AuroAuro

PRIVACY POLICY

Last updated: January 13, 2026

This Privacy Policy explains how Auro LLC (“Auro,” “we,” “us,” or “our”) collects, uses, discloses, and protects information when you access or use our websites, applications, and related services (collectively, the “Services”). Auro is an on-demand multimodal AI agent that reduces the time between noticing a UI bug or UX issue and shipping the fix. The Services may involve live screen sharing, audio, images, logs, and other content you provide so the agent can capture UI state and generate structured change requests and other outputs. By using the Services, you acknowledge that you have read and understood this Privacy Policy. Definitions. “Personal Information” means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked with an identified or identifiable person. “Customer Content” means Inputs and Outputs (including any Personal Information included in them) submitted to or generated through the Services. Outputs may be generated content that includes or reflects Inputs. “Inputs” means any content you submit to the Services, including screen-share content, images, audio, text, logs, and other materials. “Outputs” means any results generated by the Services from Inputs (for example, change requests, prompts, summaries, or other artifacts). “Restricted Data” has the meaning set forth in Section 1.3.

1. SCOPE AND IMPORTANT NOTICES

1.1 This Policy Applies To

This Policy applies to information collected through the Services.

1.2 Roles (Controller vs. Processor)

If you use the Services as an individual (and not on behalf of an organization), Auro generally acts as a controller of Personal Information we collect and process in connection with your use of the Services.

If you use the Services on behalf of a business or organization, that organization may be the controller of Personal Information included in Customer Content and certain account data, and Auro may process such information as a processor or service provider on the organization’s behalf. In those cases, your organization’s policies and instructions may apply and your organization may control access, retention, deletion settings, and administrative logs. You should direct privacy requests regarding organization-controlled data to your organization.

1.3 No Restricted Data; You Assume All Risk If You Disclose It

The Services are not designed or intended to process Restricted Data. You must not submit, upload, transmit, display, disclose, or otherwise make available any Restricted Data through the Services (including during screen sharing). You are solely responsible for (a) configuring your environment to prevent Restricted Data from being exposed (including notifications, messaging apps, password managers, admin consoles, logs/dashboards, and browser tabs), and (b) ensuring that you have all rights and lawful bases to provide any Inputs. If you nevertheless submit Restricted Data, you do so at your own risk. You acknowledge and agree that any Restricted Data that is inadvertently submitted may be processed only incidentally and only to the extent strictly necessary to provide the Services you request, maintain security and integrity, comply with law, and enforce our agreements, and we have no obligation to detect, filter, redact, or remove Restricted Data. “Restricted Data” includes: (i) information regulated under HIPAA (PHI), GLBA (NPI), FISMA, FERPA, COPPA, ITAR/EAR export-controlled data, or similar sectoral laws; (ii) payment card data subject to PCI standards (including full card numbers, CVV, magnetic stripe data, and PINs); (iii) government identifiers (including Social Security, driver’s license, passport numbers) and precise geolocation of an individual; (iv) authentication secrets (including passwords, API keys, private keys, seed phrases, access tokens, MFA codes), and security configuration details that could reasonably be used to compromise systems; (v) trade secrets or confidential information you are not authorized to disclose; (vi) biometric identifiers/biometric information and genetic data; (vii) information about minors; and (viii) any other data you are legally obligated to keep confidential or that is subject to heightened legal or contractual restrictions.

2. INFORMATION WE COLLECT

We collect information in three main ways: (A) information you provide, (B) content you submit through the Services, and (C) information collected automatically.

2.1 Information You Provide

You may provide:

  • Name, email address, username, and account credentials
  • Company name, role/title, and other profile details (if provided)
  • Billing details and subscription status (payment is typically handled by our payment processor; we generally receive confirmations and limited billing metadata)
  • Support requests, communications, and feedback

2.1.1 Organization Accounts and Administrators

If you use the Services through an account provisioned by an organization, your organization may be able to access and manage certain account information and settings (for example, SSO enforcement, user lifecycle controls, or access logs) consistent with applicable law and your organization’s policies.

