- EU-Central-1 (Frankfurt) primary data residency. Backups within the EU.
- 30-day breach disclosure SLA. Personal-data breaches notified within 72 hours of confirmation.
- 30-day sub-processor change notice. Subscribe to the blog RSS for advance warning.
- Customer-initiated account deletion honoured within 30 days; encrypted backups roll off in the same window.
- Vulnerability disclosure to security@augur.news — acknowledged within 48 hours, high-severity patched within 7 days.
- Enterprise customers can request a signed DPA and SOC2 trust-report snapshot under NDA.
Trust center
Trust, in one page
Everything you would normally have to chase across five different legal pages, one click away. Last reviewed June 2026.
Security
TLS 1.3 everywhere, AES-256 at rest, Postgres row-level security per tenant, key rotation quarterly, no password-based SSH on production.
Privacy
What we collect, why, how long we keep it, and how to delete it. EU data residency. No advertising trackers on the marketing site.
Cookies
Exhaustive list of every cookie and localStorage entry Augur sets. Spoiler: only essential cookies.
DPA
GDPR data processing agreement with the full sub-processor table (Supabase EU, Vercel, Hetzner EU, Stripe EU, Resend US, Sentry US-optional).
Webhook signing
Every outbound webhook is HMAC-SHA256 signed with a per-channel secret so your receiver can verify origin and reject forgeries.
Status
Live health of every ingest feed. Updated every 30 seconds. No incident history beyond 30 days because we haven't had one.
Our commitments
Need anything else?
Procurement security questionnaire? SOC2 evidence under NDA? Custom DPA? Penetration-test report? Email security@augur.news and we'll turn it around within two working days.