AscentAI Data Security
and Privacy

Security and Compliance at AscentAI

AscentAI maintains a SOC 2 Type I attestation, which is available on our Trust Center.

Data Protection

Maintaining data security is a top priority for AscentAI. We protect our data in several ways.

  • Data at Rest: AscentAI data is protected via AES-256 encryption, utilizing FIPS 140-2 validated hardware security modules with automatic key rotation. Acceptable encryption algorithms and tools used by AscentAI include AES-256, RSA-2048, and SHA-256.
  • Data in Transit: AscentAI data is encrypted via HTTPS or TLS protocols (TLS 1.2/1.3).
  • Secret Management: AscentAI avoids hardcoded secrets in favor of runtime injection and uses secure key management practices, including hardware security modules (HSMs), encrypted key storage, and access controls.

Product Security

Recognizing the importance of cybersecurity for its own operations as well as to protect its partners and customers, AscentAI utilizes a stage-appropriate, risk-informed security program aligned to industry standards such as NIST CSF.

  • Penetration Testing: AscentAI conducts annual penetration testing as part of our ongoing cybersecurity measures.
  • Vulnerability Scanning: AscentAI’s vulnerability assessment process involves regular scanning of our network and systems using industry-leading tools to identify potential vulnerabilities. We also conduct periodic penetration testing to uncover any weaknesses that automated tools might miss.

 

Enterprise Security

Ensuring our enterprise is secure and our employees are educated is fundamental to how we operate. We combine strong technical controls with ongoing training to protect our people, data, and systems.

  • Endpoint security:  All corporate devices are centrally managed and are equipped with mobile device management software and anti-malware protection. Endpoint security alerts are monitored with 24/7/365 coverage. We use MDM software to enforce secure configuration of endpoints, such as disk encryption, screen lock configuration, and software updates.
  • Secure remote access: AscentAI secures remote access to internal resources using Tailscale, a modern VPN platform built on WireGuard. We also use malware-blocking DNS servers to protect employees and their endpoints while browsing the internet.
  • Security education: AscentAI conducts information security training provided by Vanta as part of our onboarding program for new employees and conducts annual re-training certification courses for all active employees.
  • Identity and access management:  AscentAI uses SSO to secure our identity and access management. We enforce the use of phishing-resistant authentication factors, using WebAuthn exclusively wherever possible. AscentAI employees are granted access to applications based on their role, and automatically deprovisioned upon termination of their employment. Further access must be approved according to the policies set for each application.