Aura Logo
Aura

Privacy Policy for Auramatch.ai

Last Updated: June 1, 2025

1. Introduction

Welcome to Auramatch.ai (the “Website”), operated by Aura Match Ltd (“we,” “us,” or “our”). This Privacy Policy explains how we collect, use, share, store, and protect your personal data when you visit our Website and interact with our voice AI demonstration (the “Service”).

We are committed to protecting your privacy and ensuring that your personal data is handled in a safe and responsible manner. This policy is designed to be transparent and provide you with a clear understanding of our data practices.

By using our Website and Service, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use the Website or Service.

This Privacy Policy should be read in conjunction with our Terms of Service and Cookie Policy.

Our contact information for privacy-related inquiries is:
Aura Match Ltd
Address: Caves Village
West Bay Street
Nassau, Bahamas 10697 BS
[email protected]

2. Applicable Regulatory Frameworks

Our Website is accessible globally. We aim to comply with major international data privacy regulations, including but not limited to:

  • General Data Protection Regulation (GDPR): If you are located in the European Economic Area (EEA).
  • California Consumer Privacy Act (CCPA) / California Privacy Rights Act (CPRA): If you are a resident of California.

We encourage you to understand your rights under these regulations.

3. What Personal Data We Collect

We collect the following types of personal data:

User-Provided Data:

  • User Name: When you use our AI demo, you may provide a name. This name is collected to personalize your demo experience.
  • Transcriptions of Voice Chat (Voice Data): When you interact with our voice AI demo, we generate and store transcriptions of your voice chat. Voice recordings and their transcriptions are personal data.

Under GDPR, voice data may be considered biometric data if processed in a way that allows for unique identification, falling under “special categories of personal data.” Under CPRA, voice recordings are personal information, and biometric information (which can include voiceprints) is considered Sensitive Personal Information (SPI).

Automatically Collected Session Data:

  • IP Address: We may collect your IP address. Under GDPR, IP addresses are personal data. Google Analytics 4 (GA4) uses IP addresses to derive geolocation data but does not log or store full IP addresses.
  • Usage Data: Information about how you use our Website, such as pages visited, time spent on pages, and interaction patterns. This is often collected via cookies and similar technologies (see our Cookie Policy).

Data Collected via Third-Party Tools:

We use third-party services that may collect data. You are responsible for reviewing their privacy policies.

  • Google Analytics: Collects data on user interactions with the website, device/browser data, and on-site activities. Google acts as a data processor. Google prohibits sending Personally Identifiable Information (PII) to Google Analytics.
  • Hotjar: Collects data about user interactions such as clicks, scrolls, and mouse movements, and may create session recordings. Hotjar is designed to suppress sensitive data by default and assigns a unique user identifier (UUID).
  • Sentry: Collects data for error tracking and performance monitoring. This can include HTTP headers, cookies (though often filtered), request URLs, query strings, and potentially request bodies, depending on configuration.

4. How We Collect Your Personal Data

We collect personal data:

  • Directly from you: When you provide your name and interact with the voice AI demo.
  • Automatically: When you navigate our Website, through cookies and similar technologies, and through our server logs.
  • Through Third-Party Services: As described above (Google Analytics, Hotjar, Sentry).

5. Why We Collect and How We Use Your Personal Data

We use your personal data for the following purposes:

  • To Provide and Operate the Service: To enable you to use the interactive voice AI demonstration and to store your session data (name and voice transcriptions) for the duration of your session and for a limited period thereafter for operational continuity or troubleshooting.
  • To Improve Our Website and Service: To analyze website usage patterns (via Google Analytics and Hotjar) to understand user behavior and enhance user experience.
  • To Monitor and Maintain Performance: To track errors, monitor application performance, and facilitate debugging (via Sentry).
  • To Comply with Legal Obligations: To meet our legal and regulatory requirements.

6. Legal Basis for Processing (GDPR Context)

If GDPR applies to your data, our legal bases for processing are:

Consent:

  • For processing voice transcriptions (as potentially special category/biometric data), we rely on your explicit consent, which you provide before initiating the voice AI demo.
  • For placing non-essential cookies (e.g., for analytics by Google Analytics and Hotjar), we rely on your consent obtained via our cookie banner.
  • For collecting your user-provided name, we rely on your consent.

