Security Architecture
Auroa is engineered as a zero-PHI, client-side-encrypted workforce platform. We can't lose what we never see.
Zero-PHI by design
Auroa is positioned as a non-medical workforce tool. We do not collect SSNs, diagnoses, medications, or any identified health record. Resident-level wellness fields are never stored or transmitted as plaintext on our infrastructure.
Client-side encryption
Sensitive fields are encrypted in your browser with a passphrase only your facility holds. Auroa cannot read, recover, export, or decrypt them — including in response to subpoena. If the passphrase is lost, encrypted data is unrecoverable.
In transit & at rest
All traffic is TLS 1.2+ end-to-end. Database storage and backups use AES-256 at rest. Secrets are isolated per environment and rotated.
Access control
Role-based access control (RBAC), per-facility data isolation enforced at the database row level, mandatory 2FA for admin roles, and short-lived session tokens.
Append-only audit trail
Every workforce event is written to an immutable, append-only ledger retained for 6 years. Exportable for internal review.
Subprocessors
Hosted on a SOC 2 Type II global edge network, managed Postgres database, PCI-DSS Level 1 payment processing, and SOC 2 transactional messaging providers. Full subprocessor list available to customers on written request.
Responsible disclosure
Found a vulnerability? Email support@auroa.io with details and reproduction steps. We respond within 2 business days.
This page describes design and engineering practices in production. It is not an audit report or certification. Auroa is not a regulatory-compliance product and does not guarantee that customers will pass any external audit or inspection.