Privacy Policy

Effective Date: October 9, 2025 | Last Updated: October 9, 2025

This Privacy Policy explains how AuraOne, Inc. ("AuraOne", "we", "our", or "us") collects, uses, shares, and protects information in connection with our websites, products, and services. We are committed to privacy by design and follow applicable laws including GDPR, CCPA, and HIPAA where applicable.

AuraOne is built with security and privacy in mind. For customers with enterprise review requirements, we provide security documentation and a controls overview as part of the procurement process.

01. Scope & Roles

This Policy applies to personal information we process as a data controller when you interact with our websites, documentation, and marketing communications, and as a data processor when we provide Services to enterprise customers.

For processing performed on behalf of enterprise customers, our Data Processing Addendum (DPA) governs the relationship. Customer organizations maintain control over personal data processed within their AuraOne environments.

02. Information We Collect

Account & Contact

Name, email, company, job title, and authentication credentials.

Usage & Telemetry

Feature usage patterns, interaction events, performance metrics, and error rates.

Support Data

Ticket content, help desk communications, and troubleshooting logs.

Technical Logs

IP addresses, browser type, device identifiers, and security logs.

Payment Info

Billing contact and transaction history (processed via Stripe).

03. How We Use Information

Service Delivery & Operations
Security & Fraud Prevention
Service Improvement & Analytics
Legal Compliance & Obligations
Contractual Enforcement
Communications & Notifications
Safety Research (Anonymized)
Business Administration

04. GDPR Legal Bases

Contractual Necessity

Processing required to perform our contract with you (e.g., providing the Service).

Legitimate Interests

Service improvement, security monitoring, fraud prevention, and internal administration.

Legal Obligations

Compliance with tax laws, financial reporting, and data protection regulations.

Consent

Where required, we obtain explicit consent (e.g., for marketing).

06. Data Security Measures

Security review kit available

We implement technical and organizational measures designed to protect personal information, including encryption in transit and at rest, access controls, and security monitoring.

Specific controls and configurations vary by deployment and customer requirements. We can share details during a security review.

Full Encryption

Access Controls & MFA

VPC Network Segmentation

Vulnerability Management

Incident Response Team

View full security documentation →

13. AI Model Training

We do not use customer data to train our internal AI models without explicit consent.

✓Customer-controlled training: You retain full ownership of your models and training data.
✓Aggregated analytics: We only use anonymized telemetry for platform improvement.
✓Safety Research: Conducted using synthetic or public data only.

Contact & DPO

Privacy Inquiries

For questions about this policy or to exercise your rights:

privacy@auraone.ai

Corporate Address

AuraOne, Inc.
548 Market Street, PMB 71519
San Francisco, CA 94104-5401
United States