This Privacy Policy explains how Auroxa (“we”, “us”, or “our”) collects, uses, and protects information about you when you use our platform (the “Service”). By creating an account or using the Service, you agree to the practices described below.
When you register, we collect your name, email address, and password (stored as a secure hash — we never store your plaintext password). If you sign up via Google OAuth, we receive your name and email from Google.
We automatically log how you interact with the Service: pages visited, features used, AI generation requests, keyword queries, content created, and event timestamps.
We collect IP addresses, browser type, operating system, device identifiers, and error logs to maintain platform reliability and security.
Payments are processed by Stripe, Inc. We do not store your full card number. We retain your Stripe customer ID and subscription status to manage your plan.
If you connect external services (Google Search Console, Google Analytics 4, WordPress, Shopify, Ghost, HubSpot, Webflow, Google Business Profile), we store the access tokens and data retrieved from those services solely to provide the features you requested. You may disconnect any integration at any time from your account settings; on disconnect, the stored access tokens are deleted and we revoke our refresh token with the provider.
When you connect Google Search Console, Auroxa uses the https://www.googleapis.com/auth/webmasters.readonly OAuth scope to read search performance data (impressions, clicks, queries, and indexing status) for your own verified properties. This data is used solely to display search-performance insights inside Auroxa to you, the account owner. We do not share GSC data with third parties, do not use it to train AI models, and do not sell it. Auroxa's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
When you connect Google Analytics 4, Auroxa uses the https://www.googleapis.com/auth/analytics.readonly OAuth scope to read aggregated session counts, conversion counts, and revenue figures for the pages on your site that Auroxa has published. This data is used solely to display the “Revenue Attribution” and “Traffic Growth” dashboards inside Auroxa to you, the account owner. We do not share GA4 data with third parties, do not use it to train AI models, and do not sell it. Auroxa's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
We do not sell your personal data to third parties. We do not use your data to train AI models without your explicit, separate consent.
We share data only with the third-party providers listed below, strictly as necessary to operate the Service. Each provider is contractually obligated to protect your data.
| Provider | Purpose |
|---|---|
| Supabase | Database hosting and authentication |
| Stripe | Payment processing and subscription management |
| Vercel | Application hosting and edge delivery |
| Anthropic (Claude) | AI content generation |
| Google (Gemini) | AI strategy analysis |
| Google Analytics 4 | Reading aggregated traffic and revenue data from your GA4 property (only when you connect it) |
| Resend | Transactional email delivery |
| DataForSEO | SEO data (SERP, keywords, backlinks) |
| Sentry | Error monitoring and crash reporting |
We retain your personal data for as long as your account is active. If you close your account, we will delete or anonymize your personal data within 30 days, except where retention is required by law (e.g., billing records are retained for 7 years per financial regulations). Aggregated, anonymized usage statistics may be retained indefinitely.
Depending on your jurisdiction (including GDPR and CCPA), you may have the right to:
To exercise any right, email us at privacy@auroxa.app. We will respond within 30 days.
We use cookies to maintain your session and remember your preferences. We use Vercel Analytics for anonymized, aggregate traffic analysis — no personally identifiable information is transmitted. You may disable cookies in your browser settings; this may limit Service functionality.
We apply industry-standard security measures: TLS encryption in transit, hashed passwords, row-level security on our database, SHA-256 hashed API keys, and periodic security reviews. No transmission over the Internet is 100% secure; we cannot guarantee absolute security and are not liable for unauthorized access beyond our reasonable control.
The Service is not directed at individuals under 16. We do not knowingly collect data from children. If you believe a child has provided us personal data, contact us and we will delete it immediately.
Your data may be processed in countries other than your own (including the United States) by our service providers. By using the Service you consent to such transfers. We require all processors to maintain appropriate safeguards.
If you are located in the European Union or European Economic Area, the following applies to you under the General Data Protection Regulation (GDPR):
We process your personal data on the following legal bases: (a) Contract performance — processing necessary to provide the Service you subscribed to; (b) Legitimate interests — fraud prevention, platform security, and service improvement; (c) Legal obligation — where required by applicable law (e.g., financial record keeping); (d) Consent — for optional marketing communications, which you may withdraw at any time.
In addition to the rights listed in Section 5, EU/EEA residents have the right to: (a) restrict processing of your data while a dispute is resolved; (b) not be subject to solely automated decision-making that produces significant legal effects. To exercise any right, email privacy@auroxa.app. We will respond within 30 days.
You have the right to lodge a complaint with your local data protection supervisory authority. In the EU, you may contact the supervisory authority in your country of residence. A full list is available at edpb.europa.eu. We would, however, appreciate the opportunity to address your concerns directly before you contact a regulator.
Your data may be transferred to and processed in countries outside the EU/EEA (including Canada and the United States) by our service providers. Canada is recognized by the European Commission as providing adequate data protection. For transfers to the United States, we rely on Standard Contractual Clauses (SCCs) or the service provider's participation in an approved transfer mechanism.
Auroxa is operated from Manitoba, Canada, and complies with the Personal Information Protection and Electronic Documents Act (PIPEDA). We collect, use, and disclose personal information only for the purposes described in this policy, with your consent or as permitted by law. You may access or correct your personal information, or withdraw consent, by emailing privacy@auroxa.app. If you are not satisfied with our response, you may contact the Office of the Privacy Commissioner of Canada at priv.gc.ca.
We may update this policy periodically. Material changes will be communicated via email or in-app notification at least 14 days before taking effect. Continued use after that date constitutes acceptance.
Questions or requests: privacy@auroxa.app