Privacy Policy
Last updated October 20, 2024
Greetings from Aurora First, Inc. (“Aurora”, “we”, “us”, or “our”).
This Privacy Policy explains our approach to the processing of personal data and outlines how we may collect, record, organize, store, use, and disclose (share but not sell) (“process”) your personal data when you engage with our Services directly (when you provide your personal data to us) or indirectly (when someone provides your personal data to us on your behalf).
Before you share any personal data with us, make sure to read our Privacy Policy or have your parent or guardian read and explain it to you. You can address your questions or comments to us using our contact details in Section “Contact information”.
Definitions:
Some words in this Privacy Policy and in our data-related documentation have specific meanings defined herein. A word with a specific meaning can be identified either by its context of use or by its use with a capitalized first letter.
The meanings of these words are defined as follows:
“You” is an individual accessing or using our Service. For the purposes of better compatibility of the provisions of this User Agreement with applicable laws and regulations, you can be referred to as the “Data Subject” and the “User”.
“Information system” is a set of components and resources utilized in the course of our activities, including to provide our Services. It includes hardware, software, and network systems necessary for providing our Services and processing data, such as servers, communication platforms, and security systems.
“Data” is any information within Information system that is used in the course of our activities, including in our Services. Data includes User Input, AI Output, and Usage Data, some of which may qualify as Personal data under applicable laws and regulations.
“User Input” is any information that you directly provide us in the course of our activities, including through your access to and use of our Services.
“AI Output” is any information created or generated by AI Aurora in response to interactions with our Services or Information system. These responses may be triggered by internal algorithms or User Input. AI Outputs should be viewed as a sequence of words, an image, or some other format that reflect the information and patterns learned by artificial intelligence.
“Personal data” is a legal regime for any information that relates to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, by reference to an identifier such as a name, identification number, location data, or factors specific to the identity of that natural person. By “natural person”, we mean you or any other individual. We process your personal data in accordance with this User Agreement and other data-related documentation.
“Services” is any of our products, including mobile application, bot and website, that links to this Privacy Policy, in particular:
Our mobile application “Aurora: AI Assistant” (“App”): AI accountability partner on your device for managing your life, with chat-functions and the ability to access your mail (in strict accordance with your consents).
Our Telegram bot “Aurora First” (“Bot”): AI accountability partner on your device for managing your life, with chat functions and the ability to access your Telegram chat history (in strict accordance with your consents), running entirely within Telegram apps (“Telegram App”).
Our website “https://aurorafirst.ai” (“Website”): our main website where you can find relevant information about us, our Services, and data-related documentation.
“Public Communication Environment” is a shared digital space accessible through features of our Services, such as Group Chat, or through third-party communication services, such as Telegram App, where our Services can be accessed and used by multiple individuals. In Public Communication Environment, Users can interact with each other, our Services, and any information accessible via our Services.
“Account” is a collection of settings, data, and credentials that uniquely identify and authorize User, accessing and using our Services. Account serves as a point of interaction with our Services. Account allows you to access specific features, manage your preferences, and personalize your experience within our Services.
“Data-related documentation” is a set of our documents that regulate the use and processing of data, including your personal data, and the specific measures applied to it, such as ensuring its security and safety. Such documentation shall define your expectations from our data processing operations and help you make an informed decision about accessing and using our Services.
“AI Aurora” is a system of large language models that create and generate AI Outputs by predicting the most likely next word in a sentence within our Services.
“Data Protection Officer” (“DPO”) is an appointed expert in data protection law and practices who operates independently within Aurora, ensuring compliance with relevant applicable laws and regulations.
“Personnel” is any individual engaged in the use and processing of data and other activities under our control and instructions.
“Third-Party Partners” is any entity authorized to use and process data in the course of our activities, such as service providers, consultants, and business partners.
“Data Protection Authority” (“DPA”) is an independent public authority that supervises, through investigative and corrective powers, the application of data protection law. DPA provides expert advice on data protection issues and handles complaints lodged against violations of the data protection law.
“Data incident” is a breach of security that may:
lead to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, data transmitted, stored or otherwise processed or created in the course of our activities, including the provision of our Services,
compromise data security and confidentiality,
requiring prompt reporting, investigation, corrective action, and communication to mitigate its impact and ensure compliance with applicable laws and regulations and our data-related documentation.
Other definitions can be found in the relevant sections of this Privacy Policy.
User-Friendly Guide to Data Processing:
Before you share any personal data with us, make sure to read our Privacy Policy or have your parent or guardian read and explain it to you. You can address your questions or comments to us using our contact details in Section “Contact information”.
Our Services (app, bot and website) can be fun and interactive, like a game, where you can use your data to achieve your goals, such as scheduling a meeting with a friend, finding a recipe, or making a to-do list. Your companion in this game is our AI Aurora supported by our Personnel and Service Providers.
