Security Policy

Last updated: April 2025

At Aude, the security of your data is our highest priority. We incorporate industry-leading security practices across our platform, infrastructure, and operations. This document details our security measures, data handling processes, and compliance commitments.

๐Ÿ” Overview

Security, reliability, privacy, and compliance underpin everything we do at Aude. Our approach combines best practices informed by industry standards and deep expertise from leading global software companies.

๐Ÿ“‘ Organizational Security Controls

Employee Access and Training

  • Access to customer data is strictly limited to authorized personnel and is on a need-to-know basis.

  • All employees complete regular security awareness training, emphasizing confidentiality and responsible data handling.

  • Criminal background checks are conducted for employees with access to customer data.

Confidentiality

  • Employees are required to sign confidentiality agreements to ensure proprietary and customer information remains protected.

โ˜๏ธ Cloud Infrastructure

Hosting Provider

  • Aude services are hosted using industry-standard cloud infrastructure providers (e.g., AWS, GCP).

  • Data centers are regularly audited and meet compliance standards including SOC 2 Type II, ISO 27001, and GDPR readiness.

  • Infrastructure providers offer physical and logical security measures, redundancy, and robust disaster recovery capabilities.

Data Residency

  • Aude currently stores customer data in Australia (AWS ap-southeast-2) with regular backups for disaster recovery purposes.

Encryption

  • All data is encrypted using AES-256 encryption at rest.

  • Data in transit is secured with TLS 1.2 or higher.

๐Ÿ› ๏ธ Technical Security Measures

Secure Software Development

  • Secure coding practices and regular static code analysis are implemented throughout our software development lifecycle.

  • Dependencies are continuously monitored for known vulnerabilities.

Network and Application Security

  • Infrastructure is isolated behind multiple layers of firewalls.

  • Application servers and databases are logically separated to further mitigate risk.

  • User access to the platform requires authenticated sessions using HTTPS.

Authentication and Access Control

  • Aude supports Single Sign-On (SSO) via OAuth protocols.

  • Multi-factor Authentication (MFA) is enforced for all administrative access.

  • Passwords and sensitive credentials are never stored in plaintext.

๐Ÿ“‚ Data Collection and Handling

Data We Collect

  • Aude collects and processes only the data necessary to provide our services, including:

    • Source code and repository metadata

    • Issue tracking data (e.g., Jira ticket context)

    • Basic user account information for authentication (name, email)

Data We Do Not Collect

  • Sensitive personal data or credentials beyond what is explicitly required for authorized integrations.

๐Ÿ” Logging, Monitoring, and Audit

System Monitoring

  • Real-time monitoring and logging to detect unauthorized activities or anomalies.

  • Security incidents trigger alerts and immediate response procedures.

Audit Logging (Planned)

  • Detailed audit logs are maintained, tracking access and system activities.

Security Incident and Event Management (SIEM)

  • Integration capabilities with common SIEM platforms for enterprise customers.

๐Ÿšจ Incident Management

Incident Management

  • We have a clearly defined incident response plan to rapidly detect, investigate, mitigate, and communicate security incidents.

  • Customers are notified within 24 hours of confirmed security incidents impacting their data.

Responsible Disclosure

  • Aude welcomes security reports and vulnerabilities via our responsible disclosure program. Report issues securely at: Daniel@aude.app

๐Ÿ“œ Compliance and Certifications

  • SOC 2 Type I Certification: In progress, expected completion end-2025.

  • GDPR Compliance: Aude does not store personal data of users, and is not subject to GDPR.

  • ISO 27001 Certification: Planned for early 2026.

๐Ÿ”„ Subprocessors and Third-party Management

  • Aude maintains an updated list of subprocessors (such as cloud hosting providers, logging platforms).

  • All subprocessors undergo thorough security assessments before onboarding.

  • List available on request: Daniel@aude.app

โš–๏ธ AI Processing and Data Governance

  • No data retention or model training: Customer data is strictly used for service delivery and never utilized to train AI models.

  • Requests to AI providers are transmitted individually over encrypted channels (TLS).

  • Data isolation ensures customer-specific information remains confined to customer-specific instances.

โŒ Exclusions and Limitations

This policy does not cover:

  • Data or interactions with third-party services that are not explicitly integrated within Aude.

  • Data stored outside of Audeโ€™s platform or control (e.g., customer VPNs or third-party networks not managed by Aude).

๐Ÿ“ฎ Contact and Reporting Security Issues

For security inquiries, reporting vulnerabilities, or additional documentation, please contact:

Aude is committed to transparency, security excellence, and protecting your valuable data assets. Thank you for placing your trust in us.

๐Ÿ”— Policy Updates

We regularly review and update this policy. Changes will be communicated via the Aude support website.

PreviousEnd-User License Agreement (EULA)

Last updated