Privacy Policy

This Privacy Policy explains what personal data we collect, why we collect it, how we use and protect it, and what rights you have over your data. We are committed to being transparent about our data practices. By using AURA, you agree to the collection and use of your information as described in this Privacy Policy. If you do not agree, please do not use the Service.

AURA is a trading journal and analytics platform operated by Aura Alpha Systems, a business registered in the Republic of the Philippines. Data Controller: Aura Alpha Systems Website: https://aurapro.trade Privacy Contact: [email protected] General Support: [email protected]

2.1 Account and Identity Data When you register for an account, we collect: • Username • Email address • Password (stored as a hash) • Google account information (if you use Google sign-up) 2.2 Trading and Journal Data This is the core data you voluntarily input into the Service: • Trade records including symbol, direction, entry/exit prices, profit and loss • Journal entries, trade notes, and free-text observations • Emotional state tags and psychological annotations • Portfolio and position data 2.3 AI Interaction Data When you use AI-powered features, we process your trading and journal data to generate insights using Google Gemini via the Google AI API. 2.5 Usage and Technical Data We automatically collect certain technical data including IP address, browser type and version, operating system, and pages visited.

We use the data we collect for the following purposes: • Providing the Service (Contract performance) • Authentication & Security (Legitimate interest) • Billing & Payments (Contract performance) • Product Improvement (Legitimate interest) • Customer Support (Contract performance) • Marketing Communications (Consent)

4.1 What Are Cookies Cookies are small text files stored on your device by your browser when you visit a website. 4.2 Types of Cookies We Use • Essential Cookies: Required for the Service to function. • Analytics Cookies: Used by Google Analytics 4 to collect aggregated, anonymized data. • Performance Cookies: Vercel Analytics collects metrics without cookies. 4.3 Cookie Consent You may accept all cookies, reject non-essential cookies, or manage your preferences via the banner.

We share your data with the following service providers solely to deliver the Service: • Google Analytics 4: Usage analytics • Vercel Analytics: Platform performance monitoring • Google AI (Gemini): Powers AI features • Vercel (Hosting): Infrastructure • Stripe: Billing and payment processing We use Supabase as our primary database and backend infrastructure provider. Your data is stored on secure, encrypted servers managed by Supabase, featuring Row-Level Security (RLS) to ensure your trading logs remain private. Supabase is SOC 2 Type II compliant, meeting rigorous international standards for security and availability. 5.1 Business Transfers Your personal data may be transferred during a merger, acquisition, or sale of assets. 5.2 Legal Disclosures We may disclose your personal data if required to do so by law.

Aura Alpha Systems is based in the Philippines. Your data may be transferred to and processed in countries outside your own jurisdiction, including the Philippines and the United States. For users in the EU or UK, data transfers are made in reliance on standard contractual clauses or equivalent mechanisms adopted by our service providers.

We retain your personal data only for as long as necessary: • Account and trading data: Until account deletion, plus 30 days. • Billing and payment records: 7 years from the transaction date. • Server and access logs: 90 days from collection. • Analytics data: 14 months.

You have the following rights regarding your personal data: • Right to Access: Request a copy of your data. • Right to Rectification: Request correction of inaccurate data. • Right to Erasure: Request deletion of your data. • Right to Data Portability: Request your data in CSV format. • Right to Withdraw Consent: Withdraw consent at any time. To exercise any of these rights, contact us at [email protected].

We implement industry-standard technical security measures including TLS encryption and salted cryptographic hashes for passwords. 9.1 Data Breach Notification: In the event of a high-risk breach, we will notify affected users within 72 hours of discovery.

The Service is not intended for use by individuals under the age of eighteen (18). We do not knowingly collect personal data from children under 18.

As a company based in the Philippines, we comply with the Data Privacy Act of 2012 and its Implementing Rules and Regulations as enforced by the National Privacy Commission (NPC).

If you are located in the European Union or United Kingdom, additional rights apply under GDPR or UK GDPR. You have the right to lodge a complaint with your local supervisory authority.

California residents have specific rights under the CCPA/CPRA, including the right to know what personal info is collected and the right to delete. We do not sell your personal info.

We send marketing emails only if you have explicitly opted in. Each email includes a one-click unsubscribe link. Transactional emails (e.g. password resets) will still be sent.

We may update this Privacy Policy from time to time. When we make material changes, we will provide at least fourteen (14) days notice before the changes take effect.

Privacy Requests: [email protected] General Support: [email protected] Republic of the Philippines