To reach your goals, you may need to share some information with our AI Aurora, such as your name, address, daily plans, emails, and even your activities with our Services. We call this information “personal data”.
We use your personal data because it’s necessary to provide you with our Services under our User Agreement (https://aurorafirst.ai/eula/). Just like in a game where you need certain assets to play, we must process your personal data to provide our Services. You’re not required to give us your personal data, but if you want to achieve your goals, you’ll need to share something with us.
Some information is too important to share with anyone, even with our AI Aurora, without your explicit consent. For example, you wouldn’t want us to see your mailbox unless you agree to it. We call this important information “sensitive personal data”. We process sensitive personal data under stricter conditions ensuring its security and safety.
Here’s what happens when personal data are being processed:
1) Collection: This is the process of gathering information. For example, when you fill out a form to create Account and submit it, we collect that information on cloud servers.
2) Record: Once the information is collected, it needs to be stored in a safe place, such as cloud servers with security measures in place. This is what we mean by “record”. It’s like putting your belongings in a locker or a box to keep them secure.
3) Organization: After the information is collected and kept safe, it needs to be sorted and arranged so that it can be easily found and used. This is what we mean by “organization”. It’s like organizing your books on a shelf in a way that makes it easy to find what you need.
4) Use: Once the information is collected, recorded, and organized, it can be used for various purposes. This is what we mean by “use”. It’s like using your bike to ride around the neighborhood.
5) Disclosure: Sometimes, it’s necessary to share the information with others, but it’s important to ensure that it’s not sold. This is what we mean by “disclosure”. It’s like when you take an exam, you must complete your test and submit it to your teacher for evaluation.
To ensure that you have a clear understanding of our data processing, we have this Privacy Policy that explains your rights and the level of data protection we provide. We want you to make informed decisions about the data you share with us and use our Services without any concerns.
When it comes to processing your personal data, there are rules in place to protect your rights. We are processing your personal data in compliance with applicable laws and regulations.
We provide a high level of data protection for all our users, regardless of their age. However, when it comes to children under the age of 18, we implement even stricter rules.
If you ever feel that your rights have been violated or your personal data misused, you can contact us using our contact details in Section “Contact information” or reach out to relevant DPA for support.
Read the detailed information on our data processing in this Privacy Policy.
I. OUR DATA PRACTICES
General Notes:
WHEN WE PROVIDE OUR SERVICES, WE PROCESS DATA THAT YOU MAKE AVAILABLE TO US. YOU HAVE THE SOLE RIGHT AND RESPONSIBILITY TO DEFINE WHAT DATA YOU WILL PROVIDE TO US.
You have the right to request erasure of your personal data. This means that even if you have shared more information with us than you intended, you can ask us to delete it. Read more about your rights in Section “Your Privacy Rights”.
We are processing your personal data in compliance with applicable laws and regulations.
You can access and use our Services from almost every country, meaning different privacy requirements and obligations may apply to us.
All laws and regulations have limitations in their scope of application. This means that certain legal regulations of your country of residence might not currently apply to us.
For example:
For California residents, we are not currently subject to the requirements of the California Privacy Rights Act (CPRA) because:
our annual gross revenues do not exceed $25 million,
we do not buy, receive, sell, or share the personal information of 100,000 or more California residents, households, or devices annually, and
we do not derive 50% or more of our annual revenues from selling or sharing California residents' personal information.
Nevertheless, we intend to protect your privacy regardless of the fact that no laws directly apply to your personal data.
To do so, we will follow industry best practices in data processing.
Data practices across our Services:
Our Services have different:
1) Technology Capabilities:
Our App and Bot operate differently due to technological variations. While the core provisions of this Privacy Policy apply to our Bot, certain provisions do not apply because of these differences.
For instance, our Bot does not utilize SDKs and does not send push notifications outside Telegram App.
We strive to provide the same level of data protection across all our Services, despite the differences among them.
2) Consent Tools:
The methods for providing consent to the processing of your personal data differ between our App and Bot.
For example, in our App, you can easily manage consents, whereas in our Bot, this process is subject to the constraints of Telegram App.
We strive to make consent management clear and straightforward across all our Services, despite the differences among them.
3) Ways to Exercise Your Privacy Rights:
In our App, you can exercise your right to object to data processing by deleting your Account. However, due to the constraints of Telegram App, this right is exercised differently with our Bot.
The same situation applies to other rights.
To avoid any confusion or mistakes in exercising your rights when using our Bot, we encourage you to contact us using the contact details provided in Section “Contact Information”.
We will strive to help you exercise your rights efficiently and transparently across all our Services, regardless of any differences between them.
II. SCOPE OF PERSONAL DATA PROCESSING
Our Data Subjects:
We ensure the data protection of both adults and minors, users and non-users, all those whose personal data we process (“Data Subjects”).