2.2 Content You Submit Through the Services (Multimodal Inputs)

Because the Services capture and interpret UI behavior, you may submit:

  • Screen-share content (e.g., video of your screen, UI flows, web pages, application screens)
  • Screenshots or images you upload
  • Audio (e.g., voice narration)
  • Text prompts, bug descriptions, reproduction steps, notes
  • Technical artifacts you choose to share (e.g., logs, console output, network traces, configuration snippets) You control what you share and are solely responsible for the Inputs you provide. Before using the Services, you must take reasonable steps to prevent disclosure of Restricted Data or any information you are not authorized to disclose. Any masking, redaction, blurring, minimization, or safety controls (if offered) may not detect or remove all sensitive information.

2.3 Information Collected Automatically

When you use the Services, we may collect:

  • Device and browser data (e.g., IP address, browser type, device identifiers, operating system)
  • Usage data (e.g., pages viewed, features used, actions taken, timestamps, referring URLs)
  • Approximate location (derived from IP address)
  • Diagnostic and performance data (e.g., crash reports, latency, error logs)

2.4 Information From Third Parties

We may receive information from:

  • Authentication/SSO providers (if you choose to sign in through a third party)
  • Payment processors (e.g., confirmation of payment, subscription status, fraud signals)
  • Security, analytics, and infrastructure providers (e.g., bot detection, telemetry)

2.5 Sensitive Information

We do not intentionally collect sensitive categories of personal information. If you choose to submit sensitive information, you consent to our processing of it as described in this Policy, but you should not submit Restricted Data.

3. HOW WE USE INFORMATION

We use information to operate the Services, provide AI-driven functionality, secure the platform, and comply with law. Specifically, we may use information to:

3.1 Provide and Operate the Services

  • Create and manage accounts, authenticate users, and provide support
  • Provide core functionality (capturing UI/app state you share; generating structured change requests, prompts, summaries, and outputs)
  • Maintain, troubleshoot, and improve performance and reliability

3.1.1 Data Minimization

We intend to collect and process Inputs to the extent reasonably necessary to provide the Services and maintain their security and integrity. Because screen sharing is user-directed, you control what is shown and transmitted.

3.2 Security, Abuse Prevention, and Enforcement

  • Detect, prevent, and investigate fraud, misuse, security incidents, and prohibited activity
  • Enforce our terms and protect the integrity of the Services
  • Verify identity for security and rights requests

3.3 Communications

  • Send service-related communications (e.g., confirmations, security notices, product updates, administrative messages)
  • Respond to support inquiries and user requests

3.4 Analytics and Improvement

  • Understand how the Services are used and improve user experience
  • Develop and improve features, including safety and abuse controls

3.5 Legal, Compliance, and Enforcement

  • Comply with applicable laws and lawful requests
  • Establish, exercise, or defend legal claims
  • Enforce and investigate potential violations of our Terms of Service, EULA, and other agreements

3.6 Aggregated / De-Identified Data

We may create and use aggregated or de-identified data (data that cannot reasonably identify you) for analytics, product improvement, and security. Where required by law, we maintain de-identified data in de-identified form.

4. LEGAL BASES (EEA/UK AND SIMILAR JURISDICTIONS)

Where required, we rely on:

  • Contract: processing necessary to provide the Services
  • Legitimate Interests: operating, securing, and improving the Services (balanced against your rights)
  • Consent: where you provide it (and you can withdraw consent where applicable)
  • Legal Obligation: compliance with law

5. HOW WE SHARE INFORMATION

We do not sell personal information for money. We share information only as described below:

5.1 Service Providers

We share information with vendors that help us operate the Services (e.g., hosting, storage, analytics, communications, customer support, security, payment

processing). They are authorized to process information only to provide services to us under contractual obligations.

