Privacy Policy

Effective Date: January 1, 2025

Contact: support@askaaura.com

This Privacy Policy explains how Aaura ("Aaura," "we," "us") collects, uses, discloses, and protects information when you use our website, Chrome extension, and related services (the "Services"). Please read carefully. By using the Services, you agree to this Policy and our Terms of Service.

1. Who We Are & What We Do

Aaura is an AI-powered toolkit for Etsy sellers delivered as a Google Chrome extension and a supporting web app. During early access, we limit total seats to protect performance. Our extension operates only on the etsy.com domain and reads page content you actively view to provide feedback and suggestions; it does not read content from other websites or your browser history. Processed data is sent to our backend running on Google Cloud Run with storage in Google Cloud SQL (MySQL). We use OpenAI and Google Vertex AI APIs to generate outputs.

2. Scope

This Policy applies to information we collect:

  • When you install and use the Aaura Chrome extension;
  • When you access our website or dashboard;
  • When you communicate with us (email, chat, support); and
  • When our systems process Etsy listing content that you view or submit through the extension.

It does not apply to third-party sites or services you access via links or integrations (e.g., Etsy, Google, Stripe). Those are governed by their own policies.

3. Information We Collect

A) Account & Subscription Data

Name, email address, password (hashed), plan tier, and billing metadata (handled by Stripe; Aaura does not store full payment card numbers).

B) Chrome Extension Inputs (Etsy-Only)

  • On-page data you view on etsy.com (e.g., listing titles, descriptions, images, prices, reviews, shop info).
  • Your prompts, settings, and feedback within Aaura.
  • AI outputs we generate for you (e.g., listing suggestions, critiques).

We do not read or collect content from non-Etsy domains via the extension.

C) Usage & Device Data (Website/App)

  • Log and usage data (browser type, IP address, timestamps, referring/exit pages).
  • Cookie/Pixel information for analytics and product improvement.

D) Support & Communications

Messages, attachments, survey responses, and related metadata needed to resolve issues.

4. How We Use Information

We use information to:

  • Provide and improve the Services (features, performance, personalization);
  • Process your requests in the Chrome extension and web app;
  • Generate AI outputs from your inputs (via OpenAI and Vertex AI);
  • Communicate with you about updates, billing, and support;
  • Monitor security, prevent abuse, and enforce our Terms.

5. Legal Bases (GDPR/UK GDPR)

Where applicable law requires a legal basis, we rely on:

  • Contract (to provide the Services you request),
  • Legitimate interests (service improvement, security, analytics), and
  • Consent (e.g., certain cookies/marketing; connecting optional integrations).

6. AI Providers & Data Handling

We send only the minimum necessary data to model providers to generate your outputs. We configure and instruct our AI vendors (OpenAI and Google Vertex AI) not to use your data to train their models and to apply enterprise privacy controls where available. We also apply technical and organizational safeguards to protect your data in transit and at rest.

AI outputs may be imperfect or incomplete and should be reviewed before use; we do not guarantee outcomes (e.g., increased sales, rankings).

7. Cookies & Similar Technologies (Website)

We use cookies/pixels to operate, secure, and improve the website, measure usage, and personalize content. You can control cookies via your browser; disabling some may limit functionality. We may use analytics tools (e.g., Google Analytics) to understand traffic and improve Services.

8. Sharing & Disclosure

We do not sell your personal information. We share data only with:

  • Service providers / processors who help us operate (e.g., hosting on Google Cloud, payments via Stripe, support tools, analytics) under confidentiality and data-processing terms;
  • Law, safety, and rights compliance (e.g., subpoenas, legal process, or to protect Aaura, our users, or the public);
  • Business transfers (e.g., merger/acquisition) under protections consistent with this Policy; and
  • With your consent or at your direction.

We also may share aggregated or de-identified statistics that cannot reasonably identify you.

9. International Transfers

We may process and store information in the United States and other countries where our providers operate. Where required, we implement appropriate safeguards—such as Standard Contractual Clauses—to protect cross-border data transfers.

10. Data Retention

We retain personal data only as long as necessary to provide the Services, comply with law, resolve disputes, and enforce agreements. If you close your account, we will delete or anonymize your data within a reasonable period, subject to legal, fraud-prevention, or backup retention requirements.

11. Your Privacy Rights

Depending on your location, you may have rights to:

  • Access and port certain data;
  • Correct inaccurate data;
  • Delete data;
  • Object or restrict certain processing;
  • Opt-out of marketing communications; and
  • Not be discriminated against for exercising rights (where applicable).

You can exercise rights by emailing support@askaaura.com from your account email. We may verify your identity before acting on a request and may deny requests where permitted by law (e.g., inability to verify, legal obligation conflicts). Authorized agent requests will require written permission and identity verification.

California (CPRA): You may have rights to know, delete, correct, and opt-out of certain sharing. We do not sell personal information as defined by California law.

EU/UK: You also have a right to lodge a complaint with your local supervisory authority.

12. Security

We employ reasonable administrative, technical, and physical measures to protect information (including encryption in transit, access controls, and hardened cloud infrastructure). No system is 100% secure; we monitor for threats and will notify regulators and affected individuals of breaches as required by law.

13. Children's Privacy

The Services are not intended for individuals under 18. We do not knowingly collect personal data from children under 18. If you believe a child has provided personal data, please contact us and we will delete it.

14. Your Choices

  • Account settings. Update profile details, email preferences, and subscription options in your account.
  • Emails. Unsubscribe via the link in marketing emails; we may still send transactional or legal notices.
  • Cookies. Manage cookies in your browser settings; some features may not function without them.
  • Extension permissions. The Aaura extension is scoped to etsy.com. You can review/disable the extension at any time in Chrome.

15. Data From Etsy

When you use the extension on etsy.com, Aaura may process Etsy listing/shop content in order to provide feedback and analytics to you. You can revoke Aaura's access by disabling the extension in Chrome; any data copied to our servers for your use will be handled per this Policy and our retention rules. (Your use of Etsy remains governed by Etsy's terms.)

16. Do Not Track & Opt-Out Signals

Your browser may send "Do Not Track" signals; our Services may not respond to these signals consistently. You can control most tracking via your browser and by disabling non-essential cookies.

17. Changes to This Policy

We may update this Policy to reflect changes to our practices or legal requirements. We will post the updated Policy and revise the "Effective Date" above; for material changes, we may provide additional notice (e.g., email or in-app). Continued use after changes means you accept the updated Policy.

18. Contact Us

Questions or requests? Email support@askaaura.com.

Key Definitions

  • "Personal data / Personal information": Information that identifies or can reasonably be linked with an identifiable individual.
  • "Processing": Any operation performed on personal data (collection, storage, use, sharing, etc.).
  • "Service providers / processors": Third parties that process data on our behalf under contract.
  • "Aggregated / de-identified data": Data that cannot reasonably identify an individual.
Back to Home