Skip to main content
For You
For Businesses

Help Keep Your Kids Safe With New Online Safety and Balance Tools

Help Keep Your Kids Safe With New

Online Safety and Balance Tools

Get Help
Pricing
Solutions
Down icon
Online Safety
Credit Monitoring
Identity Theft Protection
Identity Theft Insurance
VPN & Online Privacy
Antivirus
Password Manager & Vault
Spam Call Protection
Parental Controls & Safe Gaming
Online Balance
Online Activity Patterns
Social Persona
Parent Recommendations
Online Focus Time
Which protections are most important to you?
Find Your Perfect Plan

Take our simple quiz to discover the best plan for your needs.

Take Quiz
Just browsing? Here’s a great place to start.
Resources
Down icon
Customer Service
FAQ
Help
Resolution Resources
Digital Security 101
Aura Reviews
Leaked passwords and personal data alerts.
Is Your Data Protected?

Use our free tool to see if your information has been leaked—and learn what to do about it.

Run Free Scan
How Aura Works
About
Down icon
About Aura
Leadership
Areas of Expertise
Corporate Responsibility
Data Security & Privacy
Digital Parenthood
Newsroom
Innovation
Aura Intelligence
Clinical Research
Careers
Life at Aura
Join Us
Father and son looking at tablet.
Raising a Connected Generation

Aura’s Digital Parenthood Initiative is sparking a national conversation on healthy use of technology, giving parents the tools needed to support their kids.

Explore the Community
Sign In
Get Help
Overview
Work With Us
Down icon
Partners & Resellers
Small Business
Affiliates
Influencers
Play button
It’s Time to Get Smarter About Online Safety

Smart, simple online safety. Powered by AI. Everything you need in one easy-to-use app.

Watch the Video
Resources
Contact Us
For You
For Business
Sign In
Start Free Trial

Security Standards

Last Updated: 

August, 2024

Website Terms of Use

The below is a general description of Aura’s security standards and practices as of the date hereof. Aura is continuously reviewing its practices and the following may change without notice as Aura deems reasonably necessary to improve its security standards and practices.

Secure Architecture

  • All personal data of customers of Aura’s products or services (“Customer Data”) is accessible only by authorized Aura team members and only on a need-to-know basis. 
  • Customer Data never leaves the production environment except as needed to provide Aura products and services to the customer or otherwise in accordance with Aura’s privacy policy. 
  • Web access, where end-users access their Customer Data, is entirely segregated from the rest of Aura’s technical architecture. 
  • No administrative access to Aura’s architecture is available directly from the public Internet.

Information Security Policy and Program Management

Aura Security Program is overseen by Aura’s Executive Management. The execution of the Security Program is delegated to the Chief Information Security Officer (CISO). Management delegates the maintenance of issue-specific policies to the CISO. Specific policies are reviewed annually and include the following :

  • Acceptable Use Policy
  • Account Management Policy
  • Application Development Policy
  • Approved Software Policy
  • Change Management Policy
  • Cloud Computing Policy
  • Configuration Management Policy
  • Data Classification & Handling Policy
  • Data Protection Policy
  • Electronic Mail Policy
  • Employee Onboarding & Offboarding Policy
  • Firewall Management Policy
  • Hardening Standards Policy
  • Incident Response Plan
  • Information Backup Policy
  • Information Security Policy
  • IT Asset Management Policy
  • Logging & Monitoring Policy
  • Network Controls Policy
  • Password Management Policy
  • Patch Management Policy
  • PCI Scoping Document
  • Personal Device Use Policy
  • Physical Security Policy
  • Policy on Information Security Policies
  • Remote Access Policy
  • Risk Management Policy
  • Security Awareness Policy
  • Third Party (Vendor) Management Policy
  • Vulnerability Management Policy

Vulnerability Management

The following steps are taken to identify vulnerabilities in software and services hosted by Aura as determined necessary by Aura.

  • Regularly occurring internal vulnerability scans
  • Quarterly external vulnerability scans
  • Ongoing static code scans of all Aura production source code
  • Third-party library code scans of all Aura production source code
  • At least annual penetration tests of Aura products and services
  • All critical and high findings are remediated as soon as reasonably possible. Systems are retested until findings are resolved.

Asset Management

  • Aura identifies all assets (hardware and software) and maintains an active list.
  • Asset lifecycles are controlled and managed. The IT department is responsible for managing the lifecycle and secure destruction of decommissioned physical assets.

