Privacy Policy

AURUS AI ("we", "us") is the data controller for personal data collected through the platform at aurusinsight.com. For questions, contact our Data Protection Officer at privacy@aurusinsight.com.

• Account data: email address, display name, avatar (when provided).
• Usage data: pages visited, features used, preferences, language selection.
• Portfolio data: metal holdings, purchase prices, and dates you enter voluntarily.
• Payment data: processed exclusively by Stripe. We never store credit card numbers.
• Technical data: IP address, browser type, device type, operating system.
• Cookies: essential cookies for authentication and session management.

• To provide and improve the Service (AI predictions, portfolio tracking, alerts).
• To manage your account and subscription.
• To send transactional emails (account verification, password reset, billing).
• To send optional notifications (price alerts, signals) — only with your consent.
• To analyze platform usage and improve features (anonymized analytics).
• To comply with legal obligations.

We use essential cookies for authentication and session management. We do not use third-party advertising cookies. Analytics cookies (if any) are anonymized. You can manage cookie preferences in your browser settings. Disabling essential cookies may prevent you from using the Service.

We do not sell your personal data. We share data only with:

• Stripe: for payment processing (PCI-DSS compliant).
• Supabase: for database hosting and authentication (SOC 2 compliant).
• Telegram: only if you connect your Telegram account for signal notifications.
• Legal authorities: when required by law or valid legal process.

Account data is retained for the duration of your account. Portfolio and usage data is deleted within 30 days of account deletion. Payment records are retained as required by tax and accounting regulations (typically 7 years). You may request data deletion at any time.

Under the General Data Protection Regulation, you have the right to:

• Access: request a copy of your personal data.
• Rectification: correct inaccurate data.
• Erasure: request deletion of your data ("right to be forgotten").
• Portability: receive your data in a machine-readable format.
• Restriction: limit how we process your data.
• Objection: object to processing based on legitimate interests.
• Withdraw consent: at any time, without affecting prior processing.

To exercise these rights, email privacy@aurusinsight.com. We will respond within 30 days.

We implement industry-standard security measures including TLS 1.3 encryption in transit, AES-256 encryption at rest, Row Level Security for database access control, and regular security audits. Despite these measures, no system is 100% secure.

Your data may be processed in the European Union and the United States (via our infrastructure providers). Transfers outside the EU are covered by Standard Contractual Clauses or equivalent safeguards.

The Service is not intended for individuals under 18 years of age. We do not knowingly collect personal data from minors. If we learn that we have collected data from a child, we will delete it promptly.

We may update this Privacy Policy periodically. Material changes will be communicated via email or in-app notification. The "Last updated" date at the top reflects the most recent revision.

Data Protection Officer: privacy@aurusinsight.com
You also have the right to lodge a complaint with your local data protection authority.