Security Policy
Last updated: April 2025
At Aude, the security of your data is our highest priority. We incorporate industry-leading security practices across our platform, infrastructure, and operations. This document details our security measures, data handling processes, and compliance commitments.
🔐 Overview
Security, reliability, privacy, and compliance underpin everything we do at Aude. Our approach combines best practices informed by industry standards and deep expertise from leading global software companies.
📑 Organizational Security Controls
Employee Access and Training
Access to customer data is strictly limited to authorized personnel and is on a need-to-know basis.
All employees complete regular security awareness training, emphasizing confidentiality and responsible data handling.
Criminal background checks are conducted for employees with access to customer data.
Confidentiality
Employees are required to sign confidentiality agreements to ensure proprietary and customer information remains protected.
☁️ Cloud Infrastructure
Hosting Provider
Aude services are hosted using industry-standard cloud infrastructure providers (e.g., AWS, GCP).
Data centers are regularly audited and meet compliance standards including SOC 2 Type II, ISO 27001, and GDPR readiness.
Infrastructure providers offer physical and logical security measures, redundancy, and robust disaster recovery capabilities.
Data Residency
Aude currently stores customer data in Australia (AWS ap-southeast-2) with regular backups for disaster recovery purposes.
Encryption
All data is encrypted using AES-256 encryption at rest.
Data in transit is secured with TLS 1.2 or higher.
🛠️ Technical Security Measures
Secure Software Development
Secure coding practices and regular static code analysis are implemented throughout our software development lifecycle.
Dependencies are continuously monitored for known vulnerabilities.
Network and Application Security
Infrastructure is isolated behind multiple layers of firewalls.
Application servers and databases are logically separated to further mitigate risk.
User access to the platform requires authenticated sessions using HTTPS.
Authentication and Access Control
Aude supports Single Sign-On (SSO) via OAuth protocols.
Multi-factor Authentication (MFA) is enforced for all administrative access.
Passwords and sensitive credentials are never stored in plaintext.
📂 Data Collection and Handling
Data We Collect
Aude collects and processes only the data necessary to provide our services, including:
Source code and repository metadata
Issue tracking data (e.g., Jira ticket context)
Basic user account information for authentication (name, email)
Data We Do Not Collect
Sensitive personal data or credentials beyond what is explicitly required for authorized integrations.
🔍 Logging, Monitoring, and Audit
System Monitoring
Real-time monitoring and logging to detect unauthorized activities or anomalies.
Security incidents trigger alerts and immediate response procedures.
Audit Logging (Planned)
Detailed audit logs are maintained, tracking access and system activities.
Security Incident and Event Management (SIEM)
Integration capabilities with common SIEM platforms for enterprise customers.
🚨 Incident Management
Incident Management
We have a clearly defined incident response plan to rapidly detect, investigate, mitigate, and communicate security incidents.
Customers are notified within 24 hours of confirmed security incidents impacting their data.
Responsible Disclosure
📜 Compliance and Certifications
SOC 2 Type I Certification: In progress, expected completion end-2025.
GDPR Compliance: Aude does not store personal data of users, and is not subject to GDPR.
ISO 27001 Certification: Planned for early 2026.
🔄 Subprocessors and Third-party Management
Aude maintains an updated list of subprocessors (such as cloud hosting providers, logging platforms).
All subprocessors undergo thorough security assessments before onboarding.
⚖️ AI Processing and Data Governance
No data retention or model training: Customer data is strictly used for service delivery and never utilized to train AI models.
Requests to AI providers are transmitted individually over encrypted channels (TLS).
Data isolation ensures customer-specific information remains confined to customer-specific instances.
❌ Exclusions and Limitations
This policy does not cover:
Data or interactions with third-party services that are not explicitly integrated within Aude.
Data stored outside of Aude’s platform or control (e.g., customer VPNs or third-party networks not managed by Aude).
📮 Contact and Reporting Security Issues
For security inquiries, reporting vulnerabilities, or additional documentation, please contact:
Aude is committed to transparency, security excellence, and protecting your valuable data assets. Thank you for placing your trust in us.
🔗 Policy Updates
We regularly review and update this policy. Changes will be communicated via the Aude support website.
Last updated