Privacy Policy

    Last Updated: November 21, 2024

    Aurora ("Aurora," "we," "us," or "our") is an AI-powered platform dedicated to empowering developers and entrepreneurs to build, deploy, and manage full-stack web applications using natural language. Our mission is to simplify software development through innovative AI tools, seamless integrations, and collaborative features, while prioritizing the privacy and security of your data.

    This Privacy Policy ("Policy") outlines how Aurora collects, uses, shares, and otherwise processes personal information from users ("User," "you," or "your") of our website, platform, and services (collectively, our "Services"). By using our Services, you acknowledge this Policy. If you do not agree with the terms of this Policy, please discontinue your use of our Services.

    1. Personal Data

    For purposes of this Policy, "personal data" means any information that relates to an identified or identifiable natural person. Personal data may include your name, email address, postal address, telephone number, username, unique device or browser identifiers, IP address, authentication tokens, usage logs, or other information generated through your use of our Services.

    Aurora does not intentionally collect sensitive personal data, such as biometric identifiers, health information, or precise geolocation, and instructs users not to upload such information to our platform.

    2. Collection and Use of Information

    Information You Provide Directly

    When you create an account, purchase a subscription, or use our Services, you may provide personal data such as your name, email address, phone number, and payment information. Payment information is processed via Stripe; we do not store full payment card details. For usage-based services, we collect usage data (e.g., API calls, storage usage, compute hours) to meter consumption against your credits.

    We also collect project artifacts such as natural-language prompts, code snippets, and deployment configurations. These artifacts are used only to serve your workspace and, once anonymized or aggregated, to improve our AI models. They are never used to train models that benefit other customers without your permission.

    Information Collected Automatically

    When you interact with the Services, we automatically collect technical data such as IP address, browser type, operating system, device identifiers, pages visited, timestamps, and error logs. We record how you engage with key features (e.g., prompts submitted, code generated, build and deployment events).

    Data Handling in Aurora Platform

    Aurora provides cloud hosting and backend services where your project data, including hosted applications, files, and generated outputs, is stored and processed on infrastructure provided by Supabase. By using Aurora, you consent to the transfer, storage, and processing of your data by Supabase under their privacy policy (available at supabase.com/privacy).

    When using AI features, your inputs (e.g., prompts, queries) are transmitted to third-party AI providers, including Anthropic Claude, for processing. We do not store raw prompts or responses unless you explicitly save them in your workspace. By using these features, you consent to such transfers under the privacy policies of these providers.

    Children's Data

    Aurora's Services are not intended for individuals under the age of eighteen (18), and we do not knowingly collect personal data from anyone under this age. If we discover that we have collected personal data from a minor without verifiable consent, we will promptly delete that information.

    3. Purposes of Use and Processing

    We use your personal information for the following purposes:

    • To provide, operate, and maintain the Services, including code generation and deployment
    • To personalize your experience and optimize AI features for your workspace
    • To analyze usage patterns and improve performance, functionality, and reliability
    • To detect, prevent, and investigate fraud, abuse, or security incidents
    • To communicate with you and provide customer support
    • To process payments and transactions you authorize
    • To comply with legal and regulatory obligations

    4. Third-Party Services and Sub-Processors

    We engage third-party service providers to support our Services, including:

    • Stripe: Payment processing
    • Supabase: Cloud hosting, databases, authentication, and storage
    • Anthropic (Claude): AI model processing for code generation
    • GitHub: Repository management and version control integration

    All third-party providers are contractually obligated to protect your data and use it only for the purposes we specify.

    5. International Data Transfers

    Your personal information may be transferred to and processed in the United States or other jurisdictions where our service providers operate. We implement appropriate safeguards, including Standard Contractual Clauses, to protect your data during international transfers.

    6. Information Security

    Aurora is committed to protecting your personal information. We implement industry-standard security measures, including:

    • Encryption: All data in transit is protected with TLS encryption
    • Access Controls: Role-based access and multi-factor authentication
    • Monitoring: Real-time security monitoring and logging
    • Backups: Regular automated backups with secure recovery procedures

    While we implement reasonable security measures, no system is completely secure. We cannot guarantee absolute security of data transmitted through our Services or stored by third-party providers.

    7. Cookies and Tracking

    Aurora uses cookies and similar technologies to operate and improve our Services. We use:

    • Essential Cookies: Required for authentication, security, and core functionality
    • Analytics Cookies: To measure performance and improve user experience
    • Functional Cookies: To remember your preferences and settings

    You can manage cookie preferences through your browser settings. Disabling cookies may limit some functionality of our Services.

    8. Data Retention

    We retain personal information only as long as necessary to fulfill the purposes outlined in this Policy or as required by law. Upon account termination, we will delete your personal data within 30 days, except for data required for legal compliance or fraud prevention. Backups may retain data for up to 90 days.

    9. Your Privacy Rights

    Depending on your location, you may have the following rights regarding your personal data:

    • Access: Request a copy of the personal information we hold about you
    • Correction: Request correction of inaccurate personal information
    • Deletion: Request deletion of your personal information
    • Portability: Request a copy of your data in a portable format
    • Opt-Out: Opt out of marketing communications

    To exercise these rights, contact us at privacy@aurora.build. We will respond within 30 days.

    10. Links to Other Sites

    Our Services may include links or integrations to third-party services (e.g., GitHub, Supabase) that are not controlled by Aurora. Your interactions with those services are governed by their own privacy policies. We are not responsible for the privacy practices of external sites.

    11. California Privacy Rights

    If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information we collect, the right to delete your information, and the right to opt-out of the sale of your information. Aurora does not sell personal information.

    12. Changes to This Policy

    Aurora reserves the right to update this Privacy Policy to reflect changes in our practices or legal requirements. We will post any revised Policy at aurora.build/privacy and indicate the "Last Updated" date. For material changes, we will provide at least 30 days' advance notice by email. Your continued use of the Services after changes take effect constitutes acceptance of the revised Policy.

    13. Contact Us

    If you have questions, concerns, or wish to exercise your privacy rights, please contact us:

    14. No Coding Advice

    Our Services provide AI-assisted tools that generate or suggest code, but they are not a substitute for professional software engineering judgment. You remain responsible for reviewing, testing, and validating any code or configuration produced by the platform. Reliance on generated output is at your own risk.

    15. Governing Law

    This Policy is governed by the laws of Virginia, without regard to its conflict-of-law principles. Any disputes arising under this Policy shall be resolved in the courts of Virginia.