Security Policy
AuraOne maintains a comprehensive enterprise security program designed to protect customer data, ensure the confidentiality, integrity, and availability of our Services, and support the deployment of safety-critical AI systems. Our security program combines governance, technical controls, continuous monitoring, and industry-leading practices.
Security Architecture
Encryption Standards
- Data in transit: TLS 1.2+ with HSTS
- Data at rest: AES-256 encryption
- Key Management: FIPS 140-2 HSMs
Access Control (IAM)
- Mandatory MFA for all access
- SSO (SAML 2.0 & OIDC) Integration
- Principle of Least Privilege (RBAC)
Infrastructure Security
- Zero-Trust Network Architecture
- DDoS Protection & WAF
- Automated Vulnerability Scanning
Monitoring & Response
- 24/7 SOC Monitoring
- Real-time Threat Detection
- Automated Incident Response
Application Security
Security is integrated throughout our software development lifecycle (SDLC). We utilize Static (SAST) and Dynamic (DAST) analysis, dependency scanning, and rigorous code reviews.
SDLC Integration
Security requirements defined at design phase
Penetration Testing
Annual independent 3rd-party audits
Compliance & Certifications
Responsible Disclosure
We value the security research community. If you discover a vulnerability, please report it responsibly.
Report VulnerabilitySecurity Contact
For security inquiries or to request our SOC 2 report (NDA required).
548 Market Street, San Francisco, CA 94104
Employee Security
- Mandatory background checks for all staff
- Annual security awareness training
- Clean desk & secure device policies
Third-Party Security
- Rigorous vendor risk assessments
- Data Processing Agreements (DPAs)
- Continuous vendor monitoring