Privacy Policy
Disclaimer: This document is provided in multiple languages for convenience only. In the event of any conflict of interpretation or legal dispute, the English version shall strictly prevail and be legally binding.
**Last Updated: March 2026**
This Privacy Policy explains how Aura Global collects, uses, stores, shares, and protects personal information from users of the Aura Global platform. This policy complies with the Mexican LFPDPPP, the General Data Protection Regulation (GDPR), and the California Consumer Privacy Act (CCPA).
1. Information We Collect
**1.1. Information You Provide Directly:** Account registration details (name, email, password), KYC Verification artifacts (government-issued IDs, biometric validation, tax numbers), portfolio and service information, and direct payment routing information via secure Stripe modules.
**1.2. Information Collected Automatically:** Usage data (pages visited, UI interactions), IP address location routing, Dual-Scan GPS telemetry strictly bound to the execution windows of events, and essential authentication cookies.
**1.3. Third-Party Integrations:** Verification risk scoring from Stripe Identity, background check confirmations (where legally required), and federated social media public profiles if manually linked.
2. How We Use Your Information
**2.1. Primary Purposes:** Facilitating the core operations matching Clients with Vendors, orchestrating the Escrow transaction logic securely, identity fraud prevention natively integrated with Stripe Radar, and dispute resolution evidence review based on the 48-Hour framework.
**2.2. Legal and Compliance:** Providing transaction logs for regulatory compliance, mitigating money laundering or terrorist financing risks, and responding to lawful subpoenas governed by the judicature of Mexico or international treaties.
**2.3. Communications:** Sending unskippable transactional notifications (booking confirmations, Dual-Scan receipts), and opt-in promotional roadmap updates.
3. Information Sharing and Disclosure
**3.1. Sharing Between Users:** Public profile information is visible organically. Post-booking, direct parties gain access strictly to the information necessary to fulfill securely the service (names, locations, contracted guidelines).
**3.2. Service Processors:** Your data is shared under strict data localization structures with AWS/Google Cloud for encrypted server hosting, and Stripe for tokenized payment logic. Aura Global never visualizes or stores your raw Credit Card numbers.
**3.3. Legal Disclosures:** Data may be securely disclosed if mandated by authoritative bodies encompassing taxation entities or actionable legal judgments.
4. Data Retention
**4.1. Active Lifecycle:** Data is retained whilst the account is active. Following a voluntary account closure request, the public profile is immediately purged.
**4.2. Statutory Hold Period:** To conform to global financial litigation rules, transactional metadata, Escrow ledgers, and dispute artifacts are strictly retained in cold-storage for a period of up to seven (7) years strictly for anti-fraud auditing purposes.
5. Data Security
**5.1. Encryption architecture:** End-to-end encryption for incoming data payloads via TLS 1.3. At rest, crucial artifacts are vaulted under AES-256 standards with strict Role-Based Access Controls for minimal privileged engineer interventions.
**5.2. Breach Disclosures:** In the exceptionally minimal probability of a breach, impacted users will be fully notified within a 72-hour window in tandem with respective data privacy authorities.
6. Your Rights and Choices
**6.1. Extensible Rights:** Dependent on your residential legal framework, you maintain the robust right to Access, Data Portability, ARCO (Rectification, Cancellation, Opposition) rights, and the GDPR Right to be Forgotten subject strictly to the limitations of overriding financial audit laws.
**6.2. Actioning Requests:** Every structural request oriented at limiting your data profile footprint strictly requires identity confirmation processing to inhibit malicious account-takeover scenarios.
7. International Data Transfers
**7.1. Cloud Distribution:** As Aura Global runs logically on international cloud availability zones, technical processing maneuvers data between the legal entity in Mexico, cloud databases situated in the United States, and caching networks in the EU. Adherence leverages automated standard contractual clauses.
8. Childrens Privacy
**8.1. Minor Restriction:** The Aura Global Escrow platform prohibits usage mathematically for minors structurally under 18 years of age. Should parental notice indicate circumvention of this policy, data is surgically excised and the account systematically deleted within 30 days.
9. Regulatory Distinctions (CCPA & GDPR)
**9.1. California Residents:** Aura Global explicitly DOES NOT sell personal data profiles to arbitrary intelligence brokers. You own a Right to Know precisely what categorical properties are utilized.
**9.2. EU Residents:** Processes operate under Contractual necessity and Legitimate interests. Disputes can be escalated to regional Data Protection Authorities directly if internal compliance avenues exhaust.
10. Contact Information
**10.1. Data Controller:** Luis Gerardo Casillas Ramírez (Aura Global).
**10.2. Digital Channels:** For general and formal ARCO/GDPR requests or systemic privacy audits, please dispatch authorized communications fundamentally to: **legal@auraglobal.vip**.
