Aureare
ES Sign in Request demo
¶ Security

The controls are already in place. The badge comes later.

Each cedant lives in its own isolated space, with federated login and an audit log of everything that moves. We start SOC 2 and ISO 27001 when we have clients in production that ask for them.

§ I

What you already have today

  • Encryption in transit (TLS 1.2+) and at rest (AES-256 with AWS KMS).
  • Per-cedant isolation with Row-Level Security in PostgreSQL. Every query runs with the tenant in context; RLS enforces it.
  • Federated login with WorkOS. SSO ready, optional MFA, no homegrown passwords.
  • Immutable audit log per contract: who touched what field, when, with diff.
  • Infra on AWS (us-east-1) with encrypted logs, automatic backups, and point-in-time recovery on RDS.
  • Dependencies audited on every PR. If there is an unreviewed high-severity vulnerability, CI does not let the merge through.
§ II

Certifications, when the time comes

The formal SOC 2 Type II and ISO 27001 process starts when we have the first handful of clients in production. In the meantime, the controls are in place; we share evidence under NDA if you ask for it.

§ III

While you're in a pilot

During a pilot we sharpen access control and auditing with you. At the close we hand you a report with what we reviewed, what we changed, and what's still open for certification.

§ IV

Need more detail?

If your security team wants to see architecture, data model, and tests, we'll send them under NDA. Write us.

Let's talk →
← Back to home