Privacy Policy

Your Aurora vault is end-to-end encrypted with keys derived from your password — we cannot read it.

We do not train models on your data by default. The toggle is opt-out, not opt-in.

You can export everything (Markdown + JSON) and delete your account at any time. Hard delete completes within 30 days.

We are GDPR, CCPA, and SOC 2 Type II compliant. Data residency: US, EU, or Asia Pacific (your choice at signup).

Account data — email, name, billing details (Stripe handles card data; we never see it).

Usage data — module-level activity counts (e.g., number of messages this month) to enforce plan limits and improve product.

Content data — notes, conversations, files you create. Encrypted in your vault. We have no way to read it.

Telemetry — privacy-respecting, aggregated, anonymous (page views, performance). No third-party trackers.

Sell your data to anyone. Ever. There is no business model in which we would.

Train external models on your content. By default we don't even use your data to train our own internal routing.

Share content with employees. Engineers cannot read your notes or conversations.

Track you across the web. We do not embed third-party ad pixels, analytics that follow you off-site, or tracking cookies.

Stripe (payments), Resend (transactional email), Vercel (hosting), Supabase (database in the region you chose).

AI inference is routed across OpenAI, Anthropic, Google, and Perplexity per the model you select. None of them retain your data — we set explicit no-train + zero-retention flags.

Full sub-processor list and DPA available at /security.

Access — request a copy of your data anytime (Settings → Export).

Erasure — delete your account anytime (Settings → Danger Zone). Hard delete within 30 days.

Portability — Markdown + JSON export, no lock-in.

Object — opt out of any non-essential processing in Settings.

EU and California residents have additional rights under GDPR and CCPA. Email privacy@aurora.app to invoke them.

Aurora is not for children under 13 (or 16 in the EU). We do not knowingly collect their data. If you believe a minor has signed up, email privacy@aurora.app and we will delete the account within 7 days.

We will email you at least 30 days before any material change to this policy. The current version is dated below.

Email: privacy@aurora.app

Postal: Aurora Labs Inc., 548 Market St #95138, San Francisco, CA 94104, USA

EU representative on request.