Privacy Policy and Data Processing

Last updated: March 23, 2026

1. Identification of Roles (GDPR & CCPA Compliant)

In the context of the services provided through Aura SaaS:

  • Data Controller: The Affiliated Business (e.g., barbershop, spa, clinic) that uses the platform to schedule its appointments. It decides what personal data to request and its purpose.
  • Data Processor: Aura SaaS. We act as providers of the technological infrastructure, processing data on behalf of and by order of the Controller.

2. International Data Transfer

The data processed by Aura is stored on servers hosted by Google Cloud Platform (USA). By accepting this policy, you (whether a Business or an End Client) explicitly authorize the international transfer of your personal data for hosting and technological processing purposes, ensuring that the provider (GCP) complies with international security standards.

3. Collection and Use of Data

For Businesses (B2B): We collect name, phone, email, and billing data for the management of your subscription and access to the platform.

For End Clients (B2C): We collect name, phone, and in some cases email and notes, solely and exclusively to manage your appointments and send reminders/notifications on behalf of the Responsible Business.

4. Rights of Data Subjects (Habeas Data & GDPR)

In accordance with current legislation, you have the right to know, update, rectify, and request the deletion of your personal data (Right to be Forgotten).

4.1. Procedure for End Clients

The end client must direct their request for data deletion primarily and preferably to the Business where they scheduled their appointment (The Controller). In the event that the Business does not respond to your request within 15 business days, or if the business has disappeared, the client may contact Aura at legal@auraerp.com to request the technical purge of their data from our systems.

4.2. Procedure for Affiliated Businesses

The business administrator can request the total deletion of their account and their tenant's data by sending an email to legal@auraerp.com from the email address registered as the owner of the account.

5. Information Security

Aura implements the necessary technical, human, and administrative measures to provide security to the records, avoiding their adulteration, loss, consultation, use, or unauthorized or fraudulent access, utilizing the security infrastructure of Firebase and Google Cloud.

6. California Consumer Privacy Act (CCPA) - "Do Not Sell My Personal Information"

If you are a California resident, the CCPA grants you specific rights regarding your personal information. Aura SaaS does not sell, rent, release, disclose, disseminate, make available, transfer, or otherwise communicate orally, in writing, or by electronic or other means, a consumer’s personal information to another business or a third party for monetary or other valuable consideration. We act exclusively as a service provider/Data Processor. Any request related to your rights under the CCPA should be directed to the Affiliated Business (Data Controller) with whom you interacted. You may also contact us at legal@auraerp.com for technical assistance regarding your data.