Security
How we protect your studio data.
Aureo is built around a simple idea: your data should stay yours. Everything about the architecture is designed to keep your studio information private, secure, and under your control.
Local-First by Design
Your project files, setups, and studio data are stored locally on your machine. There are no cloud accounts, no remote databases, and no server-side storage of your content. The app works fully offline after initial activation.
Encryption
Aureo offers optional AES-256-GCM authenticated encryption for sensitive fields like serial numbers and license keys. Encryption is initiated by you, controlled by you, and happens entirely on your device. Your passphrase is never transmitted or stored on our servers.
Vault Integrity
Your local vault uses checksum-based verification to detect corruption or unexpected changes. When data is imported into the vault, it is validated before being applied — preventing malformed or tampered data from affecting your studio.
Device Fingerprinting
License activations are tied to a hardware-derived device fingerprint. No personal information is used in the fingerprint — it is generated from non-identifying hardware characteristics and stays on your device.
Catalog Verification
The product catalog is open source and publicly hosted. Before applying any catalog update, Aureo verifies a cryptographic signature to ensure the data has not been tampered with in transit.
Responsible Disclosure
If you discover a security vulnerability in Aureo, please report it to [email protected]. We take all reports seriously and will respond as quickly as possible.