Question 1

What is ASTIS, exactly?

Accepted Answer

ASTIS is a cryptographic trust layer for business data. It encrypts, signs, applies format-preserving encryption, and audits sensitive data without sending business-payload plaintext to ASTIS, cloud providers, or AI tools. You can use it as a ready-made secure workspace (ASTIS Mail) or integrate it into your own apps via the API platform (ASTIS API and ASTIS CVS Hybrid).

Question 2

Should I buy ASTIS Mail or the ASTIS API platform?

Accepted Answer

Mail if your team needs an encrypted workspace for sensitive client, patient, employee, or legal communications without engineering work. API platform if you have engineering capacity and want to embed encryption, signing, format-preserving encryption, or audit into your own product or data pipeline. Many regulated organizations buy both.

Question 3

How does ASTIS Mail work alongside Gmail or Outlook?

Accepted Answer

Mail is a standalone secure workspace with its own mailbox. It optionally integrates with Gmail and Outlook so you can route sensitive threads through ASTIS while keeping your existing inbox for non-sensitive mail.

Question 4

What is the difference between BYOK and HYOK?

Accepted Answer

BYOK (Bring Your Own Key) means you generate your encryption keys while they are held in ASTIS-managed infrastructure; during managed operations such as key rewrap, the CryptoVault Service may transiently process key material. HYOK (Hold Your Own Key) means the keys never leave your infrastructure and ASTIS never sees them. Managed API tiers (Pro, Business) use customer-controlled keys; full HYOK custody is available on API Enterprise and ASTIS CVS Hybrid.

Question 5

How is API pricing structured?

Accepted Answer

ASTIS API is sold as an annual feature-gated platform license. Pricing is by tier (Pro, Business, Enterprise, Strategic), not by API call counts. There are no public call quotas, no automatic overage billing, no per-call charges. Rate limits exist for abuse protection and capacity planning only.

Question 6

What rate limits or abuse protections apply to free developer access?

Accepted Answer

Free developer access is a 30-day evaluation trial with 10,000 requests / month, sandbox access only. Runs on production-grade infrastructure with conservative per-second rate limits, burst caps, and abuse-protection caps. Sustained abusive traffic, credential stuffing, or DDoS-pattern requests trigger account suspension. After 30 days organizations convert to a paid annual license through sales (production tiers from $15,000/year).

Question 7

What is ASTIS CVS Hybrid and how does it differ from API Strategic?

Accepted Answer

ASTIS CVS Hybrid is a separate self-hosted deployment of the CryptoVault Service ($50,000–$250,000+/year) for organizations needing on-premises CVS. API Strategic ($1M+/year) is the top tier of the managed platform with dedicated cluster, source escrow, custom SLA, and on-call engineering. Different deployment models, different price bands.

Question 8

Is there a free trial?

Accepted Answer

Yes for both products. Mail Free Trial gives a 30-day evaluation of the secure workspace with one mailbox; after the trial it becomes read-only unless upgraded. The API platform offers free developer access — create an evaluation organization in Portal, generate an API key, and start integrating. Developer access runs on production-grade infrastructure with fair-use rate limits and no SLA, and is not intended for regulated production workloads. Production API licenses are annual, feature-gated, and start at $15,000/year.

Question 9

Can pricing, rate limits, or SLA terms change?

Accepted Answer

Yes. Pricing, tier features, rate-limit numbers, abuse-protection caps, and SLA terms may evolve. Existing customers are honored under their current contract until renewal; changes apply at renewal with prior notice (typically 90 days for paid tiers). Free developer access limits may change as part of operational capacity management. Material changes are reflected on this page and in the Terms of Service.

Question 10

What happens to my data if I cancel?

Accepted Answer

Mail subscribers retain access to encrypted messages through the data retention period and can export keys and messages before cancellation. API customers retain access to their audit chain, signed records, and encrypted data through their contract end date with a 30-day post-cancellation export window. Encryption keys remain under customer control throughout.

Question 11

Is ASTIS compliant with GDPR, HIPAA, NIS2?

Accepted Answer

ASTIS is designed for compliance-heavy workflows with audit logs, data-retention controls, customer-controlled encryption keys, and EU-hosted infrastructure. For HIPAA, ASTIS supports aligned controls and signs a BAA on Enterprise plans where applicable. SOC 2 and ISO 27001 programs are in progress. Mail Enterprise and API Business+ include compliance documentation, vendor-risk support, and audit-evidence export.

Blog

Base64 Is Not Encryption. Vault Is Not Custody. What Kubernetes Secrets Actually Need.

Your AI Agent Is a New Access Path Into Sensitive Data. AZK Is the Boundary.

API Trust Layer for Sensitive Data: Controlling Plaintext Across Product Flows

How ASTIS Mail + Calendar Protects Content Without Migrating from Gmail or Microsoft 365

Infrastructure Access Should Not Mean Data Access