Data Classification

Protecting data starts with an understanding of the types and locations of data within an organization. Aura classifies all data into three categories:

  • Public data: Any data elements that have been approved by Legal for public consumption. These include public web pages, press releases, job postings, public financial reporting etc. This information may be freely shared.
  • Internal-Use-Only: Any data that does not fall into the Public or Sensitive category. Access to this data is limited by business need.
  • Sensitive data: This includes Customer Data. This data is stored in secured locations and encrypted in accordance with industry-leading standards. Access is limited by roles and business need.

Data Handling

  • Electronic Sensitive Data is stored in the Production Environment only, and in authorized, secure storage locations
  • Sensitive Data does not move out of the Production environment unless required to provide Aura products or services, or as otherwise set forth in Aura’s privacy policy. 
  • Any movement of Customer Data outside the production environment is in encrypted format.
  • Destruction of electronic data is carried out using approved methods for secure destruction

Encryption

All sensitive data is transmitted encrypted when traveling beyond Aura networks.

  • TLS ver. 1.2 or higher for Web Sites and data exchange with Vendors and Partners
  • We do support sftp for File Transfers where specifically requested, using SHA256 key algorithm.

Storage Encryption

  • Structured Storage: Database encryption using AES-256
  • Unstructured Storage: Filesystem encryption using the AES-256 

Device Encryption

  • All laptops are encrypted using Bitlocker or FileVault

Key Management

  • Aura uses secure key management vaults provided by AWS to store and maintain authentication keys.

Internal Aura Account Management

  • The assignment of account privileges throughout the organization are guided by the “Least Privilege Principle”, “Need to know” and the use of Role Based Access. Least privilege principle holds that each user will be assigned the minimum account privileges necessary to do their job and no more.
  • Ad hoc data access request is individually approved by the data owner based on a business need
  • All access to Customer Data is reviewed by the Data Owner and Information Security
  • Roles are established at the time of hire by People Operations and are auto-provisioned by the HRIS system and identity provider (IdP) system.
  • Account privileges for separated employees or contractors must be revoked as soon as possible, but no more than 1 hour past the time of separation.
  • Accounts are always traceable back to an individual. 
  • The use of shared, or generic, accounts is strongly discouraged. In the rare situation in which a shared account is needed, each use of the account must be tied to the person using it via audit record.
  • Password requirements are: minimum of 12 characters, contains both numbers and letters, may not be the same as the previous 8 passwords. These rules are enforced by an identity provider.
  • In accordance with modern industry standards, we do not automatically expire passwords based on time. This is in-line with NIST recommendations, SP 800-63B.

Security Awareness

  • All employees undergo Information Security and Privacy training at time of hire. Additionally, regular re-training occurs.
  • All employees and contractors are provided an internal website that encapsulates the security policies for the organization.

Malware Detection

  • All endpoints are protected by industry standard malware prevention and detection software. The configuration prevents the user from being able to disable the software.
  • In addition, malware detection is being done by web and email gateways.

Physical Security

  • Aura makes use of a very small number of collaboration spaces, where employees can meet and interact with others.  There are no on premise data centers and no data is stored in these collaborative areas.
  • There are no trusted networks in these collaboration areas.  All network access to company data must be authenticated and authorized through a SASE gateway.
  • Secure areas are protected by appropriate entry controls to ensure that only authorized personnel are allowed access. Visitors are permitted with registration.
  • Our cloud systems are housed in AWS data centers that are protected with appropriate controls and audited regularly.  We review those audit results as we conduct our internal audits.

Application Security

  • Aura uses an Agile development methodology and deployments are handled in a continuous delivery model.
  • Aura maintains a Software Development Life Cycle (SDLC) with consideration and training on security principles in software development. 
  • All production products and services are tested against OWASP top 10 vulnerabilities
  • Development and testing is carried out in a separate environment using a test data set. No production data is ever used in development or testing.
  • Static Code analysis is carried out as part of the development pipeline.

Change Management

  • The company uses an agile methodology for engineering and a continuous delivery model of changes to production.
  • All changes follow a defined change management process.
  • All changes are approved before they are released, with clear separation of duties.

Network Controls

  • The Aura network is designed with a defense in depth philosophy.  Products use a serverless architecture and various components do not have direct connectivity at lower levels of network stack.
  • Network segments are separated by network firewalls or application firewalls.
  • The edges are protected by web application firewalls.  There are no options for direct connectivity at a network layer to our edge boundaries.
  • Data Loss Prevention systems are employed on endpoints and network layers
  • Changes to firewall rules (often in the form of security groups or web application firewalls) are logged and reviewed.
  • All endpoint connections to the Internet go through a web gateway which provides blocklists, data loss prevention, and security hygiene services.
  • Wireless access is provided in collaboration areas, but is not considered a trusted network and has no connectivity to the production environment.