We design our data processing system bearing in mind that our Services can be used by individuals from 17 years old.
For children under the age of 18, we implement a stricter level of personal data protection. Read more about it in Section “Children”.
What personal data we process:
For better understanding, we categorize your personal data into different categories:
By its nature:
1) General (non-sensitive) personal data:
This category includes personal data that, by its nature, does not present significant risks to your fundamental rights and freedoms.
For example:
name; email address; date of birth; preferred language of our Services.
We may process general personal data in accordance with different legal bases.
Read more about legal bases for data processing in Section “Why we process personal data”.
2) Sensitive personal data:
This category includes personal data that, by its nature, poses significant risks to your fundamental rights and freedoms.
For example:
identity documents (driver’s license, state identification card, passport); Account log-in information; financial information (financial account, debit/credit card); email correspondence.
We process sensitive personal data in specific cases, such as when we have your explicit consent for a specific purpose, or when processing is necessary for the establishment, exercise, or defense of legal claims.
Read more about legal bases for data processing in Section “Why we process personal data”.
WE WANT TO MAKE IT CLEAR THAT PROCESSING OF YOUR PERSONAL DATA IS NECESSARY FOR PROVIDING OUR SERVICES. WITHOUT PROCESSING YOUR PERSONAL DATA, WE CANNOT TECHNICALLY OR ORGANIZATIONALLY PROVIDE OUR SERVICES TO YOU.
IF YOU DO NOT WANT TO GIVE US YOUR EXPLICIT CONSENT TO PROCESS YOUR SENSITIVE PERSONAL DATA, PLEASE DO NOT PROVIDE IT.
WE RESPECT YOUR PRIVACY RIGHTS AS SPECIFIED BY LAW, AND WE DO NOT WANT YOU TO SHARE YOUR PERSONAL DATA WITH US IF YOU DO NOT AGREE WITH OUR DATA PROCESSING ACTIVITIES OR FOR ANY OTHER REASON.
By its source:
We collect and process personal data in various ways and from various sources. For example, you may provide personal data directly to us (or to our Third-Party Partners or other unaffiliated entities who may be acting on our behalf), or we may collect personal data automatically through your access to and use of our Services.
1) Personal Data You Provide:
We collect the following categories of Personal data from you when you access and use our Services, create Account, communicate with us, make a payment or interact with us any other way:
Account Information:
When creating Account, we may require you to provide your full name, email address, password, and certain other information to grant you access and allow you to use our Services.
User Input and AI Output:
When you access and use our Services, you provide information to achieve purposes that align with the purposes of our Services as defined in our User Agreement (https://aurorafirst.ai/eula/). You freely determine the content of your User Input.
Based on your interactions with our Services or Information System, we may generate AI Output derived from your User Input, i.e. the information you choose to provide.
In light of this connection, if your User Input contains personal data, the AI Output may also include such personal data.
We process both User Input and AI Output in line with this Privacy Policy to ensure the functionality and security of our Services, analyze and optimize User experience, and enhance and develop our Services and Information System, including our AI Aurora.
Contact and Support Data:
You may choose to provide us with personal data you volunteer when you communicate with us (e.g. via email or chat for support or to inquire about our Services), including when you fill out an online form, respond to surveys, provide feedback, participate in promotions, in forums and related information services to share your experiences or discuss technical issues.
For example, when you contact our Aurora Support Team, we will receive your name, email address, the contents of a message or attachments that you may send to us, and other information you choose to provide. When we send you emails, we may track whether you open them or click links to learn how to deliver a better user experience and improve our Services.
Payment Information:
If you make a purchase through our Services, your payment-related information, such as credit card or other financial information, is collected by our Third-Party Partner on our behalf.
2) Personal Data We Receive From Third Parties:
We receive your personal data from third parties with your consent or as permitted by applicable laws and regulations, including: information from third-party accounts if you choose to create Account using services like Apple ID or Google Account, Google Data when we sync with your Gmail account, and information from other users through their interactions with us or shared in Public Communication Environment.
If you have not authorized third parties to share your personal data with us, you can request that we delete it by exercising your right to erasure.
Read more about your rights in Section “Your Privacy Rights”.
Third-Party Account Information:
Some of our Services may allow you to create Account using a third-party service (e.g. Apple ID or Google account). If you do so, that third party may send us some information about you that they have. You may be able to control what information they send us via your privacy settings for that third-party service.
Google Data:
We may sync with your Gmail account, so we can provide you our Services.
Through this integration, we will have access to:
your name,
profile picture, and
your Gmail inbox and any information available there, including the contents of your emails (collectively, “Google Data”).
Other Users:
We process information provided by other users through their interactions with us and our Services, under the guarantee that any information about you was provided in strict accordance with applicable laws and regulations, as well as information that both you and they share while using our Services in Public Communication Environment.
