Skip to main content
At Avra, security is foundational to our platform and culture. Our information security management system (ISMS) is built on leading global standards, including ISO 27001:2022 — for which certification is currently in progress — and the NIST Cybersecurity Framework (CSF) 2.0. Our approach is built on the core principles of Confidentiality, Integrity, and Availability (the CIA triad).

Avra's Trust Center

Access our trust center to learn more about Avra’s security practices.

Key Pillars of Our Security Program

Confidentiality

We ensure that your data is accessed only by authorized users.
  • Encryption: Data is encrypted both in transit using TLS 1.2+ and at rest using industry-standard AES-256 encryption. Our cloud storage (e.g., AWS S3) uses server-side encryption with keys managed by AWS Key Management Service (KMS).
  • Principle of Least Privilege: Access to data and systems is granted on a strict need-to-know basis.
  • Role-Based Access Control (RBAC): A robust RBAC model with automated, group-based permissions ties access to each user’s role and revokes it on departure.
  • Data Isolation: Customer data is logically isolated and never exposed to or used by other customers. The Relational Foundation Model can additionally be deployed inside your environment for full physical custody. See Data Privacy & Compliance for details.

Integrity

We maintain the accuracy and consistency of your data throughout its lifecycle.
  • Immutable Audit Logs: All API calls and sensitive actions are logged to a tamper-evident audit trail. Customer-visible events are available in the dashboard under Observability → Audit.
  • Input Validation: Data is validated against predefined schemas upon ingestion to prevent corruption.
  • Version Control: Our models and infrastructure are managed as code (IaC) and follow git-based workflows with mandatory peer review to ensure changes are deliberate and tracked.

Availability

We design our systems for resilience to ensure you have reliable access to our services.
  • Multi-Cloud Architecture: We operate across multiple top-tier cloud providers to build a resilient and scalable infrastructure with no single point of failure.
  • High Availability: Our services are deployed across multiple availability zones (AZs) with auto-scaling and health checks to handle failures gracefully.
  • Disaster Recovery: We have comprehensive backup and disaster recovery plans that are regularly tested to ensure business continuity.

Secure Development & Operations

  • Employee Security: All employees undergo background checks and receive regular security awareness training. Multi-Factor Authentication (MFA) is mandatory for access to all critical systems.
  • Vulnerability Management: We continuously scan our code and infrastructure for vulnerabilities and have a clear policy for responsible disclosure. See our Vulnerability Disclosure Policy.
  • Third-Party Audits: We engage independent third-party auditors to perform penetration tests and security assessments to validate our controls.
For further questions about Avra’s security posture, please contact us at security@avra.ai or visit our Trust Center.