Privacy Policy

Datenschutzerklärung — Last updated: April 14, 2026

1. Controller / Verantwortlicher

2. Overview

Aurora AI Solutions Studio UG ("Aurora," "we," "us") operates multiple AI-powered software products under the domain helloaurora.ai. This privacy policy applies to all Aurora products: VeritasX, ContentPulse, ClientPulse, and AgentForge, as well as the Aurora company website.

We process personal data in compliance with the EU General Data Protection Regulation (GDPR/DSGVO), the German Federal Data Protection Act (BDSG), and the German Telemedia Act (TMG/TTDSG).

3. What Data We Collect

3.1 Account Data

When you create an account, we collect: email address, hashed password (via Supabase Auth), and account creation timestamp. Legal basis: Art. 6(1)(b) GDPR — necessary for contract performance.

3.2 Usage Data

We track: number of analyses performed (for free-tier usage enforcement), which features you use, and timestamps of usage. Legal basis: Art. 6(1)(b) GDPR — necessary for service delivery and tier enforcement.

3.3 Content You Submit

When you use our AI-powered tools, we process the text content you submit (e.g., source articles, transcripts, posts, threads, client communications). This content is sent to AI providers (Anthropic, OpenAI, Google, and — for legacy VeritasX usage — xAI) for analysis or generation. We store the inputs, generated outputs, and rewrite history in our database so you can review, edit, re-run, and export your work. Legal basis: Art. 6(1)(b) GDPR — necessary for contract performance.

3.4 Payment Data

Payment processing is handled entirely by Stripe. We do not store credit card numbers or bank account details. We receive from Stripe: subscription status, plan type, customer ID, and payment timestamps. Legal basis: Art. 6(1)(b) GDPR — necessary for contract performance.

3.5 Connected Publishing Accounts (X, LinkedIn, WordPress)

If you connect a third-party publishing or social account via OAuth 2.0 — available in VeritasX (X) and ContentPulse (X/Twitter, LinkedIn, WordPress) — we receive the following for each connection:

• X (Twitter) OAuth 2.0 PKCE: username, display name, profile image URL, and an access/refresh token pair. Used for profile context, performance tracking (VeritasX), and direct publishing of ContentPulse-generated posts to your authenticated account.
• LinkedIn OAuth 2.0: member ID, name, profile image URL, and an access token. Used solely to publish ContentPulse-generated posts to your authenticated account. We do not read your feed or your connections.
• WordPress (self-hosted or WordPress.com REST API): the site URL and Application Password / OAuth credential you supply. Used solely to publish ContentPulse-generated posts as drafts or published articles on the site you authorise. We do not read posts, comments, users, or settings beyond what is required to create the new content.

Tokens are stored encrypted at rest and are scoped to the minimum permissions required for publishing. You can disconnect any integration at any time from the in-app settings, which triggers token deletion within 30 days. Legal basis: Art. 6(1)(a) GDPR — your explicit consent; Art. 6(1)(b) GDPR — performance of the publishing contract.

3.6 Voice Profile Data (Voice Fingerprint / ContentPulse Brand Voice Engine)

If you use VeritasX's Voice Fingerprint feature or ContentPulse's Brand Voice Engine, we build a writing-style profile from content you submit or approve. The profile includes vocabulary patterns, tone preferences, hook styles, sentence structure, and — for ContentPulse — platform-specific variants. It does not include biometric voice data (no audio voiceprints, no physiological identifiers); the term "voice" refers to writing style.

For ContentPulse specifically, the profile is supported by three layers: (1) a style-guide summary, (2) performance-learning signals derived from your approvals, rejections, and edits (the "Recursive Learning Loop"), and (3) a pgvector retrieval-augmented generation (RAG) index of short stylistic samples ("voice_samples") stored in our EU Supabase database. Samples are text-only, scoped to your workspace by row-level security, and never shared across accounts. Legal basis: Art. 6(1)(b) GDPR — necessary for the personalised service you requested.

3.7 Server Logs

Our hosting providers automatically collect: IP address, browser type, referring URL, pages visited, and access timestamps. This data is used for security monitoring and abuse prevention. Legal basis: Art. 6(1)(f) GDPR — legitimate interest in security.

4. Data Processors & Third-Party Services

We use the following third-party services to operate our products. All US-based processors either participate in the EU-US Data Privacy Framework (DPF) or are bound by Standard Contractual Clauses (SCCs) pursuant to Art. 46(2)(c) GDPR.