3) Information We Collect When You Use Our Services:
We or providers on which we rely may also collect information from you automatically when you use the Services to monitor for problems and look for opportunities to make improvements.
We may use cookies, software development kits (SDKs), or other technologies to collect such information as set forth in Section “Cookies, Software Development Kits, and Other Technologies”.
The information we collect automatically will depend on our Services you access and use and your engagement with them. It may include:
User preferences (customized settings or configurations such as your preferred language);
Interaction data (actions you take, tasks assigned to our Services, time, frequency, and duration of your activities, engagement metrics);
Log data (such as your Internet Protocol address, name of the device, operating system, the date and time of your request);
Session information (duration of each session and session IDs);
Error logs (information about errors encountered while using the Services);
Referring URLs;
Location data, if you have enabled location services.
Why we process personal data:
To process your personal data, we need a purpose (reason) and a legal basis (ground).
To identify and fix security and safety risks in the software infrastructure and AI used for providing Services in accordance with our User Agreement (https://aurorafirst.ai/eula/).
For more information on our AI usage, please refer to the Section “AI Notice” of our User Agreement (https://aurorafirst.ai/eula/).
Purposes for personal data processing:
We process your personal data for the following purposes:
1) To provide and maintain our Services:
We process your personal data to provide you with our AI Outputs, respond to User Input, and manage your Account effectively.
2) To ensure functionality and security of our Services:
We monitor the reliability and safety of our Information System by detecting, preventing, and addressing fraud, abuse, security risks, and technical issues that may affect our users or the public.
3) To analyze and optimize user experience:
We analyze data to measure performance, conduct research, develop new Services, and optimize user experience. This includes gathering information about user preferences, interaction data, and technical metrics.
4) To facilitate transactions and payments:
When you make a purchase, we process payment-related information through our trusted Third‑Party Partners.
5) To enhance and develop our Services:
We continuously enhance and develop our Information System, including our Services and AI Aurora. This involves analyzing how you access and use our Services to guide the development of new features and functionalities.
6) To communicate with you:
We may contact you via email, push notifications, or other means for critical updates, transactional messages, and important service information. This also includes seeking your feedback, customer support, and to inform you about features you might find useful.
7) For marketing and advertising analysis:
We may use your personal data for marketing and advertising purposes, including sending emails, text messages, push notifications, and in-app messages about our Services, subscriptions, and promotions.
Read more about it in Section “Processing for Advertising and Analytics”.
8) For legal compliance:
We may process personal data to fulfill our legal obligations, comply with applicable laws, regulations, or requests from governmental agencies, and enforce our rights. This includes compliance with our User Agreement, preventing illegal activities, and conducting audits and security monitoring.
9) For other specified purposes:
We will provide specific notice at the time personal data is collected for any additional purposes.
Legal bases for personal data processing:
Based on our research of laws and regulations of different countries, including those that are not applicable to us at the moment, we have categorized the legal terms used to describe legal bases for data processing into 2 (two) types:
Type 1: Contextual Legal Bases
This type is primarily based on the UK and EU General Data Protection Regulation (GDPR).
These legal bases reflect the specific contexts in which they are applied, which is why this type is called “Contextual”.
In this Privacy Policy we outline five applicable legal bases for data processing:
1) CONSENT:
Users can provide a statement or take a clear affirmative action that signifies their agreement to the processing of their personal data.
Processing of sensitive personal data requires EXPLICIT CONSENT (a very clear and specific statement of consent).
2) CONTRACT:
Data processing may be necessary to perform our User Agreement or because users have requested us to take specific steps before entering into the agreement.
3) LEGITIMATE INTERESTS:
Data processing is necessary for our legitimate interests or those of a third party, unless there are compelling reasons to protect user rights that outweigh these interests.
4) LEGAL OBLIGATION:
Data processing is necessary for us to comply with applicable laws and regulations.
5) LEGAL CLAIMS:
Data processing is necessary for the establishment, exercise or defense of legal claims.
Type 2: Consent-driven Legal Bases
This type is primarily based on the Canadian Personal Information Protection and Electronic Documents Act (PIPEDA).
PIPEDA emphasizes the importance of obtaining meaningful consent from Data Subjects.
We use your IMPLIED CONSENT only in limited scenarios of processing general (non-sensitive) personal data.
Processing of sensitive personal data requires EXPLICIT CONSENT (a very clear and specific statement of consent).
Because the focus is on the nature of consent rather than the context of the action, this type is called “Consent-driven”.
We want to emphasize that the difference in names of legal bases does not imply a difference in their essence.
