Compliance-by-design. Not check-the-box.

Our production runtime is hosted on infrastructure in the European Union by default. EU clients get EU-only processing on request, with the exception of vendors that do not offer an EU region (those are listed in the privacy policy with their region).

US-only or LATAM-only processing is available for clients with regulatory requirements that demand it, on a per-contract basis.

Row-level isolation

Each tenant's data is partitioned at the database level. Tenant context is scoped automatically on every query. Application code cannot accept a tenant ID from a caller, by design.

Tool whitelist

Each agent ships with an explicit allow-list of tools and integrations. Even if a model tried to call something outside the list, the runtime rejects the call before it hits a third party.

No cross-tenant training

Your conversation data is never used to train models we sell to other clients. We use zero-retention APIs with our LLM providers.

All data is encrypted in transit (TLS 1.3) and at rest (AES-256 on managed-database storage). Secrets are managed in Doppler and rotated on a schedule.

Backups are encrypted with the same controls and retained for 30 days.

Access to client data is restricted to the engineers actively delivering or supporting that client's agent: a small, named list per engagement. All access is logged.

Engineers use named accounts, hardware MFA and short-lived credentials. No shared accounts. No password reuse across systems.

GDPR

EU-hosted by default. DPA signed before any real data touches our systems. Sub-processors listed in the privacy policy.

CCPA

We do not sell personal information. California residents can exercise CCPA rights via contacto@auphere.com.

LGPD

Brazilian clients can request LGPD-aligned processing: same operational guarantees as GDPR, contract amendments as needed.

SOC 2 Type 1

Audit in progress. Target completion Q3 2026. We share our security questionnaire and current controls on request under NDA.

The full, up-to-date list of sub-processors is published in our privacy policy with the region and purpose for each one. We notify clients in advance of any change.

We commit to notify affected clients of any confirmed security incident within 72 hours of discovery, with what we know at that point and how we are responding.

We run blameless postmortems for any production incident with material impact and share the relevant findings with clients.

If you believe you have found a security issue, write to contacto@auphere.com with subject [security]. We acknowledge within 1 business day, fix verified issues without ceremony, and credit reporters who want the recognition.