Services
Outbound CallingLead GenerationAppointment SettingCustomer SupportDigital MarketingSocial MediaMarket ResearchVirtual Assistance
PricingCase StudiesResourcesCareersContactGet Started
Security & Trust

Built on a simple promise:
we don't keep your data.

Most BPO security risk comes from vendors copying customer data into their own systems. We don't. Here's how we operate and what we're certified for.

Your data never leaves your systems

Agents log into your CRM, helpdesk, and dialer. We don't replicate your customer database. When the engagement ends, access is revoked — there's nothing left on our side to leak.

Least-privilege access by default

Each agent gets the minimum scope required to do their work — a single CRM seat with a single pipeline, not admin access. We audit access weekly.

Per-agent NDAs and confidentiality clauses

Every Aurora agent signs a confidentiality agreement before they receive credentials. Confidentiality survives engagement termination for three years.

Encrypted in transit, encrypted at rest

TLS 1.3 for every connection to client systems. The few internal notes we keep (call logs, training material) are stored with at-rest encryption in providers with SOC 2 Type II.

How client data flows

Four-step model. No surprises.

1
We're invited into your stack
You provision Aurora agents named seats in your existing CRM/dialer/helpdesk. We never operate a parallel system that mirrors your data.
2
Agents work, log directly into your tools
Call notes, lead status, ticket updates — all written into your systems. Aurora keeps performance metadata only (call counts, durations, internal QA notes).
3
We report aggregated metrics back to you
Daily and weekly reports summarize aggregate activity. Underlying customer records stay in your CRM, not ours.
4
Engagement ends — access revoked same day
You disable the agent accounts. We destroy any internal notes within 30 days. There's no "data return" because we never had a copy.

Where we stand on compliance

We publish status honestly. Things in progress are flagged as such.

Per-agent NDA In place
Mandatory before first credential issued. Three-year survival clause.
GDPR / UK GDPR alignment In place
Data Processing Agreement available on request. Controller/processor split documented.
Vendor due-diligence questionnaire In place
We respond to SIG, CAIQ, and bespoke DDQs typically within 5 business days.
ISO 27001 In progress
Audit engagement initiated Q1 2026. Targeting certification by end of 2026.
SOC 2 Type II On roadmap
Roadmapped for 2027. Will publish report under NDA to qualified prospects on request.
Cyber liability insurance In place
Coverage for data-handling incidents. Certificate available for enterprise engagements.

If something goes wrong

We notify you within 24 hours of confirming any security incident affecting your account — whether it's a misused credential, a phishing attempt on one of our agents, or any other situation that could expose your data. You'll get a written incident report within 7 days with root cause, timeline, and remediation.

Reach us at security@auroraadvertising.com for any security question, finding, or report — including responsible disclosure.

Documents available on request

For active or qualified prospects, under NDA where appropriate.

Data Processing Agreement (DPA)
Master Services Agreement (MSA)
Vendor security questionnaire responses (SIG / CAIQ)
Cyber liability insurance certificate
Per-agent NDA template
Subprocessor list

Need a deeper look?

We respond to security questionnaires within 5 business days. Ask for our DDQ pack and we'll get it to you under NDA.

Request our security package →
Get a quote