Audera

security & data

Built like the evidence it keeps

Audera holds a nightly record of your clients' websites — so how that record is stored, separated and served matters. Here's exactly how we handle it.

fig. 01 — data flow & isolation
your agency admin · member roles tls audera your data another agency isolation private evidence vault — authenticated, agency-scoped routes screenshots · snapshots findings · audit trail retention ≤ 60d signed url · expires read-only · 02:00 client sites · public pages nothing installed stripe payments, direct card data never enters every page · every site · every night
01 Outside-in scanning, nothing installed
Audera visits your clients' sites the way a member of the public would. No tags, scripts, CMS plugins, credentials or server access — there is nothing of ours on a client's infrastructure, and nothing for their IT or security teams to assess.
02 Strict per-agency isolation
Every site, page, scan and finding is scoped to your agency at the database layer. Requests without a valid agency context fail closed, and identifiers from another tenant resolve to nothing rather than to someone else's data.
03 Evidence on private storage
Screenshots and scan evidence are never on a public bucket or guessable URL. They live on private storage and are served only through authenticated routes that re-check your agency on every request.
04 Signed, expiring downloads
Export downloads — your PDF and PNG sign-off packs — use cryptographically signed, time-limited links. A forwarded link doesn't become a permanent door into your account.
05 Roles, and a trail of everything
Admin and member roles gate destructive actions — removing people, deleting sites, billing. Changes to findings and baselines are written to an audit trail with who and when attached.
06 Payments never touch us
Billing runs through Stripe. Card details go directly to Stripe's PCI-DSS-compliant infrastructure and are never stored on, or pass through, Audera's servers.
07 Encrypted in transit
All traffic between you and Audera — and between Audera and the sites it scans — travels over TLS. Two-factor authentication and passkeys are available on every account.
08 Found something?
If you believe you've found a security issue in Audera, tell us directly and we'll respond quickly: report a security concern. Please don't test against other agencies' data.

For what personal data we collect and why, see the privacy policy. Questions procurement always asks? Ask us directly — we'd rather answer them before you have to chase.