Security & Data Privacy

At Aureum AI, security is not an afterthought — it is foundational to what we do. Every call we handle contains sensitive personal and business information. We take every reasonable step to protect it.

Our Security Commitments

🔒

End-to-End Encryption

All call data, transcripts, and personal information are encrypted in transit using TLS 1.3 and at rest using AES-256 encryption.

🏛

Australian Data Residency

All client and caller data is stored on Australian-based cloud infrastructure, subject to Australian law and the Privacy Act 1988.

👁

Access Controls

Strict role-based access controls ensure only authorised Aureum AI personnel can access client data, and only when required for service delivery.

🛡

Regular Security Audits

We conduct regular penetration testing and security audits by independent third parties to identify and remediate vulnerabilities.

Data Encryption

In Transit

All data transmitted between our systems, your devices, and our servers is encrypted using Transport Layer Security (TLS 1.3). This includes call audio streams, transcript data, notification deliveries, and web communications.

At Rest

All stored data — including call recordings, transcripts, and personal information — is encrypted at rest using AES-256 encryption. Encryption keys are managed using industry-standard key management practices, with keys rotated regularly.

Infrastructure Security

Our platform is hosted on enterprise-grade cloud infrastructure located in Australia. Our infrastructure security measures include:

Network segmentation — systems are isolated into security zones with strict firewall rules controlling traffic between zones
DDoS protection — distributed denial-of-service mitigation is applied at the network layer to ensure service availability
Intrusion detection — automated systems monitor for suspicious activity and alert our security team in real time
Regular patching — operating systems and dependencies are patched promptly when security updates are released
Disaster recovery — regular backups are maintained with tested recovery procedures to ensure data resilience

Access Management

We apply the principle of least privilege across all internal systems:

Staff access to client data is restricted to what is strictly necessary for their role
Multi-factor authentication (MFA) is mandatory for all Aureum AI team members accessing production systems
Access logs are maintained and reviewed regularly
Former employees have access revoked immediately upon departure

Clients can only access their own data. There is no cross-client data exposure by design.

Call Data and Recording Security

Call recordings and transcripts are among the most sensitive data we handle. Specific protections include:

Recordings are stored encrypted and accessible only to the relevant agent client and authorised Aureum AI staff for service purposes
Recordings are automatically deleted after 12 months unless a longer retention period is required by applicable law or requested by the client
Transcript data is processed using AI models operated within secure, private environments — your call data is never used to train third-party models

Third-Party Security

We carefully vet all third-party service providers. Any provider that processes Aureum AI or client data must:

Meet our minimum security requirements, including encryption standards and access controls
Execute a Data Processing Agreement (DPA) with Aureum AI
Operate in compliance with Australian privacy law or equivalent international standards

Incident Response

We maintain a formal incident response plan covering detection, containment, eradication, recovery, and post-incident review. In the event of a data breach that is likely to cause serious harm:

Affected clients will be notified as soon as practicable
We will notify the Office of the Australian Information Commissioner (OAIC) in accordance with the Notifiable Data Breaches scheme
A full incident report will be conducted, with findings used to strengthen our security posture

Staff Training

All Aureum AI staff undergo mandatory security and privacy training upon joining and annually thereafter. This includes training on:

Data handling obligations under the Privacy Act 1988
Recognising and responding to phishing and social engineering attempts
Secure coding practices (for technical staff)
Incident reporting procedures

Vulnerability Disclosure

We welcome responsible disclosure of security vulnerabilities. If you believe you have identified a security issue in our platform, please contact our security team at security@aureumai.com.au before disclosing publicly.

We commit to acknowledging all reports within 48 hours, investigating in good faith, and working collaboratively to resolve confirmed vulnerabilities.

Contact Our Security Team

For security-related enquiries or to report a vulnerability:

Email: security@aureumai.com.au
General enquiries: hello@aureumai.com.au