Privacy Policy

Effective Date: October 9, 2025 | Last Updated: October 9, 2025

This Privacy Policy explains how AuraOne, Inc. ("AuraOne", "we", "our", or "us") collects, uses, shares, and protects information in connection with our websites, products, and services. We are committed to privacy by design and follow applicable laws including GDPR, CCPA, and HIPAA where applicable.

AuraOne is SOC 2 Type II certified and maintains compliance with industry-leading security and privacy frameworks. We implement robust technical and organizational measures to protect your personal data.

01. Scope & Roles

This Policy applies to personal information we process as a data controller when you interact with our websites, documentation, and marketing communications, and as a data processor when we provide Services to enterprise customers.

For processing performed on behalf of enterprise customers, our Data Processing Addendum (DPA) governs the relationship. Customer organizations maintain control over personal data processed within their AuraOne environments.

02. Information We Collect

Account & Contact

Name, email, company, job title, and authentication credentials.

Usage & Telemetry

Feature usage patterns, interaction events, performance metrics, and error rates.

Support Data

Ticket content, help desk communications, and troubleshooting logs.

Technical Logs

IP addresses, browser type, device identifiers, and security logs.

Payment Info

Billing contact and transaction history (processed via Stripe).

03. How We Use Information

Service Delivery & Operations
Security & Fraud Prevention
Service Improvement & Analytics
Legal Compliance & Obligations
Contractual Enforcement
Communications & Notifications
Safety Research (Anonymized)
Business Administration

04. GDPR Legal Bases

Contractual Necessity

Processing required to perform our contract with you (e.g., providing the Service).

Legitimate Interests

Service improvement, security monitoring, fraud prevention, and internal administration.

Legal Obligations

Compliance with tax laws, financial reporting, and data protection regulations.

Consent

Where required, we obtain explicit consent (e.g., for marketing).

06. Data Security Measures

SOC 2 Type II Certified

We implement comprehensive security measures including AES-256 encryption at rest, TLS 1.3+ in transit, strict RBAC, and 24/7 security monitoring.

End-to-End Encryption

Access Controls & MFA

VPC Network Segmentation

Regular Penetration Testing

Vulnerability Management

Incident Response Team

View full security documentation →

13. AI Model Training

We do not use customer data to train our internal AI models without explicit consent.

✓Customer-controlled training: You retain full ownership of your models and training data.
✓Aggregated analytics: We only use anonymized telemetry for platform improvement.
✓Safety Research: Conducted using synthetic or public data only.

Contact & DPO

Privacy Inquiries

For questions about this policy or to exercise your rights:

privacy@auraone.ai

Corporate Address

AuraOne, Inc.
548 Market Street, PMB 71519
San Francisco, CA 94104-5401
United States