Service	Purpose	Location	Products
Supabase Inc.	Database, authentication, row-level security	EU (AWS eu-central-1, Frankfurt)	VeritasX ContentPulse ClientPulse Aurora-Core
Supabase Inc.	Database, authentication, row-level security	US (AWS us-east-2)	AgentForge
Vercel Inc.	Web hosting, edge functions, CDN	Compute: Frankfurt (fra1) for VeritasX, ContentPulse, ClientPulse, Aurora-Core. Compute: Washington DC (iad1) for AgentForge. CDN edge: globally distributed via Vercel's anycast network.	All Products
Cloudflare Inc.	DNS, DDoS protection, email routing	US (Global)	All Products
Resend Inc.	Transactional email delivery (signup confirmations, password resets, account notifications). Sub-processor: Amazon Web Services EMEA SARL (EU operator of SES).	EU (AWS eu-west-1, Ireland)	All Products
Anthropic PBC	AI analysis, content generation (Claude API)	US	All Products
Stripe Inc.	Payment processing, subscriptions, invoicing	US	VeritasX ContentPulse ClientPulse
xAI Corp.	Bot detection (Grok API), X OAuth	US	VeritasX
OpenAI Inc.	Text embeddings (text-embedding-3-small); audio transcription via Whisper (ClientPulse meeting recordings uploaded for transcription)	US	ContentPulse ClientPulse
AssemblyAI, Inc.	Speech-to-text transcription of user-uploaded podcast/video audio files for ContentPulse content repurposing. Per AssemblyAI's API terms as of April 2026, uploaded audio and transcripts are not used to train their models.	US	ContentPulse
Inngest, Inc.	Background job orchestration (transcription dispatch, multi-stage content generation pipeline, scheduled publishing, learning-loop rebuilds). Jobs carry content IDs and generation context; the underlying content remains in our Supabase EU database.	US	ContentPulse
LinkedIn Corporation	LinkedIn OAuth 2.0 authentication; REST Publishing API (post ContentPulse-generated content to your authenticated LinkedIn account on your instruction).	US (DPF-certified)	ContentPulse
WordPress sites (your chosen destinations)	When you connect a WordPress site to ContentPulse for direct publishing, the site operator acts as an independent controller for content you publish. ContentPulse transmits generated posts to the site URL and credentials you provide.	Operator-dependent	ContentPulse
Google LLC	Google OAuth 2.0 authentication; Gmail API (read/analyze inbound & outbound client communications where the user grants read access); Google Calendar API (read/sync events for meeting intelligence and client context). Only metadata and user-authorized mailboxes/calendars are accessed; scopes are minimised and revocable at any time.	US (DPF-certified)	ClientPulse
Zoom Video Communications, Inc.	Zoom OAuth 2.0 authentication; Recordings & Transcripts APIs (retrieve cloud recordings and meeting metadata for Meeting Intelligence). Access is limited to meetings the authenticated user participates in and can be revoked at any time.	US (DPF-certified)	ClientPulse
X Corp. (Twitter)	OAuth 2.0 authentication, user profile data	US	VeritasX
Railway Corp.	Backend API hosting (FastAPI)	US	AgentForge
Langfuse GmbH	AI observability, tracing	EU (Berlin)	AgentForge
GitHub Inc.	Source code hosting, CI/CD	US	All Products

Financial infrastructure (mentioned for transparency): Funds received via Stripe are deposited into our business bank account at Qonto (France/EU) and multi-currency account at Wise (EU/Global). These institutions act as independent data controllers under banking regulations and are not data processors under this policy.

5. International Data Transfers

The majority of our data processors are based in the United States. We ensure lawful data transfers through the following mechanisms:

• EU-US Data Privacy Framework (DPF): For processors certified under the DPF (Stripe, Cloudflare, Vercel, GitHub, OpenAI, Anthropic, Resend, Google, Zoom, LinkedIn).
• Standard Contractual Clauses (SCCs): For non-DPF US-incorporated processors and as a backup safeguard, we rely on the European Commission's Standard Contractual Clauses pursuant to Art. 46(2)(c) GDPR.
• Supplementary measures: Encryption in transit (TLS 1.3), encryption at rest (AES-256), row-level security policies enforced at the database layer, and data residency in EU regions where supported (Supabase eu-central-1 for all products except AgentForge; Resend eu-west-1; Vercel fra1 for all products except AgentForge).