5.2 AI / ML Providers

To provide AI-powered features, we may share certain Inputs (such as text, images, audio, and screen-share-derived data) with third-party AI service providers subject to contractual safeguards designed to protect confidentiality and limit use. These AI providers act as our service providers/contractors and are permitted to process Inputs only on our instructions and only to provide the Services.

5.3 Legal, Safety, and Enforcement

We may disclose information if we believe disclosure is reasonably necessary to:

  • Comply with law, regulation, legal process, or governmental request
  • Enforce our agreements and policies
  • Protect rights, property, or safety of Auro, our users, or others
  • Detect, prevent, or address fraud, security, or technical issues

5.4 Business Transfers

If we are involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, information may be disclosed and transferred as part of that transaction, subject to standard confidentiality protections.

5.5 With Your Direction

We may share information when you instruct us to do so (for example, exporting outputs to a third-party tool you choose).

6. AI FEATURES AND CONTENT PROCESSING

6.1 How AI Uses Your Inputs

The Services may process Inputs you provide to generate Outputs (e.g., change requests, prompts, summaries). Outputs may be inaccurate or incomplete and should be reviewed before use.

6.2 Model Training and Improvement

By default, we do not use Customer Content to train or fine-tune models for public or general-purpose use outside the Services. We may use Customer Content as necessary to (a) provide and operate the Services, (b) maintain, protect, and improve the Services (including debugging, quality assurance, incident response, abuse prevention, fraud prevention, safety evaluation, and reliability), and (c) comply with law and enforce our agreements. We may also use aggregated or de-identified information for analytics and improvement. If we offer an optional feature that permits use of Customer Content for broader training beyond the purposes in this Section, we will present that choice to you. If we offer a separate opt-in allowing broader training use, it will be presented as an explicit choice and will not apply unless you affirmatively opt in.

6.3 Your Responsibilities

You represent that you have all rights and permissions needed to provide Inputs, and that providing Inputs does not violate law or third-party rights. Do not submit Restricted Data.

6.4 Third-Party AI Providers

We may transmit Inputs to third-party AI service providers as described in Section 5.2

7. COOKIES AND TRACKING TECHNOLOGIES

We use cookies and similar technologies to:

  • Maintain sessions and authenticate users
  • Remember preferences
  • Provide security and fraud prevention
  • Analyze usage and improve the Services

7.1 Analytics

We may use analytics providers to understand how the Services are used. You can control cookies through browser settings and may be able to use provider opt-outs where available. If you block cookies, some features may not function properly.

7.2 Do-Not-Track

Because there is no uniform standard, we do not currently respond to browser “Do Not Track” signals.

8. DATA RETENTION

We retain personal information only as long as reasonably necessary for the purposes described in this Policy, including to provide the Services, maintain security, comply with legal obligations, and resolve disputes.

  • Account data: retained while your account is active and as needed thereafter for legitimate business purposes and legal compliance. If you close your account, we will take reasonable steps to delete or de-identify Personal Information within a commercially reasonable period, subject to the retention needs described in this Section (including backups, audit logs, legal holds, compliance, and dispute resolution)
  • Inputs/Outputs: retained only for as long as reasonably necessary to provide the Services you request, maintain security and integrity, support features you enable, comply with legal obligations, and resolve disputes. Retention may vary based on plan, workspace settings, configuration, and applicable law
  • Logs/telemetry: retained for security, debugging, and performance analysis for a limited period, then deleted or de-identified where feasible When we no longer need information, we will delete or de-identify it, consistent with applicable law and reasonable operational requirements (for example, backups and audit logs may persist for a limited period). Backups and system logs may persist for a limited period due to technical and legal requirements. We will maintain and protect such backups and logs consistent with this Policy and delete or de-identify them in the ordinary course when no longer required. Notwithstanding the foregoing, we may retain information where required or permitted by law, for legal holds, to resolve disputes, to enforce agreements, or to protect the safety and security of the Services.

