Skip to main content
AurionAIAurionAI

Privacy Policy

Last updated: March 24, 2026

1. Data Controller

AurionAI is operated by AurionAI, a company registered in Belgium. For privacy inquiries, contact us at privacy@aurionai.net.

2. Data We Collect

2.1 Website Visitors

  • Contact forms: Name, email address, company name, job title, and message content when you submit a demo request or contact form.
  • Analytics: Anonymized usage data (page views, referrer, device type) via Vercel Analytics. No cookies are used for tracking.

2.2 AurionAI Service Users (Tenants)

  • Account data: Organization name, admin email, billing information.
  • Voice data: Call recordings, transcripts, and caller authentication attempts (name and badge ID hash).
  • Support data: Ticket information, knowledge base searches, conversation threads, and asset queries processed during voice calls or helpdesk interactions. This data transits through AurionAI but is stored in your ITSM or customer service platform.
  • Usage data: Call duration, resolution metrics, and conversation analytics.
  • Mobile app data: Device push notification tokens (for delivery only, not tracking). Cached ticket data (cleared on logout). Authentication tokens stored in device secure storage.

3. How We Use Your Data

  • To provide and operate the AurionAI support automation platform.
  • To authenticate callers using voice-based 2-factor verification.
  • To respond to your inquiries and demo requests.
  • To generate usage analytics for your admin dashboard.
  • To improve service quality and performance.

We do not use your voice data to train AI models. We do not sell or share personal data with third parties for marketing purposes.

3.1 AI and Third-Party Language Model Processing

AurionAI does not operate its own AI models. We use third-party AI services to process your support interactions. When you interact with AurionAI — via voice call, chat, or the mobile app — conversation transcripts, ticket context, and knowledge base queries may be sent to these providers for processing. AI-generated responses are returned to you in real time.

We use the following AI service providers:

  • Anthropic (Claude): Primary language model for conversational reasoning and support automation. Anthropic's API terms prohibit using API inputs and outputs for model training. Data is processed in the US and is not retained after processing.
  • OpenAI (GPT and Whisper): Used for speech-to-text transcription (Whisper) and as a failover language model (GPT). OpenAI's API data usage policy states that data submitted via the API is not used to train or improve their models.
  • Google (Gemini): Available as an alternative language model for conversational reasoning. Google's Gemini API terms state that data sent through paid API requests is not used to train or improve Google's models.

None of these providers use your data — including voice recordings, transcripts, ticket information, or conversation content — to train, fine-tune, or improve their AI models. Your data is processed solely to generate responses for your support interactions and is not retained by these providers beyond the duration of the processing request.

4. Legal Basis (GDPR Art. 6)

  • Contract performance: Processing necessary to deliver the AurionAI service you subscribed to.
  • Legitimate interest: Analytics and service improvement, balanced against your privacy rights.
  • Consent: Marketing communications (opt-in only).

5. Data Storage and Security

  • Location: All data is stored in the European Union, specifically AWS eu-west-3 (Paris, France).
  • Encryption: Data at rest is encrypted with AES-256. Data in transit uses TLS 1.3.
  • Call recordings: Stored in encrypted S3 buckets with configurable retention periods. You control retention settings in your admin dashboard.
  • Caller authentication: Badge IDs are stored as bcrypt hashes (cost factor 12). Raw badge IDs are never stored or logged.
  • Tenant isolation: Each tenant's data is isolated using PostgreSQL Row-Level Security and dedicated Kubernetes pods.

6. Data Retention

  • Website inquiries: Retained for 12 months, then deleted.
  • Call recordings: Configurable by you (default: 90 days). You can adjust or disable recording in your admin dashboard.
  • Transcripts and analytics: Retained for the duration of your subscription plus 30 days.
  • Account data: Retained for the duration of your subscription plus 90 days for billing reconciliation.

7. Your Rights (GDPR)

Under the General Data Protection Regulation, you have the right to:

  • Access your personal data.
  • Rectify inaccurate data.
  • Erase your data ("right to be forgotten").
  • Restrict processing.
  • Data portability — receive your data in a structured format.
  • Object to processing based on legitimate interest.
  • Withdraw consent at any time.

To exercise these rights, contact privacy@aurionai.net. We respond within 30 days.

8. Sub-Processors

We use the following sub-processors to deliver the AurionAI service:

Sub-ProcessorPurposeLocation
Amazon Web Services (AWS)Infrastructure hosting (EKS, RDS, S3)Paris, France (eu-west-3)
TwilioSIP trunking for phone callsEU region
LiveKitReal-time voice communicationEU-hosted
OpenAISpeech-to-text (Whisper) and LLM reasoning (GPT)US (API only — not used for training)
AnthropicLLM conversational reasoning (Claude)US (API only — not used for training)
GoogleLLM reasoning (Gemini)Global (API only — not used for training)
CartesiaText-to-speech synthesisUS (data not stored)
StripePayment processingEU
VercelWebsite hosting (marketing site only)Global CDN
Apple (APNs)Push notifications (iOS)Global
Google (FCM)Push notifications (Android)Global
ExpoPush notification routingUS
SendGrid (Twilio)Transactional email deliveryUS

9. Cookies

The AurionAI marketing website uses no tracking cookies. We use Vercel Analytics, which collects anonymized, cookieless analytics data. No consent banner is required.

The AurionAI admin dashboard uses essential session cookies for authentication. These are strictly necessary and do not require consent under GDPR.

10. Changes to This Policy

We may update this policy to reflect changes in our practices or legal requirements. Material changes will be communicated via email to registered users. The "last updated" date at the top indicates the most recent revision.

11. Contact

For privacy-related questions or to exercise your data rights:

  • Email: privacy@aurionai.net
  • Address: AurionAI, Rue De La Blanche Maison 8, 1440 Braine-le-Château, Belgium

You also have the right to lodge a complaint with the Belgian Data Protection Authority (Autorité de protection des données / Gegevensbeschermingsautoriteit).