We use the legal bases that are appropriate for the specific purpose of data processing and the nature (general or sensitive) of personal data:
Purpose
General personal data
(non-sensitive)
Sensitive personal data
Contextual Legal Bases
Consent-driven Legal Bases
Contextual Legal Bases
Consent-driven Legal Bases
1. Provide and maintain our Services
Contract
Implied consent
Explicit consent
Explicit consent
2. Ensure functionality and security of our Services
Contract
Implied consent
Explicit consent
Explicit consent
3. Analyze and optimize user experience
Contract
Implied consent
Explicit consent
Explicit consent
4. Facilitate transactions and payments
Contract
Implied consent
Explicit consent
Explicit consent
5. Enhance and develop our Services
Legitimate interests
Implied consent
Explicit consent
Explicit consent
6. Communicate
with you
Legitimate interests
Implied consent
Explicit consent
Explicit consent
7. Marketing and advertising analysis
Legitimate interests
Implied consent
We do not use your sensitive personal data to provide you advertisements and analyze their effectiveness.
8. Legal compliance
Legal obligation
Legal obligation
Legal claims
Legal obligation
Consent requirements:
Your consent must be age-appropriate, freely given, specific, informed, unambiguous, and explicit in accordance with applicable laws and regulations.
To ensure that your consent complies with legal requirements, we use a user-friendly and transparent system for receiving your consent:
Age Identification Process: To ensure that you meet the age requirements for our Services, we will need to check your age.
Before Collecting Your Data: We provide you with all necessary information about our data processing activities, including what data is being collected and for what purpose.
Consent: Your consent is obtained through your clear affirmative action, such as checking a consent box.
Easy Opt-In and Opt-Out: You can withdraw your consent as easily as you gave it, at any time, via the form you used to provide your consent.
Regular Updates: We review and update our consent processes regularly to ensure continued compliance with the relevant legal regulation.
Ongoing Communication and Support: We commit to providing continuous information and support to all Data Subjects regarding consent and data processing practices. You can address your questions or comments to us using our contact details in Section “Contact information”.
Children.
Special notes on how we process personal data:
We design our processes in such a way that, as far as possible, it is as easy for a child to understand how processing will be taking and how a child can exercise the rights.
When applying legal bases for processing children’s data, we consider specific factors compared to processing data for individuals over the age of 18:
When depending on “consent”, we ensure that children understand the consequences of their consents and prevent any misuse of power imbalances.
When relying on “contract”, we assess the children’s understanding of our User Agreement (https://aurorafirst.ai/eula).
When relying upon “legitimate interests”, we recognize the risks and consequences of the processing and establish age-appropriate safeguards.
Data sharing with other Users.
Special notes to ensure your awareness:
If you use our Services in Public Communication Environment, accessible through features of our Services, such as Group Chat, or through third-party communication services, such as Telegram App, please be aware that any personal data you share will be visible to other Users.
Once shared, you lose some control over your personal data, as others can extract and use it for their own purposes in breach of our User Agreement.
This applies equally to AI Outputs that also becomes publicly accessible to some extent.
Our User Agreement (https://aurorafirst.ai/eula) outlines the limitations and restrictions on the use of our Services and any Data, including User Inputs and AI Outputs. Our User Agreement also states the liability for its breach.
Since we cannot fully control how our Services and any data related to them will be used, we strongly advise you to avoid any usage that could lead to unwanted consequences for you, your personal data, or us, including our reputation, Services, rights, and interests.
Use of AI in our Services.
Special notes on what AI means for data processing:
To ensure the functionality and security of our Services, analyze and optimize user experience, and enhance and develop our Services, we process personal data, including User Input, AI Output, and Usage Data, to make our Services safer, more reliable, and more helpful.
We monitor the reliability and security of our Information system by detecting, preventing, and addressing fraud, abuse, security risks, and technical issues that may impact us, Users, Third‑Party Partners or any other individuals or entities.
We review personal data to evaluate the functionality and security of our Services, especially AI Aurora, focusing on identifying low-quality, inaccurate, or harmful AI Outputs.
Specifically, we use AI and process personal data obtained through Workspace APIs to provide our Services, enhancing your experience with Google services (e.g., Gmail, Google Calendar) for productivity purposes.
We do not process personal data obtained through Workspace APIs, including via the Gmail API, to develop, improve, or train non-personalized AI and/or ML models.
Our use of this personal data is strictly limited to the functionalities directly related to our software and services, ensuring that your information remains protected and is not utilized for broader AI/ML applications beyond the scope of our offerings.
Read more about our use of AI in our Services in Sections “AI Notice” and “Privacy Notice” of our User Agreement (https://aurorafirst.ai/eula).
Cookies, Software Development Kits, and Other Technologies:
We use cookies, software development kits (SDKs), and other tracking technologies to provide, maintain, and ensure the functionality and security of our Services. These technologies also help us analyze and optimize User experience, enhance and develop our Services, and conduct marketing and advertising analysis.
