Privacy Policy

1. Who We Are

This Privacy Policy applies to the AuraicPulse Media application and platform (the "App"), operated by AuraicPulse Ventures ("we", "us", "our"), a social media management and marketing agency based in Ireland. AuraicPulse Media is our proprietary platform that powers our agency operations including AI-assisted content creation, multi-platform publishing, scheduling, social media account management, and client reporting. When we refer to "the App" or "AuraicPulse Media" in this policy, we mean the AuraicPulse Media application accessible at auraicpulse.info and all related services.

Data Controller: AuraicPulse Ventures
Contact: [email protected]
Website: https://auraicpulse.info

2. What Data We Collect

2.1 Account Data

• Name, email address, and password (hashed with bcrypt, 12 rounds)
• User role and organisation membership
• Login timestamps and session data

2.2 Client Data

• Client business name, industry, contact details
• Social media account connections (OAuth tokens, encrypted with AES-256-GCM)
• Content created, scheduled, and published through the platform
• Analytics data from connected social media platforms
• Approval workflows and communication history

2.3 Booking Data (Supernova)

• Customer name, email, phone number
• Event details (date, venue, guest count, event type)
• Playlist selections and interaction data
• Communication history (emails, quotes, confirmations)

2.4 Usage Data

• AI usage logs (which models were called, token counts, costs)
• Feature usage and interaction patterns
• Push notification subscription data
• Browser type and device information (via standard HTTP headers)

2.5 Data We Do Not Collect

• We do not use tracking cookies or third-party analytics
• We do not sell or share personal data with advertisers
• We do not store payment card details (payments processed by Stripe)

3. How We Use Your Data

We process personal data for the following purposes:

• Service delivery: Managing your social media accounts on your behalf, creating and publishing content, scheduling posts, running campaigns, and generating performance reports
• Authentication: Verifying the identity of our staff and clients accessing the platform
• Communication: Sending transactional emails (booking confirmations, reports, notifications, reminders)
• AI processing: Using AI models to generate content, analyse performance data, and provide strategic recommendations for your accounts
• Analytics: Pulling performance metrics from your connected social platforms to build reports and inform strategy
• Booking management: Processing event enquiries, quotes, confirmations, and playlist selections for client events
• Agency operations: Internal task management, team collaboration, client onboarding, and workflow automation

4. Legal Basis for Processing

Under GDPR, we process your data based on:

• Contract: Processing necessary to deliver the services you signed up for (Article 6(1)(b))
• Legitimate interest: Platform security, fraud prevention, and service improvement (Article 6(1)(f))
• Consent: Where we send marketing communications or use optional features like push notifications (Article 6(1)(a))
• Legal obligation: Where required by Irish or EU law (Article 6(1)(c))

5. Third-Party Services

We share data with the following categories of service providers, all of which are GDPR-compliant or operate under adequate safeguards:

5.1 AI Providers

• Groq (primary AI provider): processes text prompts for content generation and analysis
• Google Gemini: fallback AI provider
• Anthropic (Claude): premium AI tasks
• xAI (Grok): real-time voice conversations and web search

AI providers receive the minimum data necessary for the task. We do not send passwords, financial data, or social media tokens to AI providers.

5.2 Infrastructure

• DigitalOcean: hosting and managed PostgreSQL database (EU region)
• DigitalOcean Spaces: media file storage (CDN)

5.3 Email

• Resend: transactional email delivery (primary)
• Postmark: transactional email delivery (fallback)
• Zoho Mail: business email hosting

5.4 Social Media Platforms

As your social media management agency, we connect to and manage your accounts on platforms including Meta (Facebook, Instagram), TikTok, YouTube, LinkedIn, Pinterest, X, Threads, and Google Business Profile. We use official platform APIs with OAuth authentication to publish content, pull analytics, and manage your presence on your behalf. We access only the permissions necessary to deliver the services agreed in your contract with us. You retain full ownership of your accounts at all times.

5.5 Payments

• Stripe: payment processing. We never see or store your full card details.

6. Data Storage and Security

• All data is stored on DigitalOcean managed infrastructure in the EU
• Database connections use SSL/TLS encryption
• Passwords are hashed using bcrypt with 12 salt rounds
• OAuth tokens are encrypted at rest using AES-256-GCM with random IVs
• API keys are stored as SHA-256 hashes (never in plain text)
• Sessions use signed JWT tokens with 7-day expiry
• All web traffic is encrypted via HTTPS
• Rate limiting protects against brute-force attacks
• Role-based access control restricts data access by user type

7. Data Retention

• Account data: retained while your account is active, deleted within 30 days of account deletion
• Content and analytics: retained for the duration of the client relationship
• AI usage logs: retained for 12 months for billing and governance purposes
• Booking data: retained for 24 months after event date, then available for export and deletion
• Activity logs: retained for 90 days, then automatically purged
• Email communications: retained for 12 months

8. Your Rights

Under GDPR, you have the right to:

• Access: Request a copy of all personal data we hold about you
• Rectification: Request correction of inaccurate data
• Erasure: Request deletion of your personal data ("right to be forgotten")
• Data portability: Receive your data in a structured, machine-readable format (JSON export)
• Restriction: Request that we limit processing of your data
• Objection: Object to processing based on legitimate interest
• Withdraw consent: Where processing is based on consent, withdraw it at any time

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days as required by GDPR.

Our data export feature allows you to download all your data as a JSON file at any time from the admin settings.

9. International Data Transfers

Some of our AI providers (Groq, Anthropic, xAI) are based in the United States. Data transfers to the US are conducted under:

• EU-US Data Privacy Framework (where applicable)
• Standard Contractual Clauses (SCCs) approved by the European Commission

We minimise data sent to non-EU providers and never transfer sensitive personal data (passwords, financial details, health data) outside the EU.

10. Cookies and Local Storage

We use:

• Session cookies: Essential for authentication (JWT session token). Cannot be disabled.
• localStorage: User preferences (theme, sidebar state, starred clients). Cleared on logout.
• sessionStorage: Temporary chat history. Cleared on browser close.

We do not use tracking cookies, advertising cookies, or third-party analytics scripts.

11. Children

Our services are not directed at individuals under the age of 18. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it.

12. Complaints

If you have concerns about how we handle your data, please contact us first at [email protected].

You also have the right to lodge a complaint with the Irish Data Protection Commission:

Data Protection Commission
21 Fitzwilliam Square South, Dublin 2, D02 RD28, Ireland
Phone: +353 1 765 0100 / 1800 437 737
Website: www.dataprotection.ie

13. Changes to This Policy

We may update this privacy policy from time to time. We will notify registered users of material changes via email or in-app notification. The "Last updated" date at the top of this page reflects the most recent revision.