← Back to caast.tech

Compliance

Caast commitment to security

Keeping customer data safe is one of the most important things we care about at Caast Technologies. Below is a high-level summary of our current security practices. Reach out to [email protected] for any detailed questions.

Experienced team

Our team has designed and operated finance and AI systems for high-growth companies. Everyone who works on our platform signs confidentiality and information-security agreements. New hires receive onboarding briefings covering secure development, least-privilege access, and responsible data handling.

Cloud infrastructure

Caast runs inside hardened cloud facilities operated by vetted providers, typically located in the EU. We scope our environments to keep customer workloads isolated, enforce strict identity controls, and monitor for configuration drift. Physical security is handled directly by our hosting partners who maintain 24/7 staffed data centers.

Best practices in progress

We take a “best effort” approach to implementing common security controls: encryption at rest and in transit, role-based access control, strong authentication, regular key rotation, and secure SDLC touchpoints. Several controls are still being rolled out, so we are transparent when a safeguard is aspirational rather than fully audited.

User rights & access

Employee accounts follow the principle of least privilege. Access reviews happen routinely, and any elevated permissions are logged. Visitors to Caast premises must be escorted at all times. Customers can request access records or remediation details by emailing [email protected].

Monitoring & incidents

We use Sentry and complementary open-source tooling to capture telemetry from our applications and infrastructure. Alerts route to on-call engineers who follow a lightweight incident-response playbook. We classify events by severity, keep post-incident notes, and inform affected customers as required.

Risk management

Caast performs periodic vulnerability scans, dependency reviews, and targeted penetration tests with external partners when feasible. Findings are prioritized based on impact, and remediation work is tracked in our internal backlog. We continuously refine these processes as we grow.

Network isolation

Customer platforms run in private network segments with encrypted connections and are not directly exposed to the public internet. For customer third‑party tools, access is established via OAuth 2.0 connectors with static callback URLs; we never request raw passwords to those systems.

Third parties & payments

Vendors that process customer data undergo a lightweight risk assessment before onboarding. We also verify that each vendor signs a data-processing addendum aligned with GDPR requirements. Caast does not process cardholder data directly and does not store card numbers; customer billing is handled without exposing payment card information to our systems.