Data Handling and Integration Security Addendum
1. Purpose
This Data Handling and Integration Security Addendum describes how Astrix AI collects, processes, stores, protects, shares, retains, and deletes data across its dashboard, chat services, WhatsApp workflows, APIs, webhooks, connected integrations, AWS infrastructure, and AI-assisted workflows.
This Addendum is intended to support customer due diligence, partner reviews, Amazon SP-API restricted-role review, Google OAuth/API review, enterprise security questionnaires, and internal privacy/security governance. It supplements the Astrix AI Privacy Policy and Terms and Conditions.
2. Product scope
Astrix AI is a multi-tenant agency and client operations platform. It provides:
· Dashboard access for agency, admin, and client users.
· Client-scoped data queries and reporting.
· WhatsApp and web chat business assistant workflows.
· AI-assisted intent classification, summaries, and replies.
· Integration connection, token storage, and provider API access.
· Advertising, social, e-commerce, logistics, payment, file, website, project-management, and outreach reporting.
· Workflow actions such as creating payment links, generating shipping labels, retrieving files, and preparing operational summaries.
Astrix AI is designed for India-based customers and business operations for now. The platform is not intended to operate as a general-purpose public chatbot.
3. Integration inventory
Status
Integrations
Live
Amazon Seller Central/SP-API, Delhivery, Stripe, Meta Ads, Google Ads, Amazon Ads, Instagram, Facebook, YouTube, X, Threads, Apollo, Instantly, Canva, SharePoint, Google Sheets, Google Docs, Jira, Wix, Google Analytics
Planned
Flipkart, Meesho, Shiprocket, LinkedIn Ads, LinkedIn, Razorpay
Change policy
Integrations may be added, removed, suspended, limited, or modified with or without prior notice because of provider API changes, policy changes, review decisions, rate limits, access removal, security risks, compliance requirements, commercial feasibility, provider demands, or technical limitations
4. High-level AWS architecture
Astrix uses AWS-hosted infrastructure for core services.
Layer
Current design
Frontend
Next.js dashboard hosted through S3 and CloudFront with HTTPS
Authentication
Amazon Cognito user pool, ID tokens, bearer authentication, role mapping
API layer
Amazon API Gateway HTTP APIs with JWT authorizers for protected routes and explicit public routes for status, portal, SSO exchange, and provider webhooks
Compute
AWS Lambda services for dashboard APIs, WhatsApp inbound/chat workflows, OAuth helpers, webhook processing, and order import
Database
DynamoDB tables for agencies, users, clients, bot configuration, conversations, OAuth states, integration cache, SSO tokens, and orders
Secrets
AWS Secrets Manager for OAuth tokens, API keys, webhook secrets, payment secrets, WhatsApp credentials, Amazon credentials, and integration credentials
Storage
S3 buckets for dashboard assets, exports, logs, media, knowledge documents, temporary attachments, generated reports, and related files
AI services
AWS Bedrock/Nova for intent classification, AI-assisted replies, report classification, summaries, and session titles
Logging and monitoring
CloudWatch logs, operational logs, audit events, webhook deduplication records, and planned/implemented external telemetry such as Google Analytics and Sentry
5. Core data stores
Store
Data categories
Cognito
User identity, authentication records, account recovery, login/auth metadata
astrix-agencies
Agency profile, billing metadata, subscription status, owner/admin information
astrix-agency-users
User roles, agency/client association, invite and access metadata
astrix-clients
Client profile, integration status, access scope, configuration
astrix-bot-config
Client bot settings, WhatsApp routing, workflow configuration
astrix-conversations
WhatsApp/web chat records, report/cache records, summaries, workflow state
astrix-integration-cache
Short-lived integration data and report cache where configured
astrix-oauth-states
Short-lived OAuth state and CSRF/flow records
astrix-orders
Core order facts, marketplace references, shipment metadata, operational tags, and temporarily available buyer PII before redaction
S3 buckets
Static dashboard assets, exports, media, generated files, logs, temporary attachments, shipping labels, reports, and knowledge documents
Secrets Manager
OAuth tokens, refresh tokens, API keys, provider secrets, webhook signing secrets, WhatsApp credentials, payment provider credentials, Amazon credentials
6. Data classification
Astrix classifies processed data into the following categories.
