Security & Trust
Trust is the foundation of AuraMetrics.io. This is how we protect your data, your privacy and your business.
GDPR Compliant
We comply with the General Data Protection Regulation (EU) 2016/679 and the UK GDPR. DPA available, subprocessors documented, and data subject rights guaranteed.
SSL/TLS Encrypted
All connections are encrypted with TLS 1.3. Data at rest is encrypted with AES-256 on our Supabase infrastructure.
Read-Only OAuth
The Google Analytics integration uses read-only scope (analytics.readonly). We never modify, create or delete data in your Google account.
No Ads, No Data Selling
We don't show ads. We don't sell or share personal data with third parties for advertising purposes. Your information is yours.
WCAG 2.2 Accessible
Our dashboard and website comply with WCAG 2.2 AA accessibility guidelines. Accessibility audit with 0 critical issues.
CookieYes CMP
Consent management platform certified IAB TCF v2.2. Geo-targeted banner: opt-in for EU/UK (GDPR), differentiated configuration for the rest of the world.
Security practices
Authentication
- ✓OAuth 2.0 via Google (no stored passwords)
- ✓Auto-expiring tokens with refresh
- ✓Minimum necessary scope (email, profile, analytics.readonly)
Infrastructure
- ✓Supabase (PostgreSQL) with Row Level Security
- ✓Vercel Edge Network with global CDN
- ✓AES-256 encryption at rest, TLS 1.3 in transit
- ✓Automatic daily backups
Data & privacy
- ✓GA4 data is queried in real-time and not stored as raw data permanently. Processed and derived data (such as audit results) may be stored to provide reporting and historical insights
- ✓Audit history associated to user with RLS
- ✓Right to deletion: email hello@aurametrics.io
- ✓No cross-site tracking, no fingerprinting
Payments
- ✓Processed by PayPal (PCI DSS Level 1)
- ✓No credit card data stored
- ✓Subscriptions managed via PayPal Subscriptions API
- ✓Cancel anytime
Questions about security or privacy?
hello@aurametrics.io