6. How AI Processes Your Data

When you use our AI-powered features, the text you submit is sent to AI providers (Anthropic Claude, xAI Grok, OpenAI) via their APIs. Important details:

• Anthropic, xAI, and OpenAI do not use data submitted via their APIs to train their models (per their API data usage policies as of April 2026). We monitor changes to these policies and will update users via email if a provider changes its training opt-out posture.
• Your submitted content is processed in real time and not permanently stored by the AI provider.
• AI-generated results (rewrites, scores, analysis) are stored in our Supabase database and linked to your account.
• Voice Fingerprint profiles are derived solely from your stored analyses and do not include any biometric data.

6b. ContentPulse-Specific Processing

ContentPulse is an AI Content Repurposing Studio. When you use ContentPulse, we process the following data categories for the purposes listed. Legal basis: Art. 6(1)(b) GDPR — performance of the ContentPulse service contract; Art. 6(1)(a) GDPR — your explicit consent for each connected publishing integration.

• Source content you submit: Long-form text, blog posts, transcripts, and user-provided URLs (e.g., podcast or YouTube links) are ingested and segmented by the Content Intelligence pipeline to produce platform-specific derivatives.
• Uploaded audio/video files: If you upload a podcast or video file, it is stored temporarily in our Supabase EU (Frankfurt) Storage "media" bucket, transcribed via AssemblyAI (and/or OpenAI Whisper), and then processed by our Generation Agent. Raw uploaded media is retained only as long as required to complete transcription and the immediate repurposing pipeline, and is purged within 30 days of upload; the resulting transcript is retained with the linked repurpose record.
• Generated outputs (repurposes): ContentPulse produces up to 50+ platform-optimised derivatives per source across 19+ platforms (X/Twitter, LinkedIn, Blog, Substack, Threads, Instagram captions, Facebook, TikTok captions, Reddit, Bluesky, Medium, short-form video scripts, email sequences, podcast show notes, etc.). These derivatives are stored in our Supabase EU database linked to your workspace and subject to row-level security.
• Brand Voice Engine data: As described in §3.6, ContentPulse maintains voice profiles, voice samples (text only), voice corrections, and recursive-learning signals derived from your approvals, rejections, and edits. These are used exclusively to improve generation quality for your own workspace and are never shared across accounts.
• Publishing connections: Where you connect X/Twitter, LinkedIn, or WordPress (see §3.5), ContentPulse sends generated posts to those destinations only on your explicit instruction (manual publish or scheduled publish that you have configured). No automated publishing occurs without your prior action.
• Background job processing (Inngest): Transcription dispatch, multi-stage generation, QA-Agent evaluation, publishing, and learning-loop rebuilds run as background jobs. Job payloads reference internal content IDs; the content itself stays in our Supabase EU database.
• Human review of AI outputs: All ContentPulse-generated content passes through a Kanban review queue. You can edit, approve, reject, or delete any item before publishing. No item is automatically posted to a third-party platform without your explicit approval or a schedule you have configured. This supports your Art. 22 GDPR right not to be subject to solely automated decision-making.
• Anti-distillation note: ContentPulse does not expose your raw voice profile, voice samples, or recursive-learning signals to any third party, and does not use your Agency-tier clients' voice data to train models available to other accounts.

6a. ClientPulse-Specific Processing

ClientPulse is an AI Client Health Intelligence product for agencies. When you connect ClientPulse to third-party systems (Gmail, Google Calendar, Zoom, Stripe, Slack), we process the following data categories for the purposes listed. Each integration is user-authorized via OAuth 2.0 and can be revoked at any time from the in-app Integrations settings; revocation triggers deletion of stored tokens and associated derivative data within 30 days.

