Personal AI for real work, built around trust.
Aura handles personal context, conversations, contacts, memory, integrations, and business workflows. The product is designed around user control, scoped access, encrypted native credentials, auditability, and approval paths for sensitive actions.
Current trust posture
Customer data is not sold.
Core Aura data can be exported and deleted with documented caveats.
Sensitive actions can require approval before execution.
What Aura can support today
Practical controls for private lives and serious work.
Aura's trust story starts with specific product controls: scoped access, user-managed memory, protected credentials, export and deletion paths, approval workflows, and activity visibility.
User-owned access
Users choose which integrations, memories, Cookbooks, and agent instructions Aura can use.
Encrypted native credentials
Native integration credentials are encrypted before storage. Composio-backed credentials are handled by the integration processor.
Core data export and deletion
Users can export and delete core Aura-owned data, with caveats for billing, security, provider, and agent-session records.
Approval-aware actions
Sensitive actions can require approval, and approval outcomes are persisted and written to audit logs.
Data control
Users stay in control of memory and core account data.
Aura should be useful because it remembers the right things, not because users lose visibility into what it stores.
Memory controls
Saved Aura memories are user-controlled and deletable. Memory is separate from conversation/session history.
Export path
Authenticated users can export profile, agents, memories, integrations metadata, Cookbooks, audit logs, conversations metadata, and other core app data.
Deletion path
Users can delete saved memories, conversation metadata, integrations, and core Aura-owned account data. Billing, security, provider, and legal retention records may remain.
Approval gates
Sensitive actions can require approval.
Aura has a shared approval model for high-risk agent actions. When a workflow uses this path, users can review the request before the action proceeds.
Approval outcomes are stored
Pending, approved, declined, expired, and canceled decisions are persisted and written to audit logs.
Sending emails or messages
Creating or changing calendar events
Sharing files or private content
Deleting data
Making purchases or spend requests
Modifying CRM, ticketing, project, or other external records
Integration credentials
Credential handling is explicit.
Aura uses scoped integrations so agents can work with the tools users connect, while distinguishing credentials encrypted by Aura from credentials handled by trusted integration processors.
OAuth and provider credentials are scoped to the connected integration.
Native credentials are encrypted before storage.
Composio-backed integrations use Composio as the credential and tool-call processor.
Users can disconnect integrations from Aura and may also revoke access directly with the provider.
Google Workspace permissions
Clear boundaries before users connect company data.
Google Workspace is often the first high-trust connection users make. Aura should show what each scope is for and where destructive access is not requested.
Gmail
Aura requests read and send access so it can summarize inbox context, draft replies, and send messages when a workflow calls for it.
Calendar
Aura requests read and event-management access so it can understand schedule context and create or modify events when users ask.
Drive
Aura's current Google flow requests read-only Drive access for file discovery and retrieval. It does not request the broad Drive scope used for Drive deletion.
Docs, Sheets, Slides
Aura requests document-app edit scopes so it can work on document, spreadsheet, and presentation content when users explicitly ask.
Activity visibility
Audit logs make important actions reviewable.
Aura keeps audit logs for selected security, integration, billing, approval, and agent events. The next step is broader enterprise admin coverage.
Integration connect and disconnect activity
Memory changes and data deletion activity
Approval requests, approvals, and declines
Agent budget and spend actions
Selected agent, system, and billing events
For teams
A practical starting point for security reviews.
Aura is still early, so the strongest trust signal is clarity: what is available today, where caveats remain, and which controls are being hardened next.
Users can export and delete core Aura data, with documented billing, security, provider, legal, and agent-session caveats.
Sensitive actions can require approval when routed through Aura's approval workflow.
Native integration credentials are encrypted before storage; processor-managed credentials follow the processor's security model.
For teams with formal security requirements, Aura can support a security review and implementation planning conversation.
Broader integration enforcement, retention controls, and enterprise admin coverage are active hardening priorities.
FAQ
Straight answers for privacy and security reviews.
Short, specific answers for founders, operators, and teams evaluating whether Aura is ready for sensitive workflows.
Can Aura staff read my Gmail, calendar, or Drive directly?+
Aura is designed so connected tool access is handled through scoped OAuth credentials, integration processors, and the agent runtime. The app backend stores connection metadata and encrypted native tokens needed to operate the product; it is not a staff-facing inbox UI.
Where do conversations and agent memory live?+
Dashboard and SMS conversation bodies may live in agent runtime session storage on EFS, while app-owned profile data, settings, saved memories, approvals, audit logs, and Cookbooks live in the Aura database. Core app data can be exported; full session export and deletion are best-effort while the agent gateway is available.
What happens when I disconnect an integration?+
Disconnecting removes or deactivates Aura's stored connection for that provider and stops future use of that integration. For Composio-backed integrations, Aura also attempts provider-side token revocation through Composio. You can revoke access directly from the provider too, such as your Google Account permissions page.
Why is Aura safer than a generic shared assistant?+
Aura uses authenticated user ownership checks, per-agent runtime isolation, scoped integration connections, encrypted native credential storage, audit logging, data export/deletion paths, and approval gates for sensitive actions that are routed through Aura's approval flow.
Can I review sensitive actions before Aura takes them?+
Yes. Aura has a shared approval model for high-risk actions such as outbound messages, calendar writes, file sharing, deletion, purchases, external-record updates, and spend requests. Approved and declined decisions are stored and written to audit logs. Aura is expanding this enforcement across sensitive tool paths.
Can I export or delete my Aura data?+
You can export and delete core Aura-owned data, including saved memories and key account records. Some billing, security, provider, and legal retention records may remain, and full agent session export or deletion can depend on agent runtime availability.
Can my team run a security review before using Aura?+
Yes. For team rollouts, Aura can walk through current controls, subprocessors, data flows, retention caveats, approval workflows, and the hardening work planned for your use case.
Does Aura use my data to train models?+
Aura does not sell customer data. Google user data and connected integration content are not used to train general-purpose AI models. Broader provider-specific commitments depend on the model and integration providers used for your workspace.