LEGAL

Privacy Policy

Last updated: April 16, 2026

Auris SAS (“Auris”, “we”, “us”) operates the Auris secret detection platform. This Privacy Policy explains how we collect, use, and protect your information when you use our service.

1. Data We Collect

Account information: When you create an account, we collect your name, work email address, and authentication credentials. If you sign in via SSO, we receive only the profile data shared by your identity provider.

Scan metadata: When Auris scans your repositories, we process file paths, line numbers, secret types, and severity classifications. We store only masked secret values and SHA-256 fingerprints — never raw credentials.

Usage analytics: We collect anonymized usage data (features used, scan frequency, error rates) to improve the product. This data cannot be linked back to individual users.

2. How We Use Your Data

We use your data exclusively to operate and improve the Auris service:

  • Providing secret detection and remediation features
  • Sending security alerts and product notifications
  • Diagnosing technical issues and improving reliability
  • Complying with legal obligations

We do not sell your data. We do not share your data with third parties for advertising purposes. We never train AI models on your code or secret findings.

3. Data Storage and Security

All data is stored exclusively on EU infrastructure (AWS Frankfurt, eu-west-1 region). No data is transferred to servers outside the European Economic Area.

Data is encrypted at rest (AES-256) and in transit (TLS 1.3). Access to production systems is restricted to authenticated employees with MFA, and all access is logged and audited.

For self-hosted deployments, your data never leaves your own infrastructure. Auris has no access to self-hosted instances.

4. Your Rights (GDPR)

As a data subject under GDPR, you have the following rights:

  • Access: Request a copy of all personal data we hold about you
  • Deletion: Request permanent deletion of your account and associated data
  • Portability: Receive your data in a machine-readable format (JSON)
  • Rectification: Correct inaccurate personal data
  • Objection: Object to processing of your data for legitimate interest purposes

To exercise any of these rights, email us at privacy@auris.dev. We will respond within 30 days.

5. Contact

For privacy-related inquiries, contact our Data Protection Officer at privacy@auris.dev.

Auris SAS
Registered in France
privacy@auris.dev