Enterprise-Grade Security & Compliance

Security and compliance are core to how we build and operate AURA AI and our services.

Certifications & compliance

  • SOC 2 Type II (in progress)
  • GDPR compliant
  • ISO 27001 (in progress)
  • PCI-DSS support (for payment testing)
  • Audit-ready documentation

Data protection

  • Encryption at rest

    AES-256 for stored data.

  • Encryption in transit

    TLS 1.3 for all connections.

  • Data residency

    Region options available for regulated industries.

  • Backup & disaster recovery

    Regular backups and documented recovery procedures.

Infrastructure security

We use leading cloud providers (AWS/Azure/GCP) with network isolation, DDoS protection, intrusion detection, and regular penetration testing.

Access controls

  • • SSO support (SAML, OAuth)
  • • Multi-factor authentication (MFA)
  • • Role-based access control (RBAC)
  • • Audit logs for access and changes

Privacy & responsible disclosure

We have a Privacy Policy, Data Processing Agreement (DPA), and support GDPR rights (access, deletion, portability). For security vulnerabilities, please report responsibly; we follow coordinated disclosure.

Frequently asked questions

  • Where is data stored?

    Data is stored in secure cloud infrastructure (AWS/Azure/GCP) with region options. We support data residency requirements.

  • Who has access to my data?

    Only authorized personnel with a need-to-know basis. Access is logged and audited. We do not sell or share your data.

  • How long do you retain data?

    Retention is configurable per agreement. Default retention and purge policies are documented in our DPA.

  • Are you GDPR compliant?

    Yes. We process personal data in accordance with GDPR. We offer a Data Processing Agreement and support data subject rights.