This Privacy Policy explains how Auroxa (“we”, “us”, or “our”) collects, uses, and protects information about you when you use our platform (the “Service”). By creating an account or using the Service, you agree to the practices described below.
When you register, we collect your name, email address, and password (stored as a secure hash — we never store your plaintext password). If you sign up via Google OAuth, we receive your name and email from Google.
We automatically log how you interact with the Service: pages visited, features used, AI generation requests, keyword queries, content created, and event timestamps.
We collect IP addresses, browser type, operating system, device identifiers, and error logs to maintain platform reliability and security.
Payments are processed by Stripe, Inc. We do not store your full card number. We retain your Stripe customer ID and subscription status to manage your plan.
If you connect external services (Google Search Console, WordPress, Shopify, Google Business Profile), we store the access tokens and data retrieved from those services solely to provide the features you requested.
We do not sell your personal data to third parties. We do not use your data to train AI models without your explicit, separate consent.
We share data only with the third-party providers listed below, strictly as necessary to operate the Service. Each provider is contractually obligated to protect your data.
| Provider | Purpose |
|---|---|
| Supabase | Database hosting and authentication |
| Stripe | Payment processing and subscription management |
| Vercel | Application hosting and edge delivery |
| Anthropic (Claude) | AI content generation |
| Google (Gemini) | AI strategy analysis |
| Resend | Transactional email delivery |
| DataForSEO | SEO data (SERP, keywords, backlinks) |
| Sentry | Error monitoring and crash reporting |
We retain your personal data for as long as your account is active. If you close your account, we will delete or anonymize your personal data within 30 days, except where retention is required by law (e.g., billing records are retained for 7 years per financial regulations). Aggregated, anonymized usage statistics may be retained indefinitely.
Depending on your jurisdiction (including GDPR and CCPA), you may have the right to:
To exercise any right, email us at privacy@auroxa.io. We will respond within 30 days.
We use cookies to maintain your session and remember your preferences. We use Vercel Analytics for anonymized, aggregate traffic analysis — no personally identifiable information is transmitted. You may disable cookies in your browser settings; this may limit Service functionality.
We apply industry-standard security measures: TLS encryption in transit, hashed passwords, row-level security on our database, SHA-256 hashed API keys, and periodic security reviews. No transmission over the Internet is 100% secure; we cannot guarantee absolute security and are not liable for unauthorized access beyond our reasonable control.
The Service is not directed at individuals under 16. We do not knowingly collect data from children. If you believe a child has provided us personal data, contact us and we will delete it immediately.
Your data may be processed in countries other than your own (including the United States) by our service providers. By using the Service you consent to such transfers. We require all processors to maintain appropriate safeguards.
If you are located in the European Union or European Economic Area, the following applies to you under the General Data Protection Regulation (GDPR):
We process your personal data on the following legal bases: (a) Contract performance — processing necessary to provide the Service you subscribed to; (b) Legitimate interests — fraud prevention, platform security, and service improvement; (c) Legal obligation — where required by applicable law (e.g., financial record keeping); (d) Consent — for optional marketing communications, which you may withdraw at any time.
In addition to the rights listed in Section 5, EU/EEA residents have the right to: (a) restrict processing of your data while a dispute is resolved; (b) not be subject to solely automated decision-making that produces significant legal effects. To exercise any right, email privacy@auroxa.io. We will respond within 30 days.
You have the right to lodge a complaint with your local data protection supervisory authority. In the EU, you may contact the supervisory authority in your country of residence. A full list is available at edpb.europa.eu. We would, however, appreciate the opportunity to address your concerns directly before you contact a regulator.
Your data may be transferred to and processed in countries outside the EU/EEA (including Canada and the United States) by our service providers. Canada is recognized by the European Commission as providing adequate data protection. For transfers to the United States, we rely on Standard Contractual Clauses (SCCs) or the service provider's participation in an approved transfer mechanism.
We may update this policy periodically. Material changes will be communicated via email or in-app notification at least 14 days before taking effect. Continued use after that date constitutes acceptance.
Questions or requests: privacy@auroxa.io