Cookies:
Cookies are small pieces of data that websites send to your browser, which are then stored on your device. These cookies help websites remember your preferences and recognize your device during future visits.
We use only performance cookies on our Website. Performance cookies are used to collect data on how our Website is functioning. They do not collect any personal data and are used solely to enhance Website’s performance.
These cookies are used by Google Analytics, a web analytics service provided by Google, Inc. (“Google”). For more information on how Google uses personal data, go to www.google.com/policies/privacy/partners/.
Software development kits (SDKs):
SDKs are software tools provided by Third-Party Partners that allow our App to interact with their third-party services.
We use SDKs for purposes essential to the provision of our Services, including:
Managing user registration and login via email and third-party services;
Real-time performance monitoring of mobile applications (iOS and Android) and web applications to ensure reliability;
Changing the behavior and appearance of our App without requiring updates through the App Store or Google Play;
Tracking and analyzing user interactions with our app;
Creating smart links that facilitate user engagement and navigation;
Sending important developer messages to users for updates and communication;
Integrating and utilizing machine learning models.
The necessary role of such SDKs for our Services allows us to use them without requiring your consent.
We also use SDKs for marketing and advertising analysis to optimize marketing campaigns for mobile applications, enhancing their effectiveness. We use these SDKs only with your consent.
Processing for Marketing and Advertising Analysis:
We may process your general (non-sensitive) personal data for marketing and advertising analysis. We do not use sensitive personal data for these purposes.
We may send you emails, text messages, push notifications, and in-app messages about our Services, subscriptions, and promotions that may be of interest to you.
For marketing and advertising analysis, we may use SDKs that collect personal data from your device. We can use such SDKs only with your consent. You can withdraw your consent for the use of SDKs.
For marketing and advertising analysis, we can send you emails, text messages, push notifications, and in-app messages only with your consent. For users who have purchased a subscription to our Services, we may send promotional communications regarding our Services, subscriptions, and offers without prior consent. In any case, you have the right to opt out of or withdraw your consent to receive unsolicited messages at any time.
In such processing, including sharing your personal data with our Third-Party Partners, we rely on our legitimate interests. You have the right to object to the processing of your personal data for the purposes of advertising and analytics.
You can also freely exercise your other privacy rights. Read more about your privacy rights in Section “Your Privacy Rights”.
How we transfer your data:
Personal data is processed in places where we, Personnel, DPO or Third-Party Partners are located. It means that your personal data may be transferred to – and maintained on servers located outside of your state, province, country or other governmental jurisdiction where the applicable laws and regulations may differ than those from your jurisdiction.
We are based in the United States.
Depending on the purpose of processing of your personal data, their nature, and your location of access and use of our Services, your personal data may be transferred to, stored, and processed in the EU countries and in the United States or only in the United States. The data processing in the EU countries and in the United States may not provide the same protections as the laws of your jurisdiction.
When the processing of your personal data is taking place outside of your state, province, country or other governmental jurisdiction from which you are accessing and using our Services, we have put in place appropriate safeguards to protect your personal data.
When a cross-border transfer of your personal data takes place, we typically rely on adequacy decisions or standard contractual clauses (SCCs) as the legal basis. If these do not apply, but we still need to transfer personal data in the course of our activities, including to provide our Services, we may rely on your explicit consent or the necessity for the performance of our User Agreement (https://aurorafirst.ai/eula), where applicable.
For UK users only, some of the cloud servers we use to provide our Services and process personal data are in the EU. Therefore, personal data may also be transferred to the EU.
For how long we process personal data:
We process your personal data, including sensitive personal data, only as long as necessary to provide our Services, fulfill the purposes outlined in our User Agreement (https://aurorafirst.ai/eula), comply with legal obligations, or for legal defense purposes.
The retention period for your personal data is determined by the following criteria:
The duration for which personal data is needed to provide our Services.
The nature of personal data (e.g., general or sensitive).
Any requests by user for personal data deletion.
Any contractual or legal obligations requiring the ongoing processing of personal data.
For details on why we process your data, refer to the Section “Why we process personal data”.
For additional information, please email us using our contact details in Section “Contact information”.
To whom we may disclose personal data:
We will not sell or rent your personal data for monetary gain.
We will not disclose your personal data except as otherwise described in this Privacy Policy.
In certain circumstances we may share personal data with the following categories of third parties without further notice to you, unless required by the applicable laws and regulations, as set forth below:
1) Third-Party Partners:
We may share your personal data with trusted partners, e.g. service providers, contractors, or agents, who help us provide our Services.
This includes Third-Party Partners that provide access to AI/ML technologies integrated into our Services, those that offer secure and reliable cloud infrastructure for our Information system, and those that handle payment processing for our Services.
