Rastro
< Back to home
Security

Security

Rastro is operated with an enterprise-grade security posture for catalog operations workflows. We do not claim SOC 2 today, but we design the product, infrastructure, and operating practices for security-conscious teams that expect careful controls, clear ownership, and conservative handling of customer data.

Security posture

Security is treated as an operating requirement, not a marketing layer. We design for least-privilege access, careful separation of environments, controlled production changes, and auditable operational workflows. The system is built for business use by distributors and manufacturers handling sensitive commercial product data.

Production workloads run on AWS-backed infrastructure with managed services for compute, storage, caching, model routing, and operational logging.
Access to sensitive systems and administrative actions is restricted to authorized personnel with tightly controlled credentials and environment separation.
Operational changes are made through version-controlled workflows so infrastructure and application updates are reviewable and traceable.
Customer-submitted catalog data is handled conservatively and is not used to train general-purpose models.

Infrastructure and providers

Our current stack combines AWS-hosted backend infrastructure with specialized providers for authentication, workflow orchestration, observability, communications, and site delivery. The provider footprint is kept intentionally focused rather than spread across many overlapping systems.

AWS services including EKS, Bedrock, S3, ElastiCache, and CloudWatch support backend compute, model execution, storage, caching, and operational logging.
Supabase is used for PostgreSQL-backed application data and authentication-related flows.
Temporal Cloud is used for long-running catalog workflows that require durable orchestration and retries.
Vercel delivers the public web experience, while OpenAI, Resend, and Datadog are used for feature-specific model execution, operational email, and observability.

Data handling and access control

We aim to minimize unnecessary exposure of customer information and keep permissions narrow by default. Data access is limited to what is required to operate the service, support customers, maintain reliability, and investigate issues or misuse.

Customer data is processed to provide the requested workflow, maintain service reliability, support troubleshooting, and meet legal or contractual obligations.
Authentication and core application records are handled through scoped application services rather than broad public access paths.
Public demo and shareable flows are treated as collaboration features and are not intended for regulated or highly sensitive data.
Privacy requests, DPA discussions, and security questions can be routed directly through the team.

Monitoring, resilience, and incident handling

Reliability and security operations are coupled. We use centralized logging, infrastructure monitoring, durable workflow execution, and controlled deployment paths so issues can be detected, triaged, and remediated quickly.

Operational telemetry is captured through AWS logging and infrastructure observability tooling.
Workflow orchestration is designed for retries, durability, and controlled recovery of long-running jobs.
Changes are deployed through managed CI and infrastructure workflows rather than manual production edits.
Suspected security issues can be reported to augustin@rastro.ai for triage and follow-up.

Certifications and current claims

We do not currently claim SOC 2 certification on this page. We prefer to state only what we can stand behind directly: a cautious, enterprise-grade security posture, a tightly managed provider stack, and conservative handling of customer data. If your procurement process requires specific documentation, we can handle that directly over email.