Privacy Policy
Last updated: February 9, 2026
Auxiora LLC ("we," "our," "us") builds security-first AI tools. This Privacy Policy explains how we collect, use, and protect information when you use our cloud service at auxiora.ai or self-host the open-source software.
1. Our Architecture — Why It Matters
Auxiora is designed around client-side encryption. Your credentials, API keys, and sensitive data are encrypted on your device using AES-256-GCM with keys derived via Argon2id (64 MB memory cost). The cloud service operates on a zero-knowledge model — we cannot decrypt your vault contents even if compelled.
2. What We Collect
2.1 Cloud Service (auxiora.ai)
- Account information: email address and display name used to create your account.
- Encrypted vault data: stored as opaque ciphertext. We cannot read it.
- Usage analytics: anonymized, aggregate telemetry (page views, feature usage) collected via privacy-respecting tools (Plausible/PostHog style). No personal identifiers, no fingerprinting, no cross-site tracking.
- Server logs: IP addresses and request metadata retained for up to 30 days for abuse prevention, then deleted.
2.2 Self-Hosted
The self-hosted version collects nothing. There are no analytics, telemetry beacons, or phone-home mechanisms. Your instance, your data, your rules.
3. How We Use Information
- Providing and maintaining the cloud service.
- Sending transactional emails (password resets, security alerts).
- Improving the product based on anonymized, aggregate usage patterns.
- Complying with legal obligations.
We never sell, rent, or share personal data with third parties for advertising or marketing purposes.
4. Data Retention
- Account data: retained while your account is active. Deleted within 30 days of account closure.
- Encrypted vault data: deleted when you delete your account or individual vault entries.
- Server logs: automatically purged after 30 days.
- Analytics: retained in anonymized, aggregate form only. No individual records.
5. Third-Party Services
The cloud service may use the following categories of third-party providers:
- Infrastructure: hosting and CDN providers for serving the application.
- Payment processing: for subscription billing. We never store or see your full payment card details.
- Email delivery: for transactional emails only.
6. Your Rights
Regardless of where you reside, we honor the following rights:
- Access: request a copy of the data we hold about you.
- Correction: update inaccurate account information.
- Deletion: delete your account and all associated data.
- Portability: export your data in a standard format.
- Objection: opt out of analytics at any time.
For GDPR (EU/EEA) and CCPA (California) requests, contact us at security@auxiora.ai. We respond within 30 days.
7. Children's Privacy
Auxiora is not directed at children under 13. We do not knowingly collect personal information from children. If we learn we have, we will delete it promptly.
8. Changes to This Policy
We may update this policy from time to time. Material changes will be announced via email (for cloud users) and posted here. Continued use after changes constitutes acceptance.
9. Contact
Auxiora LLC
Email: security@auxiora.ai