1. Introduction

Aura 300 Inc. ("Aura", "we", "us") is committed to protecting your personal information. This Privacy Policy explains how we collect, use, and safeguard the data of:

• Clients who use our AI assistant
• Salon customers who interact with Aura via phone, WhatsApp, or integrated tools
• Visitors to our website or dashboard

2. Who Controls Your Data?

• Aura acts as a data processor on behalf of salon clients ("Controllers").
• Salon owners are responsible for collecting consent from their customers.
• If you're a salon customer and have questions about how your data is used, please contact your salon directly.

3. What Data We Collect

Depending on your role and interaction, we may process:

From Salon Clients (our customers)

• Name, email, phone number
• Business details (name, CRM integration, address)
• Booking system preferences, schedule settings
• Payment method (processed via Stripe or other PCI-compliant providers)

From Salon Customers (end users of AI)

• Name, phone number, appointment details
• Call recordings (for quality and training purposes)
• WhatsApp message content and metadata
• Booking history and preferences (via CRM sync)

Automatically Collected

• IP address, device type, browser info
• Activity logs, page views, and usage patterns (via analytics tools)

4. How We Use Your Data

• To operate our AI assistant and booking automation
• To send appointment confirmations or reminders via WhatsApp or SMS
• To improve our AI's natural language processing and accuracy
• For internal analytics and product optimization

5. Legal Grounds for Processing

We rely on the following lawful bases:

• Consent (e.g. customer opts into WhatsApp or SMS)
• Contract (e.g. providing Aura services to the salon)
• Legitimate interests (e.g. improving service performance, fraud prevention)

6. AI & Automated Decision-Making

Aura uses AI and automation to handle calls and messages. This may include:

• Booking or rescheduling appointments
• Recommending services or products
• Retargeting no-shows or past clients

All outputs are based on AI rules, not human intervention. Salon owners can review and customize AI behavior.

7. Data Sharing

We may share data with:

• CRM & booking providers (e.g. Fresha, Treatwell)
• Messaging platforms (e.g. Twilio, Meta/WhatsApp Business)
• Payment processors (e.g. Stripe)
• Cloud infrastructure (e.g. AWS)
• Our vetted technical service providers and sub-processors

We do not sell or rent your personal data.

8. Data Storage & Transfers

Data may be stored or processed in the US, EU, or other jurisdictions with adequate safeguards. We follow GDPR-compliant standard contractual clauses for international transfers.

9. Security Measures

• Data encryption in transit and at rest
• Role-based access control
• Audit logs and breach monitoring

If a breach occurs, we will notify affected users and authorities within 72 hours, as required by law.

10. Your Rights

If you are located in the EU/UK/California, you have the right to:

• Access your data
• Correct or delete your data
• Object to processing
• Request data portability
• Lodge a complaint with your data protection authority

To exercise these rights, contact us at privacy@aura300.ai.

11. Data Retention

• Client account data: kept during the subscription + 2 years
• Call/chat data: kept for 180 days (unless extended for quality tracking)
• Aggregated, anonymized data may be retained for analytics

12. Cookies & Analytics

Our website uses cookies and tracking technologies for:

• Functionality and performance
• Analytics (Google Analytics, Hotjar)
• Retargeting and advertising (Meta Pixel, Google Ads)

You can control cookies through your browser settings.

13. Changes to this Policy

We may update this policy as needed. Clients will be notified via email and/or dashboard notices.

14. Contact Us

Questions or concerns? Email us at privacy@aura300.ai

Data controller (for end-user queries): Your salon or service provider