Security at Aura
Enterprise-grade controls so your security review is a checkbox, not a blocker.
Encryption
TLS 1.2+ in transit and field-level (Fernet) encryption at rest for credentials and tool secrets.
Tenant isolation
Every record is scoped to a tenant and enforced at the query layer — one customer can never read another’s data.
Access control
Least-privilege access, JWT-based auth, scoped API keys (bcrypt-hashed) and SSO/SAML for teams.
Auditability
Append-only audit logs of sensitive actions, plus signed (HMAC-SHA256) and logged webhook deliveries.
Compliance
SOC 2 Type II posture, GDPR export/erasure, and HIPAA-ready deployments. DPA available for Enterprise.
Data residency
Region options and customer-owned storage (S3-compatible) for recordings and exports.
Resilience
Smart-routing failover, circuit breakers, retried delivery and 99.9%+ uptime targets.
Monitoring
Prometheus metrics, OpenTelemetry tracing and Sentry with PII scrubbing.
Responsible disclosure
Found a vulnerability? We appreciate coordinated disclosure. Email security@auravoiceagent.com with details and we’ll respond promptly. Please do not access data that isn’t yours or disrupt the service while testing.
Need our security package?
Enterprise customers get a DPA, sub-processor list, SOC 2 report and a security questionnaire walkthrough.
Request security docs