9. SECURITY

We maintain administrative, technical, and physical safeguards designed to protect information against unauthorized access, loss, misuse, alteration, or destruction. No system can be guaranteed 100% secure. You are responsible for maintaining the confidentiality and security of your credentials, devices, network, and environment, including during screen sharing. You are also responsible for implementing appropriate access controls and security measures for any systems you connect to or use in connection with the Services.

10. CHILDREN’S PRIVACY

The Services are not directed to children under 18, and we do not knowingly collect personal information from children under 18. If we learn we collected such information, we will take reasonable steps to delete it.

11. YOUR PRIVACY RIGHTS AND CHOICES

Depending on where you live, you may have rights to:

  • Request access to personal information we hold about you
  • Request correction of inaccurate information
  • Request deletion of certain information
  • Request portability (a copy in a usable format)
  • Object to or restrict certain processing
  • Withdraw consent where processing is based on consent We will respond in accordance with applicable law and may need to verify your identity. We may deny or limit requests where permitted by law, including where fulfilling a request would (a) reveal information about another person, (b) compromise security, fraud prevention, or integrity of the Services, (c) require disproportionate effort, or (d) conflict with legal obligations. We may require additional information to verify your identity and authority to make the request. Even where we delete Personal Information, we may retain limited information as necessary to document and honor your request, to prevent fraud or abuse, or to comply with legal obligations.

12. U.S. STATE PRIVACY DISCLOSURES

If you are a resident of certain U.S. states (including California and others as laws evolve), you may have additional rights, such as the right to opt out of certain “sale,” “sharing,” or “targeted advertising” as defined by applicable law.

12.1 Sale / Sharing / Targeted Advertising

We do not sell Personal Information for money. We do not currently share Personal Information for cross-context behavioral advertising as that term is defined under applicable law. If our practices change, we will provide required notices and opt-out mechanisms.

12.2 Categories Collected and Disclosed

We may collect and disclose the categories described in Section 2 and share them as described in Section 5 for business purposes.

12.3 Non-Discrimination

We will not discriminate against you for exercising applicable privacy rights.

12.4 Authorized Agents and Appeals

Where applicable (e.g., California), you may use an authorized agent, subject to verification. Where required, you may appeal certain decisions.

12.5 Categories of Personal Information

Depending on your use of the Services, we may collect identifiers (such as name, email, IP address), commercial information (subscription status and limited billing metadata), internet or network activity (usage and device data), approximate location (derived from IP), and Customer Content you choose to submit. We disclose these categories to service providers and contractors for the business purposes described in Sections 3 and 5.

13. INTERNATIONAL TRANSFERS

If you access the Services from outside the United States, your information may be transferred to and processed in the United States and other jurisdictions where we or our service providers operate. Where required by law, we implement appropriate safeguards for cross-border transfers, which may include contractual protections and other measures recognized by applicable data protection laws.

14. THIRD-PARTY LINKS AND INTEGRATIONS

The Services may link to, integrate with, or allow you to use third-party websites or services. We are not responsible for their privacy practices. Review third-party privacy policies before providing information to them. When you choose to connect third-party services or export Outputs to third parties, those third parties process information under their own policies and terms. We are not responsible for third-party processing.

15. CHANGES TO THIS PRIVACY POLICY

We may update this Policy from time to time. The “Last updated” date reflects the effective date of the current version. If changes are material, we will provide notice as required by law (for example, via the Services or by email).

16. CONTACT US

Auro LLC. Phone: 1-(704)-625-6383, Email: team@auro.run

17. HOW TO EXERCISE RIGHTS / SUBMIT REQUESTS

To submit a privacy request, email team@auro.run from the email address associated with your account (or submit a request through any in-product or web form we make available for privacy requests). We may request additional information to verify your identity and authority. If you use the Services through an organization account, we may direct you to your organization to submit or administer certain requests where the organization controls the relevant data or settings. We respond within the time required by applicable law. Authorized agents may submit requests where permitted by law, subject to verification of the agent’s authority and the requester’s identity.