Privacy Policy

Last Updated: October 12, 2025

1. Introduction

Welcome to AuricFlow ("we," "us," "our"). This Privacy Policy explains how we collect, use, share, and protect your personal information when you visit our website and use our Software-as-a-Service (SaaS) platform (collectively, "Services"). It applies to users globally, including those in the European Economic Area (EEA), and is intended to comply with both the General Data Protection Regulation (GDPR) and the Australian Privacy Act 1988 (including the Australian Privacy Principles).

2. Data Controller

For the purposes of the GDPR, AuricFlow, located in New South Wales, Australia, is the data controller responsible for your personal data.

3. Data We Collect

3.1 Personal Data

We collect and process various categories of personal data, which may include:

  • Identity Data: Your name and username.
  • Contact Data: Your email address, phone number, and mailing address.
  • Technical Data: IP address, browser type and version, time zone settings, operating system, and platform.
  • Usage Data: Information about how you interact with our Services (e.g., pages viewed, time spent, clicks).
  • Marketing Data: Your preferences for receiving marketing communications from us.

Mandatory vs. Voluntary Data

Certain data (e.g., email address) is necessary to create an account or provide our Services. If you choose not to provide mandatory data, we may be unable to offer certain features or complete specific requests.

3.2 Cookies and Similar Technologies

We use cookies and similar tracking technologies to:

  • Improve user experience
  • Analyse trends and user behaviour
  • Track navigation throughout our Services

You can manage your cookie preferences through your browser settings or by adjusting your choices when prompted on our website.

4. Legal Bases for Processing

Where the GDPR applies, we rely on the following legal bases:

  • Consent (GDPR Art. 6(1)(a)): For marketing communications and the use of non-essential cookies or tracking technologies where required by law.
  • Contractual Necessity (GDPR Art. 6(1)(b)): To provide our Services and fulfil our contractual obligations, such as creating and managing your account.
  • Legal Obligation (GDPR Art. 6(1)(c)): To comply with our legal and regulatory requirements.
  • Legitimate Interests (GDPR Art. 6(1)(f)): To improve our Services, detect or prevent fraud, and (where permitted) for direct marketing, provided these interests are not overridden by your fundamental rights and freedoms.

5. How We Use Your Information

We use your personal data for the following purposes:

Service Provision and Improvement

To operate, maintain, and enhance our Services, including troubleshooting, data analytics, and research. We may use aggregated and anonymized usage data to provide general industry insights and benchmarking to our customers. This aggregated data does not identify individual users or organizations.

Communication

To send you account-related notifications, respond to your inquiries, and provide customer support.

Personalisation

To tailor content and features to your interests and preferences.

Marketing & Advertising

To send promotional emails or show you targeted ads (with consent where required). You can opt out at any time by clicking "unsubscribe" in marketing emails or adjusting your browser/cookie settings.

Legal & Regulatory Compliance

To comply with our legal obligations, court orders, or government requests.

6. Data Sharing & Third-Party Services

We do not sell your personal data. However, we may share or disclose personal data to:

Service Providers & Business Partners

Who perform services on our behalf (e.g., hosting, payment processing, analytics, customer support). We require these providers to adhere to strict data protection requirements.

Law Enforcement & Government Agencies

If required by law, subpoena, or court order, or if disclosure is necessary to protect our rights or the rights of others.

Key Third Parties

  • Google Analytics: Provides site analytics; we may share anonymised IP addresses or usage data.
  • Facebook: Advertising platform for custom or lookalike audiences; we may share hashed identifiers for remarketing.
  • Microsoft Clarity: Tracks user behaviour (mouse movements, clicks) for UX improvements.
  • Tally: Create online forms and surveys. It collects information for various purposes like feedback and feature requests.
  • Calendly: We use Calendly to manage appointments. When you schedule a meeting with us, Calendly will collect your name, email address and other information you provide.
  • Amazon AWS: Provides cloud infrastructure and platform services. AWS hosts our application and stores data, including user account information and usage data.

We ensure these third parties comply with applicable data protection laws and use appropriate safeguards (such as Standard Contractual Clauses for international transfers).

7. International Data Transfers

As we are based in Australia, your data may be transferred to, stored, or processed in countries outside of the EEA. Where we transfer data internationally, we ensure an adequate level of protection by using:

  • Standard Contractual Clauses (SCCs) approved by the European Commission, or
  • Other lawful transfer mechanisms (e.g., adequacy decisions, binding corporate rules).

8. Data Retention

We retain your personal data only as long as necessary for the purposes described in this policy or as legally required. Specifically:

  • Account Information: Stored for the duration of your account plus 30 days after closure, unless legally required to retain longer.
  • Usage Data: Retained for 26 months for analytics before anonymisation or deletion.
  • Marketing Data: Retained until you unsubscribe or withdraw consent, or it becomes outdated.

When data is no longer needed, we securely delete or anonymise it.

9. Your Rights

Under the GDPR and other applicable laws, you may have the right to:

  • Access: Request a copy of your personal data.
  • Rectification: Correct inaccurate or incomplete personal data.
  • Erasure ("Right to be Forgotten"): Request deletion of your data under certain conditions.
  • Restriction: Request to limit processing under specific circumstances.
  • Data Portability: Receive your data in a machine-readable format for transfer.
  • Objection: Object to processing based on legitimate interests or direct marketing.
  • Withdraw Consent: Where processing is based on consent, you can withdraw it at any time.

To exercise these rights, email us at support@auricflow.com. We will respond to your request within 30 days, subject to legal requirements and exemptions.

10. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at support@auricflow.com.