Privacy Policy

Last updated: March 1, 2026

Aurvek ("we", "us", "our") operates the aurvek.com platform. This policy explains what data we collect, why, and how we protect it.

1. Information We Collect

Account Information

Email address — used for account creation, login via magic link, and transactional notifications.
Username — chosen by you or auto-generated during registration.
Password — if you choose password-based authentication, stored as a salted bcrypt hash. We never store or see your plaintext password.
Google account data — if you sign in with Google, we receive your Google ID, email, and display name via OAuth 2.0. We do not access your contacts, calendar, or any other Google data.

Payment Information

Payments are processed by Stripe. We do not store credit card numbers, CVVs, or full card details on our servers.
We store transaction records (amounts, dates, references) for accounting and dispute resolution.

Usage Data

Conversations and messages you create within the platform, including AI responses.
Files you upload (images, audio, documents) for use within conversations.
Token usage and costs for billing purposes.
IP address for rate limiting, abuse prevention, and security.

Cookies

Session cookie — a JWT token for authentication. HttpOnly, SameSite=Lax, and Secure when served over HTTPS.
Visitor cookie — an anonymous analytics identifier for landing pages. No personal data.

We do not use third-party tracking cookies or advertising cookies.

2. How We Use Your Data

To provide, maintain, and improve the platform.
To process payments and maintain transaction history.
To send transactional emails (login links, payment confirmations). We do not send marketing emails without explicit consent.
To enforce our terms, prevent abuse, and ensure platform security.

3. Third-Party Services

We use the following third-party services that may process your data:

AI Providers (OpenAI, Anthropic, Google, xAI) — your conversation messages are sent to these providers to generate AI responses. Each provider has its own privacy policy and data handling practices.
Stripe — payment processing. Subject to Stripe's Privacy Policy.
Cloudflare — CDN, DDoS protection, and DNS. Subject to Cloudflare's Privacy Policy.
Google OAuth — authentication only. Subject to Google's Privacy Policy.
ElevenLabs — text-to-speech and voice features, if enabled.

4. Data Storage and Security

Data is stored on servers we control. Database access is restricted and encrypted at rest.
Passwords are hashed with bcrypt and a unique pepper. We cannot recover your password.
API keys and secrets are stored in environment variables, never in source code.
We implement rate limiting, IP-based abuse detection, and progressive banning for security.

5. Data Retention

Account data is retained as long as your account is active.
Conversation data can be deleted by you at any time through the chat interface.
If you request account deletion, we will remove your data within 30 days, except where legally required to retain it (e.g., financial transaction records).

6. Your Rights

You have the right to:

Access your personal data.
Correct inaccurate data via your profile settings.
Delete your account and associated data.
Export your conversation data (PDF, MP3 formats available).
Object to processing in certain circumstances.

To exercise these rights, contact us at the email below.

7. Children's Privacy

Aurvek is not directed at children under 16. We do not knowingly collect data from minors. If you believe a child has provided us with personal data, please contact us and we will delete it.

8. Changes to This Policy

We may update this policy from time to time. Significant changes will be communicated via the platform. Continued use after changes constitutes acceptance.

9. Contact

For privacy-related questions or requests:

Email: [email protected]