• Email content and metadata (Gmail, user-authorized mailboxes): Subject lines, sender/recipient, timestamps, and message bodies are analysed to produce client-health signals (response latency, sentiment shifts, escalation risk). Raw email bodies are stored only when required for downstream agent processing and are purged after 180 days or on integration revocation, whichever is sooner.
• Calendar events (Google Calendar, user-authorized calendars): Event titles, participants, start/end times, and descriptions are used to build client-meeting cadence and upcoming-engagement context. Full event bodies are not retained beyond the rolling 90-day context window.
• Meeting recordings and transcripts (Zoom cloud recordings): Audio files retrieved from Zoom are transcribed using OpenAI Whisper and analysed by Anthropic Claude for sentiment, talk-time ratios, commitment/action-item extraction, and client-health signals. Transcripts are retained for 365 days for product functionality (trend analysis, learning loops); raw audio files are discarded immediately after transcription. Users may delete any individual meeting record on demand.
• Payment/subscription data (Stripe Connect, optional): Invoice status, MRR, payment-failure events, and subscription lifecycle events are ingested to produce financial-health signals (late payments, downgrade risk, expansion signals). No card or bank-account numbers are retrieved or stored.
• Workspace messages (Slack, optional, channels the user explicitly connects): Channel messages relevant to client work are ingested for context and health scoring. Direct messages are never ingested.
• Derived outputs: ClientPulse produces health scores, risk predictions, suggested actions, recursive-learning snapshots, and Monday Brief summaries. These derivatives are stored in our Supabase EU (Frankfurt) database, linked to your agency workspace, and subject to the same access controls (RLS) as your other data.
• Human review of AI outputs: All ClientPulse AI outputs are informational or suggestive; they do not execute binding actions on third-party systems without explicit user approval. Users can review, correct, or reject any AI-generated suggestion. This supports your Art. 22 GDPR right not to be subject to solely automated decision-making.

7. Your Rights Under GDPR

As a data subject, you have the following rights under GDPR. To exercise any of these rights, contact us at privacy@helloaurora.ai.

• Right of access (Art. 15): Request a copy of all personal data we hold about you.
• Right to rectification (Art. 16): Request correction of inaccurate data.
• Right to erasure (Art. 17): Request deletion of your personal data ("right to be forgotten").
• Right to restriction (Art. 18): Request restricted processing of your data.
• Right to data portability (Art. 20): Receive your data in a machine-readable format.
• Right to object (Art. 21): Object to processing based on legitimate interest.
• Right to withdraw consent (Art. 7(3)): Withdraw consent at any time (e.g., X OAuth connection) without affecting prior lawful processing.

We will respond to your request within 30 days. If we need more time, we will notify you within the initial 30-day period.

8. Data Retention

• Account data: Retained for the duration of your account. Deleted within 30 days of account deletion.
• Analysis history: Retained for the duration of your account. You can delete individual analyses at any time.
• Voice profiles: Deleted immediately when you reset your profile or delete your account.
• Payment records: Retained for 10 years as required by German tax law (§ 147 AO, § 257 HGB).
• Server logs: Automatically purged after 90 days.
• X OAuth tokens: Deleted immediately when you disconnect your X account or delete your Aurora account.
• ContentPulse LinkedIn and WordPress publishing credentials: Deleted within 30 days when you disconnect the integration or delete your Aurora account.
• ContentPulse uploaded media (audio/video): Raw uploads in the Supabase Storage "media" bucket are retained only as long as required to complete transcription and the immediate repurposing pipeline, and are purged within 30 days of upload. Transcripts and generated derivatives are retained with the linked repurpose record for the duration of your workspace account.
• ContentPulse voice samples, voice corrections, and learning signals: Retained for the duration of your workspace account and deleted when you reset your voice profile or delete your Aurora account.
• ClientPulse OAuth tokens (Gmail, Google Calendar, Zoom, Stripe, Slack): Deleted within 30 days when you disconnect the integration or delete your Aurora account. Revocation is also propagated to the provider via their OAuth revocation endpoint where supported.
• ClientPulse meeting transcripts: Retained for 365 days from creation, then automatically purged. Users may delete individual transcripts on demand.
• ClientPulse email content (raw bodies): Retained for 180 days from ingestion, then automatically purged. Derived signals (health scores, sentiment deltas) are retained for the duration of the workspace account.
• ClientPulse calendar events (full bodies): Rolling 90-day context window, then purged. Event metadata used for trend analysis is retained for the duration of the workspace account.
• ClientPulse raw audio from Zoom recordings: Discarded immediately after transcription; never persisted.

9. Data Security

We implement the following technical and organizational measures to protect your data:

• All data transmitted via HTTPS/TLS 1.3 encryption.
• Row-Level Security (RLS) on all database tables — users can only access their own data.
• Passwords hashed using bcrypt (via Supabase Auth).
• API keys and secrets stored in encrypted environment variables (never in source code).
• OAuth tokens encrypted at rest in the database.
• Regular security audits and dependency vulnerability scanning.

10. Children's Privacy

Our services are not intended for individuals under the age of 16. We do not knowingly collect personal data from children. If we become aware that a child under 16 has provided us with personal data, we will delete it promptly.

11. Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority. The competent authority for Aurora is:

12. Changes to This Policy

We may update this privacy policy from time to time. Material changes will be communicated via email to registered users. The "Last updated" date at the top of this page reflects the most recent revision.