How Audra protects your bills.

Every file you upload is encrypted with AES-256-GCM in your browser using a fresh 256-bit key generated by the Web Crypto API. The plaintext bill never leaves your device. Only the ciphertext is uploaded.

The per-file key is wrapped on our server with a long-lived master key (KMS-style envelope encryption). The raw key is never written to our database. To decrypt your bill, an attacker would need both the wrapped key (in our database) and the master key (in a separate secret store) — which sit behind independent IAM boundaries.

Every database table has Postgres Row-Level Security enabled. Every query enforces auth.uid() = user_id — even an admin running raw SQL through our application can't return another user's rows. Service-role bypass is reserved for specific, audited operations (e.g., creating placeholder audit records).

Every action that touches protected data — sign-in, upload, view, delete — writes an immutable row to an append-only audit log. You can review your own log from Settings → Data.

We don't sell your data, share it with insurers or hospitals, or use it for ad targeting. We don't embed third-party trackers in the app. Our business model is people paying us for audits — not advertisers paying us for data.

From Settings → Data you can permanently delete your account and all associated bills, audits, and history. Deletion is hard-delete after a 30-day recovery grace period.

If you discover a vulnerability, email [email protected] with details. We respond to critical reports within 24 hours and aim to ship a fix within 7 days. Audra is bootstrapped, so we can't offer a formal cash bounty — but we publicly credit reporters who request it.

Please don't exfiltrate, modify, or delete customer data while testing. Use your own account for proof-of-concepts. Our machine-readable disclosure policy lives at /.well-known/security.txt.