Back to Home

Auralytik

Trust Center

Security and privacy are foundational to how we build Auralytik. Here's a transparent view of our security controls, compliance posture, and how we protect your data.

Security pillars

Encryption

All data in transit is protected by TLS 1.2 or higher. Data at rest — including call recordings, transcripts, and Customer Personal Data — is encrypted with AES-256 on Microsoft Azure infrastructure.

Access Controls

We follow least-privilege principles: each team member and system component is granted only the access required for their specific function. Administrative access requires multi-factor authentication.

Sub-processor Governance

Every sub-processor (Microsoft Azure, Stripe, ElevenLabs, Twilio, Meta) is bound by written data-processing agreements. Changes are notified 30 days in advance. Full list at /subprocessors.

Incident Response

Documented incident-response procedures are in place. Personal Data breaches affecting Customer data are notified within 48 hours of discovery, with full cooperation on remediation.

Data Residency

Customer data is processed primarily in US and Chilean Azure regions. Cross-border transfers are covered by Standard Contractual Clauses or equivalent safeguards as required by applicable law.

Audit Logs

The platform maintains audit logs of access to Customer Personal Data. Logs support compliance monitoring, incident investigations, and customer-requested audit evidence.

Compliance and certifications

We follow security controls aligned with SOC 2 Type II and ISO 27001 frameworks, and we are designed to operate under GDPR (EU), CCPA/CPRA (California), and Chile's data-protection laws (Ley N° 19.628 and Ley N° 21.719). Formal SOC 2 Type II attestation is on our 2027 roadmap. In the meantime, customers with compliance obligations can request security documentation and evidence packages under a confidentiality agreement. Our hosting provider, Microsoft Azure, holds ISO 27001, SOC 1/2/3, and CSA STAR certifications. Azure compliance documentation is available at the Microsoft Trust Center.

Documentation

Privacy Policy

How we collect, use, and protect personal data on auralytik.com and the platform.

Data Processing Addendum

Standard DPA for customers under GDPR, CCPA, and equivalent regulations.

Sub-processors

Current list of sub-processors with categories of data and processing purpose.

Acceptable Use Policy

Rules governing permitted and prohibited uses of the Auralytik platform.

Master Agreement (EULA)

Full terms governing the customer relationship, SLAs, and liability.

Support Center

How to contact us for incidents, security concerns, and data subject requests.

Security disclosures

If you believe you have discovered a security vulnerability in Auralytik, please report it responsibly. We review all reports, acknowledge receipt within 3 business days, and coordinate remediation before any public disclosure. We do not take legal action against researchers who act in good faith.

security@auralytik.com