Privacy Policy

Effective Date: 15/05/2025
Last Updated: 16/05/2025
Company Name: Aura AI Solutions
Contact Email: contact@auraai.uk

Aura AI Solutions (“we,” “our,” “us”) respects your privacy and is committed to protecting your personal data. This Privacy Policy explains in detail how we collect, use, share, and safeguard your information when you visit our website, use our services, or engage with our artificial intelligence (AI) platforms, products, or solutions.

This Privacy Policy applies to all data collected through our website, mobile apps, API integrations, communication channels, and any other services or platforms owned or operated by us (collectively, the “Services”).

1. Definitions

• Personal Data: Any information that identifies or can be used to identify a natural person directly or indirectly.
• Processing: Any operation performed on personal data, such as collection, storage, usage, transmission, or deletion.
• Data Controller: The party that determines the purposes and means of processing personal data.
• Data Processor: A third party that processes data on behalf of the Data Controller.
• Client Data: Data provided to us by business clients as part of using our services, including proprietary business documents, customer data, or custom datasets.
• AI Output: Any result generated by our AI systems based on user input (e.g., text completions, analytics, recommendations).

2. Scope of This Privacy Policy

This policy applies to:

• Visitors to our website
• Clients and their representatives
• Prospective clients engaging with our sales or marketing team
• End users who interact with our AI solutions
• API users and their end users
• Job applicants and contractors

This policy does not apply to third-party websites or services that we do not operate or control.

3. Information We Collect

A. Information You Provide Voluntarily

• Full name, email address, phone number, job title
• Company name, industry, company size, business type
• Login credentials, authentication tokens
• Billing information (name, address, payment method)
• User-submitted content or documents
• Support tickets and correspondence
• Survey or feedback responses
• Information submitted during demos, consultations, or contracts

B. Client Business Data

• Proprietary business documents (e.g., process documents, reports, customer communications)
• Uploaded datasets used to train custom AI models
• Data sent via API endpoints

C. Automatically Collected Information

• IP address, browser type, device model, operating system
• Pages visited, time on site, referrer URLs
• Mouse movements, scroll depth, click behavior
• API usage logs (frequency, success/failure, timestamps)

D. Third-Party Data

• Marketing data (demographics, location)
• Social media profile data
• Performance data from linked tools

4. How We Use Your Data

A. Service Delivery

• To provide and manage our AI solutions
• To authenticate users and authorize access
• To store, process, and generate AI outputs based on your data

B. Customization and Optimization

• To personalize user experiences and interfaces
• To improve the accuracy of AI predictions or recommendations
• To fine-tune AI models based on user feedback (where permitted)

C. Research and Development

• To develop new features, products, or services
• To conduct benchmarking and analytics (with aggregated or anonymized data)
• To test and validate new machine learning models

D. Marketing and Communications

• To send you relevant product updates, newsletters, and offers
• To conduct surveys, webinars, or promotional campaigns
• To manage email lists and user preferences

E. Legal and Compliance

• To comply with regulatory obligations
• To enforce contractual terms and detect fraud
• To protect our legal rights, intellectual property, and the safety of our users

5. Legal Bases for Processing (GDPR)

If you are located in the European Economic Area (EEA), our legal bases for processing include:

• Consent: For marketing communications and optional features.
• Contractual necessity: To fulfill service obligations and provide core functionality.
• Legal obligation: To comply with tax, accounting, or legal requirements.
• Legitimate interest: For improving services, ensuring security, and business analytics.

You have the right to withdraw consent at any time where consent is the basis for processing.

6. How We Share and Disclose Data

A. Service Providers

• Cloud hosting (e.g., AWS, Google Cloud)
• Payment processors (e.g., Stripe, PayPal)
• Email services (e.g., SendGrid, Mailchimp)
• Analytics and performance tools (e.g., Google Analytics, Hotjar)
• Security providers (e.g., Cloudflare)

These partners are contractually obligated to protect your data and use it only for specified purposes.

B. Affiliates and Subsidiaries

For internal operations, management, and joint offerings.

C. Business Transfers

In the case of a merger, acquisition, or asset sale, data may be transferred with appropriate safeguards.

D. Legal Obligations

If required by law, subpoena, or court order.
If necessary to prevent fraud, abuse, or a threat to user safety.

7. AI Model Training and Data Usage

• We do not use client-provided data for training shared models unless explicit, written consent is provided.
• Custom models trained on client data are siloed and not shared.
• We employ data anonymization and aggregation when using data for research or product improvements.
• Users can opt-out of data being used for training purposes.

8. International Data Transfers

Your data may be processed or stored in countries outside your jurisdiction, including the United States and countries in the EU.

To ensure adequate protection, we implement:

• Standard Contractual Clauses (SCCs)
• Data Processing Agreements (DPAs)
• Privacy Shield (if applicable) or equivalent mechanisms

9. Data Retention

We retain your data as follows:

• Account information: retained while the account is active + 6 years for legal purposes
• AI interaction data: stored as needed for product enhancement, debugging, or legal compliance
• Client project files: retained per contractual agreement
• Marketing data: until consent is withdrawn or data becomes irrelevant

You can request deletion of your data at any time, subject to applicable law.

10. Data Subject Rights

You may exercise the following rights under applicable law:

• Access: Request a copy of the personal data we hold about you.
• Rectification: Correct inaccuracies in your personal data.
• Erasure ("Right to Be Forgotten"): Request deletion of your personal data.
• Restriction: Limit how we process your personal data.
• Portability: Receive your data in a machine-readable format.
• Objection: Object to data processing under certain conditions.
• Withdraw Consent: At any time, for data processed on the basis of consent.
• Lodge Complaint: With a supervisory authority in your jurisdiction.

To make a request, email us at [your@email.com].

11. Security Measures

• TLS/SSL encryption for data in transit
• AES encryption for data at rest
• Role-based access controls and auditing
• Regular vulnerability scanning and patching
• Secure API authentication and rate limiting
• Annual third-party security audits (where applicable)

Despite our efforts, no method of transmission over the Internet is completely secure. Use caution when transmitting personal data.

12. Cookies and Tracking Technologies

We use cookies and related tools to:

• Recognize returning users
• Analyze traffic and usage patterns
• Measure the effectiveness of marketing
• Store session and preference information

Types of Cookies:

• Essential cookies: Necessary for core functionality
• Analytical cookies: Used for performance insights
• Marketing cookies: Used for advertising personalization

You can disable cookies via your browser settings or cookie management banner.

13. Third-Party Links

Our services may contain links to third-party sites. We are not responsible for the content or privacy practices of those sites. Always review the privacy policies of external services before interacting with them.

14. Children’s Privacy

Our services are intended for use by individuals aged 18 and over. We do not knowingly collect or solicit personal data from minors under 13 (or 16 in jurisdictions where consent laws differ). If we discover we have collected personal data from a child without verification of parental consent, we will delete it promptly.

15. Automated Decision-Making and Profiling

Some of our services may include automated processes such as:

• AI-generated recommendations
• Predictive analytics
• Content classification

These processes are intended to support, not replace, human decision-making. Clients may request human review of automated decisions where applicable.

16. Policy Updates

We may revise this Privacy Policy from time to time. Any changes will be posted on this page with an updated "Last Updated" date. If we make material changes, we may notify you via email or platform alert.

We encourage you to review this Privacy Policy regularly.

17. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data handling practices, please contact us at:

Company Name: Aura AI Solutions
Email: contact@auraai.uk