AuraOne

Security Policy

Effective Date: October 9, 2025

AuraOne maintains a multi-layered enterprise security program designed to protect customer data, ensure the confidentiality, integrity, and availability of our Services, and support the deployment of safety-critical AI systems. Our security program combines governance, technical controls, continuous monitoring, and audited best practices.

Security Architecture

Encryption Standards

  • Data in transit: TLS 1.2+ with HSTS
  • Data at rest: AES-256 encryption
  • Key Management: FIPS 140-2 HSMs

Access Control (IAM)

  • Mandatory MFA for all access
  • SSO (SAML 2.0 & OIDC) Integration
  • Principle of Least Privilege (RBAC)

Infrastructure Security

  • Zero-Trust Network Architecture
  • DDoS Protection & WAF
  • Automated Vulnerability Scanning

Monitoring & Response

  • Security monitoring and alerting
  • Incident triage and escalation
  • Response procedures and post-incident review

Application Security

Security is integrated throughout our software development lifecycle (SDLC). We utilize Static (SAST) and Dynamic (DAST) analysis, dependency scanning, and rigorous code reviews.

SDLC Integration

Security requirements defined at design phase

Vulnerability Management

Intake, triage, remediation, and verification

Compliance & Review Materials

Security overview
Data handling
Access controls
Audit evidence

We can share security documentation and deployment review materials as part of a procurement or security review process. Claims about specific certifications should be validated in your vendor due diligence.

Responsible Disclosure

We value the security research community. If you discover a vulnerability, please report it responsibly.

Report Vulnerability

Security Contact

For security inquiries or to request review materials.

security@auraone.ai

548 Market Street, San Francisco, CA 94104

Employee Security

  • Mandatory background checks for all staff
  • Annual security awareness training
  • Clean desk & secure device policies

Third-Party Security

  • Rigorous vendor risk assessments
  • Data Processing Agreements (DPAs)
  • Continuous vendor monitoring