Safety & Security at Aurry

Encryption

TLS in transit; strong encryption (e.g., AES‑256) at rest for databases and object storage.

Isolation

Segregated environments for dev/stage/prod; least‑privilege IAM and network segmentation.

Secrets

Centralized secrets management, short‑lived credentials; no secrets in code.

Monitoring

Centralized logs, anomaly detection, and alerting for critical paths.

Backups & DR

Regular encrypted backups with tested restore and disaster‑recovery drills.

Human‑in‑the‑loop

Aurora offers guidance, not medical advice. UX encourages consultation with clinicians.

Data boundaries

No identifiable health data used for model training without explicit opt‑in.

Safety filters

Policy and safety guardrails to reduce harmful or misleading outputs.

Transparency

AI usage is labeled with clear purpose and limitations.

Minimal collection

Only what’s needed for the features you choose (e.g., connected providers, devices).

Consent controls

Granular permissions and the ability to revoke connections.

Access controls

Role‑based permissions with audit logging.

Portability & deletion

Data exports and deletion on request — see our Privacy Policy.

24/7 monitoring

Critical systems and dependencies are continuously monitored.

Runbooks

Documented incident response with severity classification and on‑call escalation.

Post‑incident reviews

Corrective actions for material incidents are documented and tracked.

HIPAA

Considerations for applicable data flows and Business Associate relationships.

Security controls

Controls mapped toward SOC 2‑style principles (access, logging, change mgmt).

Regional privacy

Requirements (GDPR/EEA, CCPA/CPRA) reflected in our Privacy Policy.