Privacy Notice

Aura AI (“Aura AI”, “we”, “us”) provides this AI chat service. We are the data controller for the personal data described below. Contact us at support@auragptai.digital.

• Account data — name, email address, login credentials, profile preferences.
• Conversation data — the prompts you submit and the AI outputs generated for you, stored so you can review your history.
• Support messages — any messages you send to support, including attachments.
• Usage and telemetry — pages viewed, features used, device type, browser, approximate location derived from IP, and timestamps.
• Technical identifiers — IP address, device identifiers, cookies and similar storage.
• Billing data — collected and processed by our payment provider Paddle; we receive limited summary data (e.g. country, subscription status) but not full card details.

• Provide the service (contract): create your account, run AI conversations, manage your subscription.
• Security and fraud prevention (legitimate interests / legal obligation): detect abuse, prevent unauthorised access, log security events.
• Customer support (contract / legitimate interests): respond to your questions and troubleshoot issues.
• Product improvement (legitimate interests): understand aggregate usage to improve features. We do not train AI models on your conversations.
• Service emails (contract / legitimate interests): send transactional emails such as receipts, security alerts, and subscription notifications.
• Marketing emails (consent): only if you have opted in. You can unsubscribe at any time.
• Legal compliance (legal obligation): respond to lawful requests and meet tax, accounting, and consumer-protection obligations.

• Service providers (subprocessors) — hosting, database, email delivery, analytics, error monitoring, and customer-support tooling. They process data only on our instructions.
• AI providers — your prompts are sent to upstream large-language-model providers (e.g. OpenAI, Google) to generate responses. They process the data under their own privacy and security commitments.
• Paddle, our Merchant of Record — handles checkout, subscription management, payments, tax compliance, refunds, and invoicing.
• Professional advisers — legal, accounting, and similar advisers, when needed.
• Authorities — where required by law, court order, or to protect rights and safety.

We never sell your personal data.

Some of our service providers are located outside your country, including in the United States. Where personal data leaves the UK or EEA, we rely on appropriate safeguards (such as the European Commission’s Standard Contractual Clauses or an adequacy decision) to protect it.

We keep personal data only as long as we need it for the purposes above, or as required by law (for example, billing records for tax purposes). When data is no longer needed, we delete or anonymise it. You can delete your account from your settings at any time; we will then delete or anonymise your personal data within a reasonable period, except where retention is legally required.

Depending on where you live, you have the right to:

• access the personal data we hold about you
• correct inaccurate or incomplete data
• request deletion of your data
• restrict or object to certain processing
• request a copy of your data in a portable format
• withdraw consent at any time, where processing is based on consent
• lodge a complaint with your local data-protection authority

To exercise any of these rights, email support@auragptai.digital. We will respond within one month.

We use appropriate technical and organisational measures — including encryption in transit, access controls, audit logging, and least-privilege database policies — to protect your personal data. No online service is 100% secure, but we work to minimise risk.

We use:

• Essential cookies — required for login, sessions, and security.
• Analytics cookies — to understand aggregate usage and improve the product.

You can manage cookies in your browser settings.

Aura AI is not intended for children under 16 (or the age of digital consent in your country). We do not knowingly collect personal data from children. If you believe a child has provided us data, contact us and we will delete it.

We may update this notice from time to time. Material changes will be notified by email or in-app before they take effect.