Legal
Last updated: 10 May 2026
Aurora is operated by Matteo Gevi, Berlin, Germany. If you have any questions about this policy, email us at privacy@ai-aurora.com.
Aurora is an AI-powered tool that evaluates written responses against uploaded documents. To do this, we need to collect and process some of your personal data. This policy explains exactly what we collect, why, and how long we keep it.
We do not sell your data. We do not use your data to train AI models. We do not share your data with advertisers.
If you join our waitlist, we collect your work email address, your organisation name, and your role. We use this to manage access requests and to contact you when your access is ready. The legal basis is your consent — you can ask us to remove your data at any time.
If you create an account, we collect your email address and your password. Your password is stored in encrypted form — we never see your actual password.
When you use Aurora, we process the documents you upload, the written responses you submit for assessment, and the scores Aurora generates for each response. This data is processed to provide the service, stored securely in the EU, and deleted when you close your account.
Anthropic retains this data for up to 30 days, after which it is automatically deleted. Anthropic does not use your data to train their models. The feedback text Aurora shows you is not stored in Aurora's database — only your scores are saved.
In line with the EU AI Act (Article 50): when you use Aurora, you are interacting with an AI system, not a human. All scores and feedback are formative — they are always subject to review and approval by your instructor or trainer. Aurora does not issue official grades or certifications.
We share data only with the services that make Aurora work. Supabase handles our database and authentication, with your data stored in Frankfurt, Germany. Anthropic receives your written responses and document excerpts for AI analysis only, retaining them for up to 30 days then deleting automatically. Railway hosts the Aurora application in Amsterdam, Netherlands. Vercel hosts our marketing website. All providers are bound by Data Processing Agreements consistent with GDPR.
The only data that leaves the European Union is what is sent to Anthropic's API for analysis, and this transfer is protected by Standard Contractual Clauses under Article 46 GDPR.
Waitlist data is kept until you gain access to Aurora or ask us to delete it. Account data, uploaded documents, and assessment scores are kept while your account is active and permanently deleted when you close your account. Data held by Anthropic is automatically deleted by them within 30 days of processing.
Under GDPR, you have the right to access a copy of the data we hold about you, correct any inaccurate information, delete your account and all associated data, export your data in a machine-readable format, object to how we process your data in certain situations, and withdraw your consent at any time where processing is based on consent.
To exercise any of these rights, email privacy@ai-aurora.com. We will respond within 30 days.
We protect your data with encryption at rest and in transit, row-level security so each user can only access their own data, Supabase Auth for account security, and secure server-side storage of all credentials. If we become aware of a data breach that poses a risk to your rights, we will notify the relevant authority within 72 hours and inform you without undue delay.
Aurora is not intended for users under 16. If you believe a minor has registered, please contact us at privacy@ai-aurora.com.
Aurora does not use advertising or analytics cookies. We use only the functional cookies necessary to keep you logged in and the application working.
If we make significant changes to this policy, we will notify you by email before the changes take effect. The date at the top of this page shows when it was last updated.
If you believe your data protection rights have been violated, you can lodge a complaint with the German Federal Commissioner for Data Protection at bfdi.bund.de, or with the data protection authority in your country of residence within the EEA.
Matteo Gevi
Berlin, Germany
privacy@ai-aurora.com
ai-aurora.com