> ## Documentation Index
> Fetch the complete documentation index at: https://gr-docs.aporia.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Security & Compliance

> Aporia uses and provides a variety of tools, frameworks, and features to ensure that your data is secure.

## Ownership: You own and control your data

* You own your inputs and outputs
* You control how long your data is retained (by default, 30 days)

## Control: You decide who has access

* Enterprise-level authentication through SAML SSO
* Fine-grained control over access and available features
* Custom policies are yours alone to use and are not shared with anyone else

## Security: Comprehensive compliance

* We've been audited for SOC 2 and HIPAA compliance
* Aporia can be deployed in the same cloud provider (AWS, GCP, Azure) and region
* Private Link can be set up so all data stays in your cloud provider's backbone and does not traverse the Internet
* Data encryption at rest (AES-256) and in transit (TLS 1.2+)
* Bring your own Key encryption so you can revoke access to data at any time
* Visit our [Trust Portal](https://security.aporia.com/) to understand more about our security measures
* Aporia code is peer reviewed by developers with security training. Significant design documents go through comprehensive security reviews.