Security

All data stored in Aureli is encrypted at rest. Your portfolio data, including assets, debts, valuations, and bank connection details, is stored in encrypted form on our database servers. Even in the unlikely event of a physical breach, your data remains unreadable without the encryption keys.

Our database is hosted in London, with encryption enforced at the storage layer. Encryption keys are managed separately from the data itself.

All data transmitted between your browser and our servers is protected with TLS (Transport Layer Security). We enforce HTTPS across the entire application. No data ever travels over an unencrypted connection.

Aureli's AI chat uses a leading AI model to answer your financial questions. Your messages and portfolio context are sent to the model to generate a response.

The AI model does not retain your data. It operates under a zero data retention policy. Your conversations and financial data are not stored, logged, or used to train future models. Each conversation is processed in memory and discarded once the response is returned.

We use secure OAuth for authentication, meaning we never store your password. All sessions are database-backed and cryptographically signed. Session tokens expire automatically and are invalidated on sign-out.

Portfolio access is role-based: owners, editors, and viewers each have clearly defined permissions. You control who can see or edit your data, and access can be revoked at any time.

Bank connections are handled through a regulated Open Banking provider. Aureli never has access to your banking credentials. You authenticate directly with your bank. We only receive read-only access to your balance, strictly for the purpose of syncing your account information.

You can disconnect any bank connection at any time from your portfolio settings.

Aureli runs on serverless infrastructure with automatic scaling and built-in DDoS protection. Our database is hosted in London to keep your data within Europe.

We monitor application errors and performance in real time with PII protection enabled, so that error reports never contain personal data.

You can export all your data or permanently delete your account at any time from your account settings. On deletion, your personal data and portfolio information are permanently removed within 30 days. See our Privacy Policy for full details on data retention.

If you have a security concern or want to report a vulnerability, please contact us at security@aureli.app. We take all reports seriously and will respond promptly.