Classification
Examples
Default handling
Account data
Name, email, phone, role, Cognito ID, agency/client association
Role-based access, authenticated routes, auditability
Client business data
Client names, brands, SKUs, ad metrics, website analytics, reports, files
Tenant/client isolation and authorized integration access
End-customer data
WhatsApp phone, message body, order support query, recipient details
Minimize, redact in logs where possible, retain only as needed
Marketplace buyer PII
Buyer name, phone, shipping address, destination fields, buyer-search index
Mask by default, explicit reveal only, audit reveal, redact after 30 days
Logistics data
AWB, tracking number, courier, shipping label, delivery status, pickup/return data
Use for fulfillment/support; temporary files lifecycle-limited
Payment metadata
Payment link ID, amount, currency, status, subscription metadata
No raw card/CVV storage; provider-hosted processing
Files and content
Canva exports, Google Docs/Sheets content, SharePoint files, Jira data, Wix content
Customer-authorized access, private storage where configured
Credentials and secrets
OAuth tokens, API keys, webhook secrets, access tokens, refresh tokens
Secrets Manager; server-side access only; rotation procedures
Security and telemetry
Logs, error events, route metadata, user agent, analytics events
PII minimization, retention controls, access restrictions
AI data
Prompts, message snippets, context, classification output, generated replies
Data minimization; no generalized model training
7. Data flow: dashboard login
1. A user signs in through Amazon Cognito.
2. The browser receives Cognito tokens.
3. The browser sends an ID token to API Gateway as a bearer token.
4. API Gateway validates the token on protected routes.
5. Lambda maps Cognito claims to Astrix role, agency, client, and access scope.
6. Lambda reads or writes DynamoDB, S3, Secrets Manager, and provider APIs only as required for the authorized request.
8. Data flow: integration connection
1. An authorized user starts OAuth or manual setup from the dashboard.
2. OAuth helper Lambdas handle provider authorization, callback, token exchange, status, disconnect, or token refresh.
3. Tokens and API keys are stored in Secrets Manager under shared or client-specific paths.
4. The customer integration list is updated in DynamoDB.
5. Dashboard requests, scheduled jobs, and chat workflows use server-side services to call provider APIs.
6. Provider data is returned to the dashboard/chat or cached only as necessary for the workflow.
9. Data flow: WhatsApp and web chat assistant
1. Meta/WhatsApp sends an inbound webhook to Astrix.
2. Astrix validates and deduplicates message events using provider metadata and webhook controls.
3. Lambda resolves the sender or configured WhatsApp number to the correct client.
4. Lambda loads bot configuration, client access scope, and permitted integrations.
5. Local logic and/or AWS Bedrock classifies the message.
6. Lambda fetches permitted provider data only if needed for the request.
7. Astrix generates and sanitizes a response.
8. The response is sent through WhatsApp or returned through the web chat.
9. A conversation record is stored in DynamoDB with a 30-day TTL where configured.
10. Data flow: reporting
1. A user requests a report through the dashboard or chat.
2. Astrix classifies the query and checks enabled modules and permissions.
3. Astrix calls provider APIs or reads cached rollups.
4. Report/cache records are stored in astrix-conversations for short durations.
5. Results are returned to the dashboard or chat.
6. Generated report/cache records expire after 1 day unless a shorter cache period is configured. Temporary report summary caches expire after 2 hours.
11. Data flow: billing and payments
1. An agency or customer starts checkout, billing portal, or a payment-link workflow.
2. Astrix uses Stripe credentials stored in Secrets Manager for live Stripe workflows and may use Razorpay credentials if Razorpay is enabled later.
3. Hosted provider flows handle payment entry where possible.
4. Stripe webhooks are signature verified before processing.
5. Subscription or payment status metadata is saved to Astrix data stores.
6. Astrix does not intentionally store full payment card numbers, CVV codes, full bank credentials, or payment authentication secrets.
12. Data flow: logistics and generated files
1. A user requests a shipment, label, return, or tracking workflow.
2. Astrix checks the user's client scope and integration permissions.
3. Astrix calls the relevant logistics provider, currently Delhivery and planned Shiprocket.
4. Recipient contact and address data is used only for fulfillment, tracking, returns, pickup coordination, and support.
5. Generated labels, PDFs, or attachments are stored only where necessary, preferably in private storage.
6. Temporary chat attachments, shipping labels, and similar generated files are retained for 14 days where stored under the configured temporary attachment location.
