Security
How Auri protects customer and guest data — the controls in place today, and the certifications on the roadmap.
Security in Auri is an architectural decision, not a feature layer. Single-tenant deployment — a dedicated Google Cloud project per Customer — eliminates shared-tenant risk by design. This page documents what is in place today and is honest about what is on the roadmap. For technical deep-dives or vendor-security questionnaires, write to security@auri-system.com.
Single-tenant by design — one GCP project per Customer
Every Auri Customer receives dedicated, isolated Google Cloud projects (staging and production, separate — e.g. auri-acme-stg + auri-acme-prd) hosting their application instance and database. Most vendors that claim "isolation" mean shared infrastructure with row-level filtering. Auri means literal project-level isolation: no shared database, no shared application server, no shared file storage between Customers.
What that buys you:
— A security incident affecting one Customer cannot propagate to another.
— Performance isolation — one Customer's load never affects another.
— Compliance simplification — data residency and audit logs are per-Customer.
— Clean termination — when a Customer leaves, their entire GCP project is decommissioned in one operation, with no residue in shared systems.
This is the structural foundation of Auri's security posture. Everything below layers on top of it.
Compliance by design
GDPR Article 25 mandates data protection by design and by default. Single-tenant deployment satisfies this at the infrastructure layer. The application layer adds:
— Data minimisation — only the fields required for booking operations are collected.
— Purpose limitation — guest data is used only for the booking and notification flows the Customer configures.
— Right of access — built-in guest-profile export returns all data held about a guest in machine-readable JSON.
— Right of erasure — built-in anonymisation replaces personally identifiable fields with hashed identifiers while preserving aggregate analytics.
— Audit logs — every administrative action is logged for traceability.
UAE PDPL and Saudi PDPL are satisfied by analogous controls plus regional GCP deployment.
Infrastructure security
Auri runs on Google Cloud Platform. Default regions:
— europe-west3 (Frankfurt) — EU Customers.
— me-central1 (Bahrain) — GCC Customers.
— Other regions on request.
Infrastructure controls:
— VPC isolation per project.
— Cloud SQL for PostgreSQL with automated backups — daily snapshots, 30-day retention, point-in-time recovery.
— Cloud Storage for assets with bucket-level IAM.
— Identity-Aware Proxy for admin access.
— Centralised logging via Google Cloud Logging.
Google Cloud holds ISO 27001, SOC 2 Type II, PCI DSS, and GDPR-aligned certifications. Auri inherits these at the infrastructure layer only — Auri itself is not independently certified yet (see roadmap below).
Authentication and access control
— Admin passwords stored as bcrypt hashes (cost factor 12). Plain text is never stored or logged.
— Server-side session management with configurable timeout.
— Bearer-token authentication for the public REST API, validated with constant-time comparison to prevent timing attacks.
— Role-based access control inside the admin panel, with granular permissions per role.
— CSRF double-submit cookie — token validation on every state-changing request.
— Per-IP rate limiters — signin 5/min, register 3/min, booking 10/min, guest verify 5/min. Production-grade defaults.
— Single sign-on (SAML / OIDC) available for enterprise tier on request.
— Multi-factor authentication (TOTP) available for admin accounts.
Encryption
— VIP guest PII — field-level encryption at the application layer with AES-256-GCM. Encryption key validated at boot.
— Data at rest — Google Cloud default disk encryption (AES-256).
— Data in transit — TLS 1.2 minimum, TLS 1.3 preferred. HSTS enabled. HTTP traffic redirected to HTTPS.
— API tokens and authentication secrets stored in Google Secret Manager, never in code or environment variables.
— Database connection strings rotated quarterly as routine operational practice.
Testing and monitoring
— Automated test coverage — over 200 automated tests covering booking lifecycle, payment flows, PMS integrations, aggregator analytics, and authentication paths. Tests run on every commit; failures block deployment.
— Static analysis — go vet runs on every commit. Security linting via gosec runs in CI.
— Dependency scanning — govulncheck runs weekly to identify vulnerable dependencies.
— Production monitoring — Google Cloud Monitoring tracks application errors, response times, and resource utilisation. Alerts page the on-call engineer for critical incidents.
— Penetration testing — annual third-party penetration test scheduled for Q3 2026 (first cycle for the production system).
Certifications roadmap
Current state. Auri inherits baseline certifications from Google Cloud Platform (ISO 27001, SOC 2 Type II, PCI DSS) at the infrastructure layer only. Auri itself does not currently hold independent SOC 2, ISO 27001, or PCI DSS certifications. The block below states what is planned — not what is in place today.
Roadmap — not current state
Planned, not held today:
— SOC 2 Type I — targeted 2027. Preparation begins after the first five paying Customers.
— ISO 27001 — targeted 2028.
— PCI DSS — card data is handled by Stripe and Tap (Auri never stores card numbers), so direct PCI certification is not required today. We will revisit if our payment architecture changes.
Auri does not claim certifications it does not hold. The list above is a commitment to seek them as the company matures.
Breach response. In the event of a security incident affecting Customer data, Auri's plan triggers immediate containment, notification to the affected Customer within 72 hours per DPA, and post-incident review with public disclosure where appropriate.
Privacy or data-subject request
Email privacy@auri-system.com. We acknowledge within 2 business days and respond in full within 30 days, per GDPR Art. 12(3).