Last updated: March 25, 2026
Encrypted Everything
TLS 1.3 in transit, AES-256 at rest. API keys encrypted before storage.
No Content Selling
We never sell, share, or monetize your content or usage patterns.
You Own Your Data
Export or delete at any time. Full GDPR and CCPA compliance.
Minimal Collection
Only what's necessary. No tracking pixels, no fingerprinting.
Email address and, if using Google OAuth, name and profile picture. We never store your Google password.
Search queries, website URLs, content text, and brand names submitted for analysis. Processed by our AI systems to generate scores and recommendations.
If you connect WordPress, Shopify, or a custom API, credentials are stored encrypted and used solely to publish on your behalf. Never shared with third parties.
Basic first-party analytics (pages visited, features used). Server logs (IP, browser, timestamps) retained 30 days. No third-party tracking pixels or ad networks.
We Do
We Never
| Service | Purpose | Data Shared |
|---|---|---|
| OpenAI (GPT-4o) | AI analysis | Queries & content (not used to train models) |
| Supabase | Auth & database | Email, hashed password, OAuth tokens |
| Vercel | Hosting & CDN | Request headers, IP (routing only) |
| AI Platforms | Visibility monitoring | Brand name & industry keywords only |
Encryption in transit
TLS 1.3
Encryption at rest
AES-256
API key storage
Application-level encryption
Rate limiting
Per-user on all endpoints
Security headers
X-Frame-Options, CSP, HSTS
Input validation
Zod schemas server-side
SSRF protection
Public IPs only
OAuth security
Open redirect prevention
| Data Type | Retention |
|---|---|
| Account data | While active; deleted within 30 days of account deletion |
| Analysis data | While project exists; deleted with project |
| AI visibility scans | 12 months for trend tracking; older data purged |
| Server logs | 30 days, then permanently deleted |
| CMS credentials | Deleted immediately when connection removed |
Access
Request a copy of all personal data
Correction
Update inaccurate information
Deletion
Delete your account and all data
Portability
Export in CSV, PDF, or JSON
Opt-out
Unsubscribe from non-essential emails
Restriction
Stop processing while investigating a complaint
GDPR (EU/EEA)
Legal basis: contract performance, legitimate interest (security), and consent (marketing). You may lodge a complaint with your local supervisory authority.
CCPA (California)
Right to know, request deletion, and opt out of data sales. We do not sell personal information.
99.9% uptime target. Scheduled maintenance with advance notice. AI monitoring depends on third-party API availability.
Free tier with limits. Paid plans billed monthly or annually. Cancel anytime — access continues through billing period. Refunds within 14 days.
You retain full ownership of all content you create, upload, or generate through Auragap. We claim no rights to your content. The Auragap platform, branding, and proprietary analysis methods are owned by Auragap Inc.
We respond to all data-related requests within 30 days. This policy may be updated with 30 days notice via email.
Auragap is not intended for anyone under 16. We do not knowingly collect children's data.