Legitimate Interests:

  • For processing certain data necessary for website operation, security, and basic, aggregated analytics where our interests are not overridden by your rights.
  • For processing data via Sentry for error tracking and performance monitoring, where configured to minimize PII.

7. Data Sharing and Disclosures

We do not sell your personal data. We may share your personal data with the following categories of third-party service providers who act as data processors on our behalf:

  • Analytics Providers: Google LLC (for Google Analytics) to help us understand website traffic and user behavior.
  • User Experience Analytics Providers: Hotjar Ltd. (for Hotjar) to analyze user interactions and improve website usability.
  • Error Tracking and Performance Monitoring Providers: Functional Software, Inc. (for Sentry) to help us identify and fix errors in our application.

We share data with these providers only to the extent necessary for them to perform their services for us, and we have agreements in place requiring them to protect your data.

We may also disclose your personal data if required by law, to protect our rights, or in the event of a merger or acquisition.

8. Data Security

We implement reasonable technical and organizational measures to protect your personal data from unauthorized access, use, disclosure, alteration, or destruction. These measures may include encryption of data at rest and in transit, and access controls. However, no internet transmission is completely secure, and we cannot guarantee absolute security.

9. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements.

  • User-Provided Name and Voice Transcriptions: This session data is typically stored for the duration of your active session and for a short period thereafter (e.g., 24-72 hours) for operational purposes, after which it is deleted.
  • Data collected by third-party tools: Retention periods are governed by those third parties (e.g., Google Analytics data may be retained for up to 26 months; Hotjar data for up to 365 days; Sentry data typically for 90 days). Please refer to their respective policies.

10. Your Data Privacy Rights

Depending on your location and applicable law, you may have the following rights regarding your personal data:

  • Right to Know/Access: To request information about the personal data we collect, use, and disclose about you, and to receive a copy of that data.
  • Right to Rectification/Correction: To request correction of inaccurate personal data.
  • Right to Erasure/Deletion: To request deletion of your personal data, subject to certain exceptions.
  • Right to Restrict Processing: To request that we limit the processing of your personal data.
  • Right to Data Portability: To receive your personal data in a structured, commonly used, and machine-readable format.
  • Right to Object: To object to our processing of your personal data based on legitimate interests.
  • Right to Withdraw Consent: Where we rely on your consent, you have the right to withdraw it at any time.
  • Right to Opt-Out of Sale or Sharing (CCPA/CPRA): We do not “sell” your personal information as traditionally defined. However, the use of some analytics or tracking technologies might be considered “sharing” under CPRA.
  • Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.

11. How to Exercise Your Rights

Since we do not have user accounts, if you wish to exercise any of these rights, please contact us at [email protected].

To process your request, we will need to verify your identity to a reasonable degree of certainty. This may involve asking you to provide:

  • The specific “user name” you entered during the demo.
  • The approximate date and time of your interaction.
  • Specific details about the content of your voice chat that only you would likely recall.

We will respond to your request within the timeframes mandated by applicable law (e.g., generally one month under GDPR, 45 days under CCPA/CPRA, with possible extensions).

12. International Data Transfers

Your personal data may be processed in and transferred to countries outside of your country of residence, including the United States, where our servers or our third-party service providers’ servers may be located. These countries may have data protection laws that are different from those in your country. We will take appropriate safeguards to ensure that your personal data remains protected in accordance with this Privacy Policy and applicable law (e.g., by using Standard Contractual Clauses for transfers from the EEA).

13. Children’s Privacy

Our Website and Service are not directed to children under the age of 16 (or a lower age if stipulated by applicable law in your jurisdiction), and we do not knowingly collect personal data from children. If we become aware that we have inadvertently collected personal data from a child, we will take steps to delete such information promptly.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will post any changes on this page with an updated “Last Updated” date. We encourage you to review this Privacy Policy periodically. For material changes, we may provide more prominent notice. Under CCPA/CPRA, privacy policies should be updated at least every 12 months.

15. Contact Us

If you have any questions, concerns, or complaints about this Privacy Policy or our data practices, please contact us at:

Aura Match Ltd
Address: Caves Village
West Bay Street
Nassau, Bahamas 10697 BS
[email protected]

You may also have the right to lodge a complaint with your local data protection authority.