Privacy Policy
Aura GPT is an AI styling service (the MCV® method). To build your profile you create an account and upload photos of your own wardrobe. Your data is hosted in Germany (European Union), your photos stay yours — we don't sell them and we don't use them to train public models — and your entire account can be deleted completely on request.
1. Data controller and how to reach us
The controller of personal data processed through Aura GPT is:
- AVi Kairos Srl
- Strada Lungă 188, Corp C2, Ap. 2, 500051 Brașov, Romania
- CUI 52477194 · J08/68/2025 · EUID ROONRC.J2025068492002
- Privacy questions: [email protected]
- General support: [email protected]
This policy explains what data we process, for which purposes, on which legal bases and what rights you have under the General Data Protection Regulation (GDPR — EU Regulation 2016/679).
2. What data we process
We only process the data needed to provide the Aura GPT service:
| Category | Examples | Legal basis | Retention |
|---|---|---|---|
| Account data | Email address, name, password (stored encrypted) | Performance of the contract (Art. 6(1)(b)) | For the life of the account |
| MCV profile | Onboarding questionnaire answers and styling preferences | Performance of the contract (Art. 6(1)(b)) | For the life of the account |
| Wardrobe photos | The images of your garments that you upload | Consent (Art. 6(1)(a)) | Until account closure or on request |
| Usage and technical data | Access logs, device/browser type, IP address, language | Legitimate interest — security and improvement (Art. 6(1)(f)) | Up to 12 months |
| Payment data | Billing and subscription history (handled by Paddle — see section 7) | Legal obligation — tax/accounting (Art. 6(1)(c)) | 10 years (tax requirement) |
3. Purposes of processing
- Create and manage your account and authenticate you securely.
- Generate your MCV profile and styling recommendations based on your answers and uploaded photos.
- Process payments and issue invoices.
- Keep the service secure and prevent fraud or abuse.
- Improve the quality and reliability of the product.
- Service-related communications (for example email verification or important account notices).
4. Your wardrobe photos
The photos you upload are central to how Aura GPT works, but we treat them with special care:
- They stay yours. You keep control over the images you upload.
- We don't sell them and don't share them for third-party commercial purposes.
- We don't use them to train public AI models.
- You can delete them at any time from your account or by request to [email protected].
Photos are processed solely to generate your profile and styling recommendations. When you close your account or request it, they are deleted from our systems.
5. Recipients and processors
We do not sell your data. We share it only with trusted providers that help us operate the service, each contractually bound to protect it:
- Hetzner Online GmbH — hosting and infrastructure, data centres in Germany (EU) (processor).
- Paddle.com Market Ltd. — payment processing as Merchant of Record (see section 7).
- Anthropic — provider of the AI model that processes the MCV profile (processor); the data sent is minimized and not used to train public models.
- Cloudflare — security, anti-bot protection and content delivery.
6. Artificial intelligence
Generating the MCV profile uses an AI model provider (Anthropic) acting as a processor. The data sent is reduced to the minimum needed to produce the result and is not used to train artificial intelligence models made available to the public.
7. Payments and Paddle
Payments are handled by Paddle.com Market Ltd., acting as the authorized reseller (Merchant of Record). Paddle processes payment data as an independent controller for billing, fraud prevention and tax compliance. Aura GPT does not store your card numbers. For details on Paddle's processing, see the Paddle privacy policy.
8. International transfers
Your data is hosted in the European Union (Germany). If some of our providers process data outside the European Economic Area, this is done with appropriate safeguards, such as the Standard Contractual Clauses (SCC) approved by the European Commission.
9. How long we keep data
We keep account and profile data for the life of your account. Uploaded photos and content are deleted when you close your account or on request. Billing data is kept for the period required by tax law (up to 10 years for invoices). Technical/log data is kept for a limited period for security purposes.
10. Your rights (GDPR)
Under the GDPR (Art. 15–22) you have the following rights:
- Access — find out what data we hold about you.
- Rectification — correct inaccurate data.
- Erasure — request complete deletion of your account and data.
- Restriction — limit processing under certain conditions.
- Portability — receive your data in a structured format.
- Objection — object to processing based on legitimate interest.
- Withdrawal of consent — at any time, for processing based on consent (for example photos).
You can exercise your rights by writing to [email protected]. If you believe your rights have been infringed, you can lodge a complaint with the Romanian supervisory authority (ANSPDCP) or with the supervisory authority in your EU country of residence.
11. Security
We apply appropriate technical and organizational measures to protect your data: encryption in transit, access control, passwords stored in encrypted form and infrastructure hosted in the EU. No system is completely secure, but we work continuously to reduce risk.
12. Minors
Aura GPT is intended for people aged 18 and over. We do not knowingly collect data from minors. If you discover that a minor has provided us with data, contact us and we will delete it.
13. Changes
We may update this policy as the service evolves. The current version is indicated by the date above. Significant changes will be communicated appropriately.
14. Contact
For any privacy question or to exercise your rights: [email protected]. For how we use cookies, see the Cookie Policy.