How we protect your business data.
All data is stored in Supabase (PostgreSQL) with AES-256 encryption at rest. Database backups are encrypted and retained for 30 days. Point-in-time recovery is available.
All connections use TLS 1.3. The POS terminal, API routes, and admin dashboard enforce HTTPS. Certificate transparency logging is enabled. HSTS headers are set with a 1-year max-age.
Aria enforces three access levels:
Owner — full access including billing, AI agent config, and all reports.
Manager — reports, overrides, staff management. No billing access.
Staff — POS terminal only, 4-digit PIN authentication, 12-hour sessions.
All privilege escalations are logged in the Actions audit log.
Autonomous agents operate under least-privilege: each agent only has read/write access to the data required for its function. Agent credentials are scoped API keys, rotated monthly. Agent decision logs are immutable once written.
Aria is targeting SOC 2 Type I certification by Q4 2026 and Type II by Q2 2027. Our infrastructure (Supabase/Vercel) is already SOC 2 certified. We will share our audit report with enterprise customers under NDA.
Found a vulnerability? Email cnkansal1105@gmail.com with subject "Security Report". We respond within 48 hours. We do not take legal action against good-faith researchers.
Security questions? cnkansal1105@gmail.com