Remote Access

  • All access to company resources goes through a SASE gateway, which requires Multi-Factor authentication and is logged and monitored.

Security Monitoring

  • Information Security is responsible for all security event monitoring
  • All logs are centralized and managed exclusively by Information Security with appropriate monitoring and response happening on a continuous basis

Security Incident Handling

  • Security incidents are managed by the Information Security and Engineering teams as appropriate.
  • Incidents are classified according to the Incident Response Plan
  • Incident Response Plan is defined and reviewed annually.  The plan includes considerations for notification, response, and the use of third party resources.  
  • Tabletop exercises are conducted at least annually.

Compliance

Aura Suite certifies to the following security standards:

  • PCI DSS
  • SSAE 18 SOC2 Type II
Help
Digital Security 101
Contact
Corporate Responsibility
Aura Cares
Military Program
Climate Action
Arrow pointing up and to the right, navigates to a new page
Innovation
Arrow pointing up and to the right, navigates to a new page
833.552.2123
About
About Aura
Aura Reviews
Newsroom
Careers
Partner With Us
Partnerships
Affiliate Program
Influencer Program
Arrow pointing up and to the right, navigates to a new page
support@aura.com855.443.7748

© Aura 2022. 

 All rights reserved.

LegalPrivacy Policy
Your Privacy Choices
Privacy Choices icon, links to the Privacy Choices page
Sitemap
Turn offon Reduced Motion
Turning this switch on will reduce motion on the site.

*The Identity Theft Insurance is underwritten and administered by American Bankers Insurance Company of Florida, an Assurant company. Please refer to the actual policies for terms, conditions, and exclusions of coverage. Coverage may not be available in all jurisdictions. The Personal Cyber Insurance is underwritten and administered by Houston Casualty Company, a Tokio Marine company. Please refer to the actual policy for terms, conditions, and exclusions of coverage. Coverage may not be available in all jurisdictions. Review the Summary of Benefits.

** Free trial offer can only be redeemed once per customer. Full access to plan features depends on identity verification and credit eligibility.

¹ The score you receive with Aura is provided for educational purposes to help you understand your credit. It is calculated using the information contained in your Equifax credit file. Lenders use many different credit scoring systems, and the score you receive with Aura is not the same score used by lenders to evaluate your credit.

² 60-day money back guarantee is only available for our annual plans purchased through our websites (excludes Amazon) or via our Customer Support team. You may cancel your membership online and request a refund within 60 days of your initial purchase date of an eligible Aura membership purchase by calling us at 1-833-552-2123.

If you signed up for Aura through a free trial, then your membership purchase date will be the date you signed up for your free trial, and you will have 60 days from the date you signed up for your free trial to cancel and request a refund. If you switched to a new annual plan within 60 days of your initial Aura annual subscription, you may still qualify for the Money Back Guarantee (based upon your initial annual plan purchase date).

³ As compared to the competition. Results based on a 2022 mystery shopper consumer study conducted by ath Power Consulting. ath Power Consulting was compensated by Aura to conduct this study.

⁴ Child members on the family plan will only have access to online account monitoring and social security number monitoring features. All adult members get all the listed benefits.

⁵ Ranked #1 by Forbes, CNBC, and CNET. They may be compensated as a marketing affiliate of Aura, but their ratings are all their own.

⁶ cdc.gov.../getmoving

⁷ commonsensemedia.org.../new-normal

⁸ kaspersky.com.../parents-worried

⁹ Javelin 2022 Identity Fraud Study

‡ Not all features use AI capabilities.

No one can prevent all identity theft or monitor all transactions effectively. Further, any testimonials on this website reflect experiences that are personal to those particular users, and may not necessarily be representative of all users of our products and/or services. We do not claim, and you should not assume, that all users will have the same experiences. Your individual results may vary.

AURA SERVICES ARE NOT INTENDED TO DIAGNOSE, TREAT, CURE, OR PREVENT ANY DISEASE OR MEDICAL CONDITION. THE SERVICES ARE FOR INFORMATIONAL PURPOSES ONLY AND CANNOT REPLACE THE SERVICES OF PHYSICIANS OR MEDICAL PROFESSIONALS.

Aura's service does not monitor for all content or your child’s behavior in real time. Alerts and/or insights may not be 100% accurate or timely.