Privacy Policy

Last updated: February 28, 2026

1. Information we collect

When you create an account, we collect your email address and name. When you use the API, we log request metadata (timestamps, model used, token counts, latency, cost) to provide billing and analytics. We do not log your prompts or completions by default. You can opt in to request logging in your dashboard settings.

2. How we use your information

We use your information to: provide and improve our services, process payments, send transactional emails (billing, rate limit warnings), and respond to support requests. We do not sell your data to third parties. We do not use your prompts to train AI models.

3. Data retention

Request metadata (token counts, latency, cost) is retained for 90 days, then aggregated. Aggregated statistics (daily usage totals) are retained indefinitely. If you delete your account, personal data is removed within 30 days.

4. Payment processing

When you pay by credit card, your payment is processed by Stripe. We do not store your full credit card details. Stripe handles all PCI compliance requirements.

5. Security

We encrypt data at rest (AES-256) and in transit (TLS 1.3). API keys are hashed and never stored in plaintext. We conduct regular security audits and maintain SOC 2 Type II compliance.

6. Third-party services

We use the following third-party services: Stripe (card payments), Resend (transactional email), Cloudflare (CDN and DDoS protection), and various LLM providers (to which your requests are forwarded). Each provider has its own privacy policy.

7. Your rights

You can request a copy of your data, request deletion of your account and data, or opt out of non-transactional communications at any time by emailing privacy@auraon.ai.

8. Contact

For privacy questions, contact privacy@auraon.ai. For security vulnerabilities, contact security@auraon.ai.