13. Amazon SP-API and Amazon Ads controls
Astrix uses Amazon Information only for authorized seller-benefiting workflows such as catalog synchronization, inventory visibility, pricing workflows, order visibility, shipment support, buyer messaging through Amazon-approved channels, seller account insights, Amazon Ads reporting, and seller-authorized analytics.
13. Amazon SP-API and Amazon Ads controls
Astrix uses Amazon Information only for authorized seller-benefiting workflows such as catalog synchronization, inventory visibility, pricing workflows, order visibility, shipment support, buyer messaging through Amazon-approved channels, seller account insights, Amazon Ads reporting, and seller-authorized analytics.
13.1 Amazon data collected
Depending on roles, permissions, and seller authorization, Astrix may process:
· Seller account identifiers and marketplace metadata.
· Catalog, listing, SKU, and A+ content data.
· Inventory and order status data.
· Pricing and fee-related data.
· Order IDs, order status, timestamps, totals, item summaries, and fulfillment metadata.
· Buyer PII only where required and approved, such as buyer name, phone number, address, destination fields, and shipping/tax-related information.
· Amazon Ads campaign, spend, performance, and reporting data.
13.2 Amazon buyer PII restrictions
Astrix applies the following Amazon-specific restrictions:
· Buyer PII is collected only when required for approved features.
· Buyer PII is hidden from normal APIs and UI by default.
· Reveal of buyer PII requires an explicit authorized user action.
· Reveal events are logged for 365 days.
· Buyer name, phone number, address/destination fields, and buyer-search index fields are redacted after 30 days.
· Non-sensitive order facts remain available for operational reporting.
· Amazon buyer data is not used for WhatsApp, SMS, RCS, iMessage, email, phone, or other non-Amazon communications.
· Buyer communication and solicitation workflows must use Amazon-approved Messaging API or Solicitation API channels where required.
· Amazon Information is not used for off-Amazon marketing, retargeting, profiling, enrichment, data brokerage, or unauthorized aggregation across sellers.
· Amazon Information is not shared with outside parties except service providers strictly necessary for authorized processing and subject to required safeguards, or where required by law or Amazon-approved processes.
13.3 Amazon credentials
Amazon LWA, SP-API, and related credentials are stored in AWS Secrets Manager. Credentials are used server-side only. Astrix avoids hard-coding credentials into applications and avoids exposing provider tokens to browsers.
13.4 Amazon incident response
For security incidents involving Amazon Information, Astrix's incident response process includes detection, triage, severity assessment, containment, credential rotation, evidence preservation, customer impact assessment, remediation, post-incident review, and notification to Amazon through the Amazon-designated security notification channel within 24 hours of detection where required.
14. Google API controls
Astrix uses Google API data for user-authorized, user-facing features such as Google Ads reporting, Google Analytics reporting, Google Drive/Docs/Sheets file search and read, and YouTube analytics/reporting.
Controls include:
· Minimum necessary OAuth scopes where practical.
· Contextual authorization where practical.
· Server-side credential storage in Secrets Manager.
· Customer-controlled connect and disconnect workflows.
· Use of Google API data only to provide or improve authorized user-facing features.
· No sale of Google user data.
· No use of Google user data for unrelated advertising, surveillance, generalized AI model training, or data brokerage.
· Human access only where authorized, requested for support, required for security, or required by law.
· Deletion/export support subject to technical and legal limits.
Astrix's use and transfer of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
15. Meta, WhatsApp, Instagram, Facebook, and Threads controls
Astrix processes Meta and WhatsApp-related data for messaging, social reporting, ads reporting, engagement analytics, content links, customer support, and business workflow automation.
Controls include:
· WhatsApp workflows are business-specific and client-scoped.
· Astrix is not used as a general-purpose WhatsApp AI assistant.
· Businesses are responsible for opt-in, approved templates, notices, and message legality.
· WhatsApp Business Solution Data is not used to create, develop, train, or improve generalized AI models.
· WhatsApp phone numbers, WA IDs, and message bodies are redacted or minimized in operational logs where configured.
· WhatsApp send/media credentials are stored in Secrets Manager.
· Users must be able to opt out or escalate where appropriate.
· Provider webhook validation and deduplication controls should be maintained for all message events.
16. Payment provider controls
Astrix currently uses Stripe for billing and payment-related workflows and may enable Razorpay later.
Controls include:
· Hosted checkout/portal flows where possible.
· Stripe webhook signature verification.
· Payment credentials stored in Secrets Manager.
· Limited storage of payment metadata.
