PP
Privacy

Privacy

AORKA · PUBLISHED REFERENCE · PP‑01 · REV. 2026.04

Privacy policy.

Aorka is operated by Auderas Inc (d/b/a Aorka). This policy explains what data we collect, why we collect it, and exactly where it goes. No legalese fog — just the facts.

Last revised: April 14, 2026.

01
Collect

What we collect.

Aorka collects data necessary to operate the platform. Nothing more. There are no analytics trackers, no advertising pixels, no third-party data brokers.

  • Account data. When you sign in via Microsoft 365 SSO or Google OAuth, we receive your email address, display name, and tenant identifier. Aorka does not store passwords — authentication is delegated entirely to your identity provider. We also record the IP address and user agent of your sessions for security auditing.
  • Infrastructure data. Aorka's core function is managing your IT infrastructure. We store data about your endpoints: hostnames, hardware facts, software versions, configuration details, and other operational data collected by the agent or entered by your team. This is the knowledge base that makes the product useful.
  • Conversations and scripts. Chat conversations with the AI assistant are stored so you can reference prior context. Scripts generated or executed through the platform are logged with their safety scores, approval status, and execution results. This history is essential for audit trails and for the model to learn your environment over time.
  • Credentials. If you store credentials in the Aorka vault, they are encrypted at rest using AES‑256‑GCM. Viewing a stored credential requires MFA verification — a session alone is not sufficient. We cannot read your stored credentials in plaintext; decryption happens on-demand when you explicitly request access.
  • Session cookie. Aorka uses a single session cookie to maintain your authenticated session. That is it. No analytics cookies, no tracking cookies, no third-party cookies. We do not use Google Analytics, Mixpanel, Hotjar, or any similar service.
02
Use

How we use your data.

  • Operating the platform. Your infrastructure data powers the knowledge base, chat context, and script execution. This is the product.
  • Security and audit. IP addresses, user agents, and action logs are used for session management, anomaly detection, and audit trails.
  • Transactional email. We send emails related to demo requests and account operations. No marketing email lists. No newsletters unless you explicitly opt in.
  • Improving relevance across the platform. Aorka computes mathematical representations (vector embeddings) of knowledge items and groups them into concept clusters. These clusters determine which types of knowledge are most relevant across the platform — for example, recognizing that firewall-configuration facts are broadly important right now. This process operates on abstract coordinates, not on the content of your data. No titles, fact values, hostnames, or other readable information is shared between tenants. See Concept clusters below for the full mechanism.
  • We do not sell your data. Not to advertisers, not to data brokers, not to anyone. Your infrastructure data is yours.
03
Providers

Providers and third parties.

Aorka integrates with external services to provide AI capabilities, authentication, and transactional email. Here is exactly what each provider sees and retains.

AI
Anthropic (Claude). Powers the AI chat assistant and script safety evaluation. All API calls are stateless — conversation context is sent per-request and is not retained by Anthropic after the response is returned. Your data is not used to train Anthropic's models. Retention is zero for API usage.
Search
Voyage AI. Provides vector embeddings for semantic search across your knowledge base and scripts. Same stateless model — text is sent, a vector is returned, nothing is stored. Your data is not used for training.
Auth
Microsoft & Google. Authentication only. We receive your identity claims (name, email, tenant ID) via OAuth. We do not access your mailbox, files, or any other data beyond what is needed to sign you in — unless you explicitly configure Microsoft 365 integration for endpoint management, which uses separate per-tenant credentials under your control.
Email
SMTP2GO. Transactional email delivery for demo requests and account operations. Receives only the recipient address and message content necessary to deliver the email. No bulk marketing, no mailing lists.
Host
Amazon Web Services. Compute, database, and secrets management. All data at rest sits in AWS us-east-1. Database credentials live in AWS Secrets Manager with IAM-scoped access.

The key point: no third-party provider retains your infrastructure data. AI providers see conversation context for the duration of a single API call. Embedding providers see text fragments long enough to compute a vector. Neither stores your data or uses it for training.

04
Tenancy

Tenant isolation.

