Trust & Safety
Aura Hub is built on a local-first philosophy. Your code and design documents are your IP — we take their protection seriously.
Prompts and code context sent to our AI providers are used solely to generate your response. Our enterprise API agreements strictly prohibit providers from using your workspace data for model training. Your IP stays yours.
All communication between Aura Hub, our backend API, and our secure LLM providers is encrypted with TLS 1.3. No data travels over unencrypted connections.
License keys are validated server-side using secure comparison. Keys are stored as hashed values in our database — even a database breach would not expose usable keys.
We do not sell, rent, or share your usage data, code context, or personal information with advertisers or data brokers. Ever.
Aura Hub is a native desktop app that runs on your machine. It only contacts our API when you actively submit a prompt. No background telemetry, no passive code scanning.
All remote tables utilize strict Row Level Security (RLS). Users can only read their own subscription, license keys, and team data — preventing unauthorized access at the database level, not just the API layer.
A transparent breakdown of every data type Aura touches, where it goes, and who can access it.
| Data Type | Where It Goes | Who Can See It |
|---|---|---|
| AI Prompts & Code Context | Aura API → Enterprise LLM Providers (per request only) | Providers for response generation only; not retained |
| GDD Files | Stored locally on your machine; sent as context only when you ask a question | You only; AI provider during active requests |
| License Keys | Hashed in secure cloud database | You (via authenticated API call); Aura backend for validation |
| Subscription Data | Remote database (RLS-protected) | You only; Aura backend for credit deduction |
| Email Address | Auth provider; Resend for transactional email | Aura for account management; not shared with third parties |
| Payment Information | Stripe (we never see raw card data) | Stripe only |
| Chat History | Local machine only (in-memory during session) | You only; not synced to any server |
Found a security vulnerability? Please report it privately — do not open a public GitHub issue. We review all reports within 48 hours and will work with you to resolve the issue responsibly.
security@aurainc.coWe do not currently offer a bug bounty program, but we will acknowledge your contribution publicly if you'd like.
We are building toward enterprise-grade compliance standards.
Planned. Our architecture is designed to be audit-ready. We will pursue formal certification as the product scales.
Our data model supports GDPR requirements: data minimization, right to erasure, and no unnecessary retention. EU customers can request full data deletion at any time.
Client-side encryption for GDD files before they are included in any prompt context. Planned for a future release.