Everything we do to keep your fleet’s data safe. Built for the procurement teams and CISOs who run the security review.
Last reviewed · May 2026
Honest status, not aspirational. Certifications under way list the auditor engagement window; the rest list current alignment posture.
Auditor engaged Q3 2026 · observation window Q3 2026 → Q1 2027 · report Q2 2027.
Gap assessment Q4 2026 · certification target 2027.
EU data residency available · DPA on request · DPO contactable at privacy@enrevia-augur.com.
Business Associate Agreement available · PHI never carried in telemetry by design.
Consumer data-subject requests honoured within 45 days · "do not sell" by default.
CAIQ self-assessment available now · STAR Level 1 submission planned post-SOC 2.
Each control is implemented and continuously regression-tested in CI. Detail beyond what fits on a marketing page lives in the security whitepaper below.
Every agent ↔ broker connection uses mutual TLS with per-tenant topic ACLs. Device A can’t see device B’s commands — and tenant A can’t see tenant B’s ACLs.
Every secret at rest — recovery keys, audit-export tokens, LLM provider API keys, IdP signing secrets — sealed with AES-256-GCM under a per-deployment master key.
User passwords stored as scrypt hashes (N=16384, r=8, p=1) with a unique 16-byte salt per user. No reversible storage anywhere.
Wipes, mass uninstalls, bulk reboots — every destructive verb supports an N-of-N approval gate. Issuer cannot self-approve. Included on every tier, not gated.
Append-only audit trail with 7-year retention by default. Every command, every approval, every policy change. SOC 2 CC7.2-aligned.
28 cross-tenant regression tests across 7 services. Identical "not found" wording on foreign-tenant access — IDs cannot be enumerated.
macOS notarised · Windows Authenticode · Linux packages signed with our public release key. The agent rejects updates it can’t verify.
Telemetry is metadata only — never screen content, keystrokes, or file contents. The agent’s data model literally can’t carry PII.
Self-assessment artifacts now; third-party-attested reports once each audit closes. Drop us a note if you need a specific format.
The full list, with what each sub-processor is for and where the data sits. We notify customers 30 days before adding a sub-processor.
| Sub-processor | Purpose | Data shared | Location | DPA |
|---|---|---|---|---|
| Amazon Web Services | Primary cloud infrastructure (compute, storage, networking) | All customer telemetry + control-plane data | us-east-2 · eu-west-1 (EU data residency) | Signed |
| CrowdStrike | EDR signal ingestion (optional, customer-configured) | Device-identifier mapping only · payload stays on the EDR side | US · EU (per CrowdStrike tenant region) | Standard |
| Datadog | Internal infrastructure monitoring · APM | Augur service-side metrics + logs (no customer device telemetry) | US · EU | Signed |
| GitHub | Source-code hosting · CI/CD | Source code · build artifacts · no customer data | United States | Signed |
| Anthropic | LLM provider — audit summarisation + anomaly triage | Anonymised audit-log narratives · device IDs hashed before send | United States | Signed |
Subscribe to sub-processor change notifications at security@enrevia-augur.com.
Found something? Tell us. We respond to credible reports within one business day and credit researchers in our advisories.
Encrypted reports welcome. Our PGP key fingerprint is published under /.well-known/security.txt.
DPA counter-signature, sub-processor change subscriptions, and data-subject requests.