Privacy Policy

1. Data Controller

The data controller for auryx.cloud is:

Auryx AI LLC
30 N Gould St Ste N
Sheridan, WY 82801, USA
privacy@auryx.cloud

2. Data We Collect

Account data: Name, email address, and company information upon registration. Payment data: Processed directly by Stripe – AURYX does not store credit card numbers. Usage data: Technical data such as IP address, browser type, page views, and access times.

Platform connections: When you connect social media accounts (YouTube, Instagram, Facebook), we receive OAuth tokens for API access. These tokens are stored encrypted with AES-256-GCM in our database.

3. Purpose of Data Processing

We process your data to provide our services (contract fulfillment), for billing through Stripe, to improve our platform, and for communication regarding your account. AI-generated content is created based on your brand information – your personal data is not used in content generation.

4. Legal Basis (GDPR)

For EU customers: Contract fulfillment (Art. 6(1)(b) GDPR) for providing our services. Legitimate interests (Art. 6(1)(f) GDPR) for platform security and analysis. Consent (Art. 6(1)(a) GDPR) for connecting social media accounts.

5. Data Sharing with Third Parties

We only share your data with processors necessary for service delivery: Stripe (payment processing), Neon (database hosting), Airtable (content management), OpenAI (AI content generation), Google Cloud (infrastructure).

All processors are contractually obligated to GDPR compliance. No data is shared for advertising purposes.

6. Cookies & Tracking

AURYX uses only technically necessary cookies for session management (authentication) and language preferences. No advertising or tracking cookies are used.

7. Data Security

All data is transmitted via HTTPS/TLS encryption. OAuth tokens are stored with AES-256-GCM encryption. We perform regular backups and operate our servers in secure data centers.

8. Data Retention

Account data is stored for the duration of the contractual relationship. After cancellation, personal data is deleted within 90 days, unless statutory retention obligations exist.

Invoice data is retained according to legal requirements (7-10 years).

9. Your Rights (GDPR)

EU customers have the right to: Access to stored data, rectification of inaccurate data, erasure ("right to be forgotten"), restriction of processing, data portability, and objection to processing. You can exercise these rights at any time by emailing privacy@auryx.cloud.

10. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. Significant changes will be communicated by email to registered users.