request is logged, you can trace what was accessed and by whom.

For erasure under Article 17 of the GDPR, Astry runs deletion through provenance-tracked departure-kit tooling that records exactly what was removed, so a deletion is verifiable rather than asserted. The same tooling assists with data subject access requests.

9. Breach notification

If Astry becomes aware of a personal data breach affecting your data, Astry notifies you without undue delay, with the information you need to meet your own notification duties. The append-only audit log and built-in anomaly detection support rapid investigation.

10. Audit and information

Astry makes available the information needed to demonstrate compliance with this agreement. Every query, file access and response is recorded in an append-only log that you can review, and that can be forwarded to your own SIEM.

The strongest evidence is the shipped controls themselves: the audit log above, access enforced before the model runs, and a deployment that lives in your own cloud. SOC 2 Type II is in progress, and ISO 27001 is on our roadmap for 2026.

11. Return and deletion

On termination, or at your request, Astry returns or deletes the personal data it processes for you, at your choice, and deletes existing copies unless law requires retention. Because the deployment lives in your cloud, you keep direct control of the underlying data throughout.

12. Contact

For any question about this agreement, or to request the countersigned version, contact our data protection team at dpo@astry.agency. For security questions, write to security@astry.agency.