Security

Data protection

Customer data is segregated by account and processed only to deliver the POE1 service. We minimize the data we collect and avoid storing data we do not need.

Encryption

• In transit: Connections to POE1 use TLS.
• At rest: Where the underlying infrastructure supports it, stored data and backups are encrypted at rest using provider-managed keys.

API key protection

API keys are treated as secrets. They are stored using hashed or otherwise protected representations where supported, transmitted only over encrypted channels, and can be rotated or revoked by the account owner. Never share API keys in source control, screenshots, or public channels.

Access controls

• Role-based access for internal systems with least-privilege defaults.
• Authentication required for administrative actions.
• Production access is limited to personnel who require it.

Audit logging

Sensitive actions — including governed changes to laws, retrieval profiles, calibration, budgets, and protected truths — are logged through our Predictive Autonomy and Change Management (PACM) system with requester, approver, timestamp, and rollback metadata.

Incident response

If we identify a security incident affecting customer data, we will investigate, contain, and notify affected customers in line with applicable obligations and reasonable timelines. Post-incident reviews drive corrective actions.

Responsible disclosure

If you believe you have found a vulnerability, please email security@augurly.ai (placeholder) with details and steps to reproduce. Please do not publicly disclose the issue until we have had a reasonable opportunity to address it. We appreciate the security community.

No guarantee of absolute security

No service can guarantee perfect security. While we work hard to protect POE1 and its customers, we cannot guarantee absolute security of information transmitted to or stored on our systems. Customers are responsible for safeguarding their credentials and following good security hygiene.