Security

Last updated: February 15, 2026

1. Overview

At moreaura, security is foundational to everything we build. We handle sensitive data including email content, calendar events, and documents on behalf of our users, and we take that responsibility seriously. This page outlines the measures we employ to protect your data.

2. Infrastructure

  • Application hosted on Vercel with automatic TLS/SSL for all traffic.
  • Database hosted on Neon (PostgreSQL) with encryption at rest and in transit.
  • Agent compute runs on isolated virtual machines provisioned per-customer, terminated on stop.
  • All internal service-to-service communication is encrypted via TLS.

3. Data Encryption

  • In transit: All data transmitted between your browser and our servers is encrypted using TLS 1.2+.
  • At rest: Database contents are encrypted at rest via the hosting provider's encryption.
  • OAuth tokens: All third-party OAuth tokens (Google, Slack, etc.) are encrypted with AES-256 before storage. Tokens are never stored in plaintext.

4. Authentication & Access Control

  • User authentication powered by Privy with support for email, social login, and embedded wallets.
  • All API endpoints verify user identity and ownership before returning data.
  • Agent resources are scoped per-user — users can only access their own agents and data.
  • Admin access to production systems requires multi-factor authentication.

5. Third-Party Integrations

When you connect third-party services like Google or Slack:

  • We request only the minimum scopes needed to deliver the features you enable.
  • OAuth tokens are encrypted at rest and refreshed automatically.
  • You can revoke access at any time from your chat settings or directly from the provider (e.g., Google Account permissions).
  • We adhere to the Google API Services User Data Policy, including the Limited Use requirements.

6. Agent Isolation

Each deployed AI agent runs on its own isolated virtual machine. Agent instances are provisioned on demand and fully terminated (including disk) when stopped. No agent instance shares resources with another customer's agent.

7. Data Retention & Deletion

  • Chat conversations are processed in real-time and not stored beyond the session unless explicitly saved.
  • Integration tokens are retained only while the integration is connected. Disconnecting removes stored tokens.
  • Account deletion removes all associated data, including agent configurations, integration tokens, and billing records.

8. Incident Response

In the event of a security incident, we will notify affected users within 72 hours, investigate the root cause, remediate the vulnerability, and publish a post-mortem where appropriate.

9. Responsible Disclosure

If you discover a security vulnerability, please report it to business@sainindustries.com. We appreciate responsible disclosure and will work with you to resolve issues promptly.

10. Contact

For security questions or concerns, contact us at:

SAIN Industries, Inc.

Email: business@sainindustries.com