· No intentional storage of raw card numbers, CVV codes, full bank credentials, OTPs, or payment authentication secrets.
· Customer responsibility for payment link correctness, refunds, chargebacks, taxes, and provider compliance.
17. Logistics provider controls
Astrix currently supports Delhivery and plans Shiprocket.
Controls include:
· Recipient contact and address data used only for fulfillment, shipment tracking, returns, pickup coordination, and support.
· Generated labels and similar files stored only as needed.
· Temporary chat attachments and shipping-label-type files retained for 14 days where configured.
· Customer responsibility for address accuracy, product restrictions, carrier eligibility, returns, and marketplace requirements.
18. Outreach provider controls
Astrix supports Apollo and Instantly for B2B outreach-related analytics and workflow visibility.
Controls include:
· B2B outreach only.
· No consumer spam.
· Customer responsibility for lawful basis, anti-spam compliance, suppression lists, unsubscribe handling, and opt-out compliance.
· Prospect/enrichment data should not be treated as guaranteed accurate.
· Outreach features may be suspended for abuse, unlawful use, or provider policy concerns.
19. File, asset, website, and project-management controls
Astrix may process files and metadata from Canva, SharePoint, Google Docs, Google Sheets, Jira, Wix, and similar systems.
Controls include:
· Customer-authorized access only.
· Client-scoped retrieval and display.
· No access to global drives, sites, projects, documents, or designs without authority.
· Private storage for sensitive exports where configured.
· Temporary generated files lifecycle-limited where stored under configured temporary locations.
· Customer responsibility for connected account permissions and file-sharing settings.
20. AI and automated decisioning controls
Astrix uses AI-assisted systems for intent classification, natural language replies, report query classification, fallback responses, summaries, and session titles.
Controls include:
· AI prompts are minimized to the information needed for the task.
· Restricted PII, payment secrets, credentials, and unnecessary sensitive information should be excluded from prompts.
· Astrix does not use customer data, Amazon Information, Google user data, Microsoft API data, or WhatsApp Business Solution Data to train or improve generalized AI models.
· Human approval is required for refunds, returns, price changes, listing edits, A+ content edits, ad budget changes, and customer-facing messages outside pre-approved templates.
· Payment links and shipping labels may be automated only under customer-configured limits and safeguards.
· AI outputs must be reviewed before business-critical use.
21. Security controls
Astrix maintains or commits to maintaining the following safeguards before partner submission or production release of regulated workflows:
Control area
Control
Authentication
Amazon Cognito authentication with bearer tokens and role mapping
Authorization
Role-based, tenant-based, client-based, and integration-based access checks
Secrets
AWS Secrets Manager for integration credentials and webhook secrets
Encryption in transit
HTTPS/TLS for dashboard, APIs, provider calls, and webhook endpoints
Encryption at rest
Managed AWS encryption at rest where supported for DynamoDB, S3, Secrets Manager, logs, and backups
Credential exposure prevention
Server-side provider calls, no browser exposure of provider secrets, no hard-coded production credentials
Logging
PII-minimized operational logging, audit logs, PII reveal logging, security event logging
Webhooks
Provider-specific signature/JWT/HMAC validation and idempotency controls where supported
Data minimization
Only request and store data needed for authorized workflows
Tenant isolation
Client-scope enforcement and role-aware APIs
Backup and recovery
DynamoDB PITR on core tables up to 35 days where enabled
Change management
Dedicated staging environment, build/test checks, production deployment controls
Vulnerability management
Dependency scanning, code review, vulnerability remediation, and security review procedures
Incident response
Triage, containment, credential rotation, evidence preservation, customer and provider notification where required
22. Retention schedule
Data category
Retention commitment or target
Core account, organization, and access records
Account life plus required legal, accounting, audit, security, or dispute period
Integration credentials and OAuth tokens
Until disconnected, revoked, expired, rotated, or no longer needed
Core non-sensitive order facts
Retained long term unless customer deletes the record or account
Marketplace buyer PII
Masked by default and field-level redacted after 30 days
WhatsApp/chat conversation records
30 days via DynamoDB TTL where configured
Generated report/cache records
1 day unless a shorter cache TTL is set
Temporary report summary caches
2 hours
Webhook idempotency markers
5 minutes
Temporary chat attachments, shipping labels, and generated files
14 days where stored under the configured temporary attachment location
CloudWatch operational Lambda logs
180 days
PII reveal audit events
365 days
DynamoDB point-in-time recovery
AWS-managed PITR window, up to 35 days
Analytics, monitoring, and diagnostic events
According to provider settings and Astrix configuration
23. Audit logs and monitoring
Astrix maintains operational logs and audit records to support security monitoring, troubleshooting, abuse prevention, and incident investigation.
