1. Overview
AURION OS processes Discord server configuration, member metadata, commands, and AI interactions. Security is enforced across authentication, data storage, agent execution, and operational monitoring. For product-level security features (Sentinel, Guardian), see our Security page.
2. Authentication and access
Dashboard access uses Discord OAuth 2.0. API requests require JWT authentication. Enterprise customers may use scoped API keys with permission boundaries. Internal access to production systems is limited to authorized personnel on a least-privilege basis with audit logging.
3. Data protection
- TLS encryption for data in transit between clients, API, and third-party services
- Encrypted storage for databases and backups at rest
- Secrets and credentials stored in secure environment configuration, not in source code
- Per-server isolation for configuration, memory, and usage metering
- Redis, Postgres, and vector stores segmented by environment (production vs staging)
4. Discord bot permissions
AURION requests only the Discord permissions needed for enabled features. We recommend reviewing the bot's role hierarchy and using approval gates for destructive actions. OAuth tokens are stored securely and refreshed according to Discord guidelines.
5. AI and automation safety
PRIME and agent workflows include tier guards, usage quotas, and approval gates for high-impact operations (mass role changes, channel deletion, bulk bans). Action queues are processed by isolated bot workers with retry limits and error logging.
6. Monitoring and incident response
We monitor API errors, authentication anomalies, queue backlogs, and usage spikes. Sentinel provides customer-facing threat detection inside Discord; platform operations use separate internal alerting. Suspected vulnerabilities or incidents should be reported to [email protected]. We aim to acknowledge reports within 72 hours and will coordinate responsible disclosure.
7. Vendor and subprocessors
We use vetted cloud, payment, and AI providers under contractual security requirements. Subprocessors are limited to services necessary to operate AURION (hosting, email, analytics, model inference). A list is available on request for Enterprise customers.
8. Backups and availability
Database backups run on a regular schedule with tested restore procedures. While we target high availability, no system is immune to outage. Status updates for major incidents will be communicated through our official channels when applicable.
9. Compliance
We design controls aligned with common SaaS expectations (access control, encryption, logging, data deletion). Formal certifications (e.g., SOC 2) may be offered on Enterprise plans as they become available. Contact [email protected] for security questionnaires or DPAs.
10. Your responsibilities
Keep Discord accounts secure, limit dashboard access to trusted admins, review automations before enabling them in production, and rotate API keys when team members leave. Report unauthorized access immediately.
11. Updates
This policy may be updated as our architecture evolves. The "Last updated" date at the top reflects the current version. Related: Privacy Policy, Terms of Service.