OpenAI API Platform (OpenAI)
Data processed
All personal data that is necessary for the provision of our Services
Purpose
Use of AI for processing of personal data
OpenAI Privacy policy
https://openai.com/policies/privacy-policy
Enterprise privacy at OpenAI
https://openai.com/enterprise-privacy
OpenAI Security Portal
Claude API (Anthropic)
Data processed
All personal data that is necessary for the provision of our Services
Purpose
Use of AI for processing of personal data
Anthropic Privacy Policy
https://www.anthropic.com/legal/privacy
Anthropic Usage Policy
https://www.anthropic.com/legal/aup
Anthropic Responsible Disclosure Policy
https://www.anthropic.com/responsible-disclosure-policy
Anthropic Trust Center
Perplexity API (Perplexity AI)
Data processed
All personal data that is necessary for the provision of our Services
Purpose
Use of AI for processing of personal data
Perplexity API
Terms of Service
https://www.perplexity.ai/hub/legal/perplexity-api-terms-of-service
Google Cloud Platform (Google)
Data processed
All personal data provided in the course of performing this User Agreement
Purpose
Cloud computing for processing and storage of personal data
Google Privacy Policy
https://policies.google.com/privacy
Google Cloud Privacy Notice
https://cloud.google.com/terms/cloud-privacy-notice
Google Privacy Resource Center
https://cloud.google.com/privacy?hl=ru
Google Workspace (Google)
Data processed
Mail correspondence from GMail, and all personal data that is necessary for the provision of our Services
Purpose
Making to-do lists and events
Google Privacy Policy
https://policies.google.com/privacy?hl=en
Google Privacy Resource Center
https://cloud.google.com/privacy?hl=ru
Google Data privacy and protection
https://support.google.com/a/topic/7558840?hl=en&ref_topic=7556782&sjid=11631689773287214912-EU
Telegram App (Telegram Messenger Inc.)
Data processed
Automatically:
Your public account data: your screen name, username and profile picture(s).
When you interact with our Bot:
Your messages when you send our Bot something.
If you click on links or buttons provided by our Bot, our Bot can potentially get your IP address (provided that our Bot controls the website to which the link leads).
If our Bot is a member of the same group with you, it may know you are a member.
When you start your message with the username of our Bot, the interface transforms so that everything you type becomes a query to our Bot. This query is sent to our Bot so that it can provide its service.
Our Bot added to groups can operate in two modes: with access to messages in the group or without access. If our Bot has access to messages, it can see everything that happens in the group. The interface of the Telegram App clearly shows whether or not our Bot has access to messages in groups.
Any other data provided by you.
Purpose
Provision of our Services in the Telegram App
Telegram Privacy Policy
Telegram Terms of Service for Bots
Telegram Bot Platform Developer Terms of Service
https://telegram.org/tos/bot-developers
Telegram Terms of Service
Stripe
Data processed
If applicable, Payment Account Details, bank account details, billing/shipping address, name, order description (including date, time, amount, product or service description), device ID, email address, IP address/location, order ID, payment card details, tax ID/status, unique customer identifier, identity information including government issued documents (e.g., national IDs, driver’s licences and passports), transaction history with us.
Purpose
Payment processing for our Services
Stripe Privacy policy
Stripe Privacy Center
https://stripe.com/legal/privacy-center
Stripe Data Processing Agreement
Stripe Services Agreement
2) Users of our Services:
Users of our Services, with whom you choose to communicate and share information, may be located outside the region from which you access and use our Services.
By entering into our User Agreement and choosing to communicate with these users, you are instructing us to transfer your personal data, on your behalf, to those users in accordance with this Privacy Policy.
We employ all appropriate technical and organizational measures to ensure a level of security for your personal data that is appropriate to the risk. Read more about this in Section “How we transfer your data”.
3) Advertising and Analytics Partners:
We use third-party SDKs with whom we share only limited data for advertising and analytics purposes.
Read more about it in Section “Processing for Advertising and Analytics”.
4) Third parties requested by users:
In cases where it is technically feasible for our Services, we may share your personal data with third parties to whom you have explicitly requested us to share your data through our Services.
5) Affiliates:
We may share your personal data with our affiliated companies, which are businesses that are either under our control or that control us.
If we’re involved in a business deal like a merger, selling assets, financing, or being bought by another company, we may share or transfer your personal data to a successor or affiliate along with other assets.
6) Government Authorities:
We may share your personal data with government authorities or other parties only in the following situations:
1) comply with a legal obligation, including to meet national security or law enforcement requirements,
2) protect and defend our rights or property,
3) prevent fraud,
4) act in urgent circumstances to protect the personal safety of users of our Services, or the public, or
5) protect against legal liability.
III. YOUR PRIVACY RIGHTS
We respect your rights and encourage you to exercise them, regardless of your location. We offer you the following set of rights to ensure the highest level of protection for you.
