Privacy

Privacy Policy

Data controller

The data controller is Aura Tech SL, with registered office in Catalonia, Spain. You can contact the data controller at info@auratech.cat.

Data collected

The personal data we collect through this website includes: (a) Contact form: name, email address, phone number (optional) and message. (b) Analytics: anonymous browsing data collected through Google Analytics 4 (GA4), such as pages visited, session duration and device type.

Legal basis

The legal basis for processing your data is: (a) The consent you provide when submitting the contact form or accepting analytics cookies. (b) Auratech's legitimate interest in improving its services and the website browsing experience.

Data retention

Contact form data will be retained for a maximum of 12 months from the last communication. Analytics data is retained anonymously for a period of 14 months, as configured in Google Analytics 4.

Subprocessors

To deliver the service we use the following subprocessors, all under signed DPA or standard DPA template: (a) Hetzner Online GmbH (Frankfurt, Germany) — application and database hosting. (b) Resend (Dublin, Ireland) — transactional email delivery (contact form notifications). (c) Microsoft 365 (EU) — mailboxes for the auratech.cat domain. (d) Google Fonts (EU/US servers under the Data Privacy Framework) — typographic fonts on the website. (e) Google Analytics 4 (US servers under the Data Privacy Framework) — anonymous browsing analytics, consent-gated.

Health data (GDPR Article 9)

GDPR Article 9 — health data. Our AI agent product line for aesthetic clinics (auratech.cat/automatitzacions-ia) processes patient conversations with the clinics that use the service. These conversations can contain health information (GDPR Article 9). In that context the clinic is the data controller and Auratech is the data processor. Measures applied: (a) data stored on EU servers (Hetzner Frankfurt). (b) encryption in transit (TLS) and at rest. (c) DPA signed with each clinic before the pilot. (d) audit logs for access. (e) deletion of conversations on customer request. If you have interacted with an AI agent run by a clinic on our service and want to exercise rights over that data, contact the clinic first (the data controller) or, alternatively, write to info@auratech.cat.

International transfers

Some data may be transferred outside the European Economic Area: (a) Google Analytics 4 and Google Fonts — United States, under the Data Privacy Framework (European Commission adequacy decision, July 2023). (b) Microsoft 365 — may process metadata in the US under the DPF and Standard Contractual Clauses. All other processing remains within the EU (Hetzner Germany, Resend Ireland).

Your rights

Under the General Data Protection Regulation (GDPR) you have the right to: access your personal data (Article 15), request rectification or erasure (Article 17), object to processing (Article 21), request restriction (Article 18), and data portability (Article 20). If you have an Auratech account, you can exercise these rights directly from your profile at /dashboard/perfil — buttons "Download my data" and "Delete my account". If you don't have an account, email info@auratech.cat. You also have the right to file a complaint with the Spanish Data Protection Agency (AEPD).

Contact

For any queries related to personal data protection, you can contact us at info@auratech.cat.