Privacy Policy

This Privacy Policy describes how Aurgus, Inc. ("Aurgus," "we," "us") collects, uses, stores, and discloses information when you use the Aurgus platform, visit our website (aurgus.com), or interact with our services (collectively, the "Service").

1. Information we collect

Customer Data. Data you or your authorized users upload to the Service — including POS transaction data, rebate agreement terms, master data, and configuration. We process Customer Data only as needed to provide the Service.

Account information. Email addresses, name, role, organization name, and authentication artifacts (magic-link tokens, session cookies).

Usage data. Logs of platform actions taken by authorized users for security, debugging, and Service-improvement purposes. Aggregated and not used for cross-customer benchmarking.

Website analytics. Aurgus.com uses minimal first-party analytics (no third-party tracking, no advertising pixels, no third-party cookies for marketing purposes). We may use privacy-respecting analytics tools to understand aggregate site usage.

Communications. Email content you send to Aurgus (e.g., [email protected] inquiries) is retained for relationship management and is treated as confidential.

2. How we use information

• To provide and operate the Service
• To authenticate and authorize access
• To respond to inquiries and provide customer support
• To monitor and improve Service reliability and security
• To comply with legal obligations

3. What we never do with Customer Data

• Never train AI models on Customer Data — not foundation models, not domain models, not classifiers, not embeddings
• Never resell anonymized aggregates derived from Customer Data
• Never build benchmarking products downstream of Customer Data
• Never share Customer Data with third parties for marketing or commercial purposes
• Never use Customer Data to compete with you or your business interests

4. Data isolation and security

Per-tenant database isolation is the standard architecture. Each customer's Customer Data is stored in a tenant-isolated database; cross-tenant queries are not possible by application design.

Enterprise tier adds per-tenant data planes with customer-managed encryption keys (BYOK). Customers can revoke encryption keys at any time, rendering their data inaccessible.

Transport security: all data in transit is encrypted via TLS 1.2+. Data at rest is encrypted using industry-standard algorithms.

Access control: only authorized Aurgus engineers with legitimate operational need access production data. All access is logged and audited.

5. Data retention and deletion

We retain Customer Data while you maintain an active engagement. Upon termination, you have 90 days to export your data. After the 90-day window, Customer Data is deleted using industry-standard secure-deletion procedures.

Account information is retained for the duration of the relationship plus a reasonable post-termination period as required by law (typically up to 7 years for financial records).

6. Third-party services

Aurgus uses limited third-party infrastructure providers to operate the Service:

• Cloud hosting: Fly.io (primary), with select region partners for geographic compliance
• Authentication: First-party magic-link authentication; no third-party SSO required at the self-serve tier
• AI inference: Anthropic Claude API for the Aurgus Intelligence agent. Customer Data sent to Anthropic is governed by Anthropic's data processing agreements; Anthropic does not retain or train on Aurgus customer data per their enterprise terms
• Email delivery: Industry-standard transactional email provider for system-generated messages

All third-party providers are bound by contractual obligations to handle data in accordance with this Privacy Policy.

7. Your rights

Depending on your jurisdiction, you may have the right to:

• Access your personal information
• Correct inaccurate information
• Request deletion of your information
• Object to or restrict processing
• Request data portability (export)
• Withdraw consent where consent is the legal basis for processing

To exercise these rights, contact [email protected].

8. International transfers

The Service is operated primarily in the United States. If you access the Service from outside the US, your information will be transferred to and processed in the US. We apply equivalent protection standards regardless of where data is processed.

9. Children

The Service is not directed to individuals under 18. We do not knowingly collect information from children. If you believe we have collected such information, contact us and we will delete it.

10. Changes to this Policy

Material changes to this Policy will be communicated via email to your account contact and posted at /privacy with an updated "Last updated" date. Continued use after notice constitutes acceptance.

11. Contact

Questions about this Privacy Policy, your data, or your rights: [email protected]