PII reveal events are retained for 365 days. CloudWatch operational Lambda logs are retained for 180 days. Logs should avoid unnecessary PII and credential exposure. WhatsApp logs are configured to hash phone numbers and minimize message content in patched paths. Sentry or similar tools may be used for error monitoring and should be configured with data scrubbing and sensitive-field suppression where supported.
24. Data deletion and export
Astrix supports deletion and export requests subject to authentication, authorization, technical feasibility, legal obligations, provider restrictions, backup windows, security holds, and contractual requirements.
Deletion requests are processed from active systems where feasible. Encrypted backup copies expire according to backup and lifecycle policies. Records subject to legal, tax, accounting, fraud-prevention, security, or dispute holds may be retained until the hold is resolved.
25. Incident response
The incident response process includes:
1. Detect and validate the event.
2. Classify severity and impacted data categories.
3. Contain unauthorized access or data exposure.
4. Rotate affected credentials and revoke tokens where needed.
5. Preserve logs and evidence.
6. Assess affected customers, integrations, providers, and data subjects.
7. Notify customers, providers, regulators, or other parties where required.
8. Remediate the root cause.
9. Document the incident and corrective actions.
10. Conduct post-incident review and update controls.
For Amazon Information incidents, Astrix will follow Amazon's required notification process and notify the Amazon-designated security contact within 24 hours of detection where required.
26. Subprocessors and third-party providers
Astrix may use the following categories of subprocessors or third-party providers:
Category
Providers or examples
Cloud infrastructure, auth, compute, storage, logs, secrets, AI
AWS, including Cognito, Lambda, API Gateway, DynamoDB, S3, Secrets Manager, CloudWatch, Bedrock
Payments and billing
Stripe; Razorpay if enabled
Messaging and social
Meta, WhatsApp, Instagram, Facebook, Threads
Advertising and analytics
Meta Ads, Google Ads, Amazon Ads, Google Analytics, planned LinkedIn Ads
Error monitoring and product analytics
Sentry, Google Analytics, Microsoft Clarity if enabled
Marketplaces
Amazon Seller Central/SP-API; planned Flipkart and Meesho
Logistics
Delhivery; planned Shiprocket
Files, productivity, and assets
Google Drive, Google Docs, Google Sheets, Microsoft SharePoint, Canva
Project and website systems
Jira, Wix
Social platforms
YouTube, X, planned LinkedIn
Outreach and CRM
Apollo, Instantly
Subprocessors may change over time as integrations are added, removed, modified, suspended, or replaced.
27. Customer responsibilities
Customers are responsible for:
· Authority to connect every third-party account.
· Lawful basis, notices, and consents for all data processed through Astrix.
· WhatsApp opt-in, approved templates, and communication compliance.
· B2B outreach legality, unsubscribe handling, and anti-spam compliance.
· Accuracy of orders, recipient details, payment links, shipment data, and workflow inputs.
· Human review of AI outputs.
· Admin/user access governance.
· Connected account permissions and revocation.
· Compliance with third-party platform terms and pass-through obligations.
28. Operational control commitments for restricted integrations
For restricted, sensitive, or partner-reviewed integrations, Astrix maintains the following controls in the relevant production environment before enabling regulated data access:
· WhatsApp credentials stored in Secrets Manager.
· Legacy WhatsApp credential environment variables removed.
· Buyer PII masked by default in order APIs and UI.
· Buyer PII redaction scheduler deployed.
· Historical buyer PII redaction backfill completed where required.
· API Gateway access logging enabled with PII-safe structured fields.
· Admin and agency MFA requirements configured.
· Cognito deletion protection enabled.
· S3 public access block, encryption, versioning, and lifecycle verified.
· Webhook provider signature validation verified.
· Production and staging CORS separated.
· Production $default route hardened or replaced with explicit public routes only.
· CloudWatch PII log scan completed after deployment.
· Secrets rotation and data deletion/export runbooks documented.
Restricted workflows must not be represented as production-ready for a regulated integration until the applicable controls are live in that environment.
29. Review cycle
This Addendum should be reviewed and updated after material architecture changes, new integrations, new restricted data access, security incidents, provider policy changes, or at least annually.