Astrion Media

Privacy & Security Policy

Version: 1.0  |  Effective Date: January 2026

1. Purpose

This Information Security Policy aims to establish the standards, principles, and procedures that Astrion Media applies to protect the confidential, sensitive, and strategic information of its clients, collaborators, and the company itself.

Astrion Media recognizes that, due to the nature of its services (automation, digital marketing, AI systems, and access management), it may come into contact with critical information, making security a fundamental priority.

2. Scope

This policy applies to:

  • Founder and executives of Astrion Media
  • Employees, contractors, and freelancers
  • Tools, platforms, and systems used by the company
  • Information from small, medium, and large clients

3. Security Principles

Astrion Media is governed by the following principles:

  • Confidentiality: information is only accessible by authorized personnel.
  • Integrity: information must not be altered without authorization.
  • Availability: information must be available only when necessary.
  • Minimum Access: each person accesses only what is strictly necessary.
  • Traceability: all access can be audited.

4. Information Classification

4.1 Public Information

Promotional data, approved marketing content, information visible to the public.

4.2 Internal Information

Internal processes, operational documentation, non-public strategies.

4.3 Confidential Information

  • Access credentials
  • Email accounts
  • API tokens
  • Automation data
  • Partial financial information

4.4 Sensitive Information

  • Client personal data
  • Administrative access
  • Payment information (never complete cards)

5. Password and Access Management

  • Astrion Media never stores passwords in plain text.
  • All credentials are managed through encrypted password managers.
  • Access is shared without revealing passwords.
  • All access can be revoked immediately.
  • Two-factor authentication (2FA) is applied to all possible accounts.

6. Information Storage

  • Sensitive information is only stored in encrypted systems.
  • Storing passwords, cards, or tokens in documents, emails, or messaging is not allowed.
  • Operational documentation is kept separate from sensitive information.
  • Backups are performed in encrypted form.

7. Payments and Financial Data

  • Astrion Media does not store complete credit or debit card data.
  • Payments are managed exclusively through certified platforms.
  • The company only accesses the minimum information necessary for billing.

8. Automation and AI Systems

  • All automations use encrypted credentials.
  • Each client has independent credentials.
  • Access tokens are rotated periodically.
  • Keys are not reused between clients.

9. Team and Role Management

  • Access is assigned according to the collaborator's role.
  • A collaborator cannot access information that is not necessary for their function.
  • All access is logged.
  • Upon termination of employment, all access is immediately revoked.

10. Security Incidents

In case of an incident:

  • The scope is evaluated immediately.
  • Compromised access is revoked.
  • The executive team is notified internally.
  • The client is informed if the incident affects them.

11. Client Responsibilities

The client commits to:

  • Provide correct and updated access.
  • Not share access outside of Astrion Media.
  • Report any suspicion of misuse.

Astrion Media will not be responsible for incidents derived from client negligence.

12. Compliance and Sanctions

Non-compliance with this policy may result in:

  • Suspension of access
  • Contract termination
  • Legal actions if applicable

13. Updates

This policy may be modified to adapt to technological, legal, or business changes. The current version will always be the most recent.

14. Acceptance

By contracting Astrion Media services, the client accepts this Information Security Policy.

Astrion Media
"Trust is built by protecting information."