You can exercise your rights through (1) our App, (2) our Website, or (3) email communication with us, using our contact details in Section “Contact information”.
When you exercise your rights, we will confirm your identity by comparing the details in your request with the information you have shared with us before. This may involve contacting you through email linked to your Account. We only use this information for verification purposes and will not ask for more unless it is essential. Any additional information you provide will be deleted once the verification process is finished.
Right to be informed:
You have the right to be informed about the collection and use of your personal data. This includes information on the purposes of processing your data, the categories of data being processed, the retention periods for that data, and who it will be shared with.
Right to access:
You can request confirmation that your personal data is being processed and obtain a copy of the data, as well as additional information about the processing, such as the purposes, categories of data, recipients, and retention periods.
Right to rectification:
If you find any inaccuracies in the personal data we hold about you, you can request a correction.
Right to data portability:
You can obtain and reuse your personal data for your own purposes across different services.
Rights related to automated decision making:
You can opt out of profiling activities used for making decisions that could have legal or similarly significant effects on you.
Right to restrict processing:
You can restrict the processing of your personal data when:
you contest the accuracy of your personal data;
you suspect that the processing is unlawful;
you believe that we no longer need your personal data for the purposes of processing, but you may require your personal data for the establishment, exercise or defense of legal claims;
you object to the processing of your personal data based on our legitimate interest while we are verifying whether our legitimate interest overrides yours.
Right to object:
You can object to processing based on legitimate interests.
Right to opt-out of processing for advertising purposes:
You can object to the processing of your personal data for advertising purposes and/or for analytics purpose.
If you object to the processing of your personal data for advertising and/or analytics purposes, we will cease processing your data for such purposes.
Right to erasure:
You can request the deletion or removal of your personal data, in particular, when:
your personal data is no longer necessary for the purposes of its processing;
you withdraw consent on which the processing is based, and where there is no other legal ground for the processing;
you object the processing based on our legitimate interest;
you suspect that your personal data has been unlawfully processed.
Right to non-discrimination:
We will not treat you unfairly if you exercise your privacy rights.
In particular, for exercising your rights we will not:
1) deny you our Services;
2) charge you different prices or rates;
3) provide a different quality of our Services;
4) suggest that you will receive a different price or level of our Services.
Right to lodge a complaint:
If you believe that our processing of your personal data infringes upon your rights, you can lodge a complaint with Data Protection Authority (DPA) (for UK Data Subjects, this would be the Information Commissioner’s Office).
IV. SECURITY OF DATA
We implement technical, organizational and legal measures in an effort to protect personal data from loss, theft, misuse, and unauthorized access, disclosure, alteration, and destruction, taking into account the nature of the personal data that we process and the risks associated with it.
The high level of security and safety of your personal data is also ensured by Third-Party Partners, whose data processing practices are described in their Privacy Policies. Read more about it in Section “To whom we may disclose personal data”.
No security system is perfect. Therefore, we cannot guarantee the absolute security of our Services or that personal data will not be intercepted while being transmitted to us.
For your protection, we recommend accessing and using our Services within a secure environment.
Technical measures we implement:
Encryption of your personal data in transit and in rest.
Protection of data integrity.
Organizational and legal measures we implement:
Two-factor authentication (2FA) for our personnel to access your data.
Role-Based Access Control (RBAC) approach to data access by our personnel. Our personnel have different levels of access to your personal data and only process your personal data for the limited and necessary purposes required for the operation of our Services. Read more about the purposes of processing in Section “Why we process data”. We impose strict liability on our personnel for any disclosure, unauthorized access, alteration, destruction, or misuse of your personal data.
Conducting periodical data protection impact assessments in order to ensure that the Services fully adhere to the principles of privacy by design, privacy by default, and others.
Data Incidents Response:
If we become aware of Data incident, we may post a notice in our Services or notify you by email.
We will take reasonable steps to stop Data incident as required by applicable laws and regulations and our data-related documentation. These steps may include logging you out from our Services, resetting your password, sending a temporary password for you to apply.
If you want to report Data incident related to our Services, please email us using our contact details in Section “Contact information”.
V. UPDATES TO PRIVACY POLICY:
We may update this Privacy Policy from time to time. We encourage you to review this Privacy Policy to be informed on its last updates.
The changes will be notified to you only by updating the “Last updated” date of this Privacy Policy.
All changes of this Privacy Policy will be effective from the moment of their publication on this page (https://aurorafirst.ai/privacy).
VI. CONTACT INFORMATION:
If you have questions or comments about this notice, you may contact:
email: support@aurorafirst.ai
website: www.aurorafirst.ai/support
For inquiries about the processing of personal data, please address them to:
Data Protection Officer: Nikita Durov, dpo@aurorafirst.ai
Data Protection Team: dpt@aurorafirst.ai
Aurora Support Team: support@aurora.ai