Governance & Compliance
Enterprise AI projects die in legal review. Open Astra ships with the compliance layer built in — GDPR data erasure, tamper-proof audit logs, consent management, data residency controls, and intrusion detection — so you can pass security reviews without bolting on third-party compliance tools or building it yourself.
ℹAll governance features are included in both license tiers. Compliance shouldn't be a premium add-on — it's table stakes for production AI.
Why this matters
- Pass audits on day one — SHA-256 hash-chained audit logs with CSV export and tamper detection, ready for your compliance team
- GDPR in one API call — right to erasure across all 15 data tiers with a single
DELETErequest - Data sovereignty — restrict which cloud regions and inference providers can process your workspace data
- No third-party dependencies — everything is built into the core platform, not a separate service you have to integrate and pay for
Governance capabilities
| Feature | Description | Docs |
|---|---|---|
| GDPR | Right to erasure — purge all user data across 15 data tiers | GDPR |
| Consent | Track and manage user consent with expiration and revocation | Consent |
| Data Policies | Control which regions and providers can process workspace data | Data Policies |
| Audit Log | Tamper-proof hash-chain audit trail with CSV export and SSE streaming | Audit Log |
| Permission Requests | Agent tool permission request and approval workflow | Permission Requests |
Security features
For security-specific features (IP allowlists, intrusion detection, session replay auditing, watermark detection), see the Security page.
Design principles
- Audit everything — every tool execution, memory write, inference request, and security event is logged with SHA-256 hash chain integrity
- Consent-first — data processing respects user consent with expiration and revocation
- Workspace isolation — row-level security ensures data stays within its workspace boundary
- Owner control — destructive operations (GDPR purge, DP budget reset, IP allowlist) require owner role
Getting started
See the Compliance-Ready Deployment use case for a complete walkthrough of setting up audit logging, GDPR erasure, consent management, and network security.