Last Updated: November 2025

AsteroCFO.ai is built with a security-first approach. Founders trust us with sensitive information, and we take that responsibility seriously. This page outlines how we protect user data, maintain secure systems, and align with best-practice compliance expectations.

1. Data Security

We use multiple layers of protection to secure your information:

  • Encryption in transit: All connections between your device and our servers use modern TLS encryption (TLS 1.2+).
  • Encryption at rest: Financial uploads, chat history, and account data are encrypted using AES-256 or equivalent secure standards.
  • Access Controls: Only authorized, essential system processes can access user data. Human access is restricted and monitored.
  • Session Isolation: Each user session is separated to prevent cross-account data exposure.

2. Infrastructure & Hosting

Our hosting and system providers maintain industry-leading security certifications, including:

  • SOC 1, SOC 2, SOC 3 compliance
  • ISO 27001 / 27017 / 27018
  • GDPR-aligned security protections

AsteroCFO.ai does not directly store or process credit card numbers. All billing is handled through PCI-compliant third-party payment processors.

3. Regulatory Alignment

While AsteroCFO.ai is not a licensed CPA firm, tax preparer, financial advisor, or legal service, we proactively align with:

  • Federal and state privacy regulations (including CCPA for California residents)
  • FTC regulations and guidance on AI and consumer transparency
  • GDPR considerations for EU visitors
  • Emerging AI safety expectations and disclosure norms

Our objective is to maintain a transparent, trustworthy ecosystem for founders.

4. Data Retention & User Deletion Rights

Users maintain control over their data. You may:

  • Request deletion of uploaded financial documents
  • Request deletion of conversation history
  • Request full account deletion
  • Export certain data upon request

Upon deletion, data is removed from active systems and scheduled for destruction from backups according to our retention timeline.

5. Incident Response

We maintain an internal protocol for managing potential security incidents, including:

  • Continuous monitoring for suspicious activity
  • Immediate internal escalation
  • Assessment and containment
  • Notification to affected users if required
  • Post-incident review and remediation

Although we have no history of data breaches, we maintain readiness.

6. User Responsibilities

Users agree to:

  • Maintain secure login credentials
  • Avoid sharing passwords or leaving sessions active on shared devices
  • Notify us immediately of suspected unauthorized activity
  • Follow reasonable security practices when uploading financial documents

Contact

For compliance or security inquiries, contact us here.
security@asterocfo.ai