The short version: We collect only what's necessary to run the service. Your conversations are stored on our server and processed through AWS Bedrock. We never sell your data. You can delete your account at any time.
1. Information We Collect
Account Information
When you create an account, we collect:
- Username โ required for identification
- Email address โ for account verification and notifications
- Password โ stored as a bcrypt hash (we never store plaintext passwords)
- OAuth profile โ if you sign in with Google, we receive your name, email, and profile picture
Usage Data
We automatically collect:
- Conversation history โ messages you send and AI responses
- Token usage โ number of tokens consumed per conversation
- Login records โ IP address, browser, and timestamp when you log in
- Daily usage count โ to enforce fair-use rate limits
Technical Data
- IP address (stored temporarily in session cookies and login logs)
- User-Agent string (browser and OS type)
- Session cookies for authentication
2. How We Use Your Information
- To provide and maintain the Aury AI service
- To authenticate your identity and protect your account
- To send email notifications (login alerts, password resets, verification emails)
- To enforce daily usage limits and prevent abuse
- To improve the service based on usage patterns
- To respond to support requests
We do not use your data for advertising, behavioral profiling, or selling to third parties.
3. Data Storage & Security
All data is stored in a SQLite database on our server. We implement the following security measures:
- All passwords are hashed using bcrypt (12 rounds)
- Authentication tokens are JWT signed with a secret key, expiring after 24 hours
- HTTPS enforced via SSL/TLS (Let's Encrypt)
- Security headers: CSP, X-Frame-Options, HSTS, X-XSS-Protection
- Rate limiting on all API endpoints to prevent brute-force attacks
- Session cookies are httpOnly and secure
4. Data Sharing
We share data only with:
- AWS Bedrock โ your conversation messages are sent to AWS to generate AI responses. AWS processes this data according to their Privacy Policy.
- Google OAuth โ if you choose to sign in with Google, Google shares your profile information with us per their Privacy Policy.
We do not sell, rent, or share your personal data with advertisers or data brokers.
5. Cookies & Session Data
We use the following cookies:
- token โ JWT authentication cookie (httpOnly, secure, 24h expiry)
- guest_session โ anonymous session tracking for guest users (7-day expiry)
We do not use advertising cookies, tracking pixels, or third-party analytics cookies.
6. Your Rights
You have the right to:
- Access โ view all data associated with your account
- Export โ download your conversation history
- Delete โ delete your account and all associated data permanently
- Correct โ update your profile information
- Opt-out โ disable login notification emails in your settings
To exercise these rights, contact us at admin@auryai.org.
7. AI Conversations & AWS Bedrock
Important: When you send a message, it is transmitted to AWS Bedrock to generate a response. This means your conversation content is processed by Amazon Web Services infrastructure. Please do not share sensitive personal information, passwords, or confidential data in your conversations.
AWS Bedrock does not use customer data to train foundation models by default. See AWS Bedrock Data Protection documentation.
8. Children's Privacy
Aury AI is not directed at children under 13. We do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected such data, please contact us to have it removed.
If you have questions about this Privacy Policy or how we handle your data:
We will respond to privacy-related requests within 30 days.