Aorka is a multi-tenant platform. Your data — endpoints, facts, conversations, credentials, scripts, job history — is scoped to your tenant at the database level. This is not application-layer filtering that could be bypassed; it is structural. No other tenant can see, query, or access your data through the application.

  • Role-based access within tenants. Within your tenant, access is controlled by role-based permissions (admin, tech, viewer) and unit-scoped access grants. A user only sees the endpoints and data they have been explicitly granted access to. Tenant admins control who gets access to what.

Concept clusters and cross-tenant signals.

While your data content is strictly tenant-isolated, Aorka uses a global relevance system to improve knowledge quality across the platform. Here is exactly how it works:

  1. 1
    Vector embedding. Each knowledge item is converted into a vector embedding — a list of numbers representing the item's meaning in abstract mathematical space. This is a one-way transformation; the original text cannot be reconstructed from the vector.
  2. 2
    Cluster centroid. Vectors from all tenants are grouped into concept clusters using density-based clustering. A concept is a geometric centroid (average position) of nearby vectors — it has no name, no label, and no readable content. It is a point in mathematical space.
  3. 3
    Salience score. Each concept has a salience score reflecting how actively that type of knowledge is being used across the platform. When many items in a concept cluster are accessed frequently, the concept's salience rises; when activity is low, it falls.
  4. 4
    Local propagation. Salience changes propagate to nearby items. If the “firewall configuration” region of the vector space is heating up across the platform, your firewall-related items benefit from that signal — they rank higher in search results and get validated more frequently.

What crosses tenant boundaries: mathematical coordinates and numerical relevance scores. What never crosses: titles, descriptions, fact values, hostnames, IP addresses, credentials, or any other readable content. No tenant can reverse-engineer another tenant's data from concept clusters — the vectors are abstract, high-dimensional, and irreversible.

05
Location

Infrastructure and data location.

  • Where your data lives. All Aorka infrastructure runs in AWS us-east-1 (Northern Virginia). The application server runs on AWS Lightsail. The database is AWS RDS PostgreSQL with encryption at rest enabled. Application secrets are stored in AWS Secrets Manager with IAM-scoped access policies.
  • International data transfers. Aorka currently operates exclusively in the US (us-east-1). We do not yet have an EU data center. If you are located outside the United States, your data will be transferred to and processed in the US. We are transparent about this rather than burying it in fine print. If regional data residency is a requirement, please contact us.
  • Encryption. All data in transit is encrypted via TLS. The database uses encryption at rest via AWS RDS. Stored credentials use AES‑256‑GCM application-layer encryption on top of database encryption. Agent connections use WSS (WebSocket over TLS) with mutual authentication.
06
Retention

Retention and deletion.

  • You control your data. Conversations, facts, credentials, and knowledge base entries can be deleted by authorized users directly through the platform. Deletion is immediate — we do not soft-delete and retain data behind the scenes.
  • Account deletion. Tenant admins can request full account deletion by contacting us. We will delete all tenant data — endpoints, facts, conversations, credentials, scripts, and user records. Audit logs may be retained for up to 90 days after account deletion for security purposes, after which they are permanently deleted.
  • Backups. AWS RDS automated backups are retained per AWS default retention policy. When data is deleted from the live database, it will naturally age out of backups as they rotate.
07
Children

Children's privacy.

Aorka is an IT infrastructure management platform designed for business use. It is not directed at children under 13, and we do not knowingly collect personal information from children under 13. If we become aware that we have collected data from a child under 13, we will delete it promptly.

08
Changes

Changes to this policy.

If we make material changes to this privacy policy, we will notify active users via the platform and update the “Last revised” date at the top of this page. We will not retroactively reduce your privacy protections without notice.

09
Contact

Governing law and contact.

  • Governing law. This privacy policy is governed by the laws of the State of Texas, United States, without regard to conflict-of-law principles.
  • Contact. For privacy-related questions, data deletion requests, or concerns about your data, contact privacy@aorka.com.

Questions about your data?

We are happy to walk through exactly how your data is handled. No marketing pitch — just answers.

Request a demo