Privacy Policy

Last Updated:

Última Actualización:

Dernière mise à jour:

October 3, 2024

—

—

Insurance for Executive Ultimate Plan $5 Million Insurance Policy Terms and Conditions

Aura Sub, LLC and its affiliates (collectively referred to as “Aura”, “We”, or “Us”) is a leading provider of digital security products for consumers. This General Privacy Policy describes how we collect and process personal data provided to Aura in connection with your use of our products, services, apps, and websites (including when you are a prospective customer, customer, or former customer (“Customer”)) that link to this policy (collectively as our “Services”). The term “personal data” refers to information that is related to an identified or identifiable natural person (aka ‘personal information’ or ‘personally identifiable information’).

Product Privacy Notices. This policy describes Aura’s general approach to ensuring privacy considerations across all our services. Some of the features within the Aura’ Services, however, require Aura to collect and process different personal data from what is described in this policy. The following links provide further information on product-specific features:

1. What Information Do We Collect About You?

This section describes the various categories and types of personal data we collect from and about you when you use our website, apps, and when you interact with us in relation to our Services. The personal data we may collect may differ depending on which product you use. Please see our Products Privacy Notices for more information. The information we collect includes:

1.1 Personal data you provide to us

We and our service providers may collect personal data about you to provide our services, respond to your requests, and manage your account with us. We collect this information via forms on our websites and apps, when you contact us or register an account, and in our communications with you. Where service components go beyond the base service, we provide you with clear choices to decide if you want these additional functions.

1. Account information. We collect data when you create or update your account. This may include your name, username, email address, phone number, password, your government ID numbers (when you use our Identity Protection Products) and certain other information from you, including if applicable, your account and login information with our affiliate Circle. For our identity protection products, we will also request your Social Security Number (excluding Social Insurance Numbers in Canada) and other personal data.

2. Billing and payment information. To purchase a service, we may collect certain details such as billing name, billing contact details (street addresses, email addresses), and payment instrument details.

3. Identity verification information. To verify your identity, we may collect personal data such as your full legal name, email addresses, your date of birth, social security number, home address, or phone numbers.

4. Communications and submissions. We collect data when you communicate with us (e.g. via email, phone, or chat for support or to inquire about our services), including when you fill out an online form, respond to surveys, provide feedback, post comments to our website, participate in promotions, participate in forums, websites and related information services to share your experiences or discuss technical issues, or submit information through our services.

5. Photos and Documents. You may choose to upload and provide us with images and files that are stored on your device in relation to your use of our Services.

6. Marketing and Advertising Data. We collect data on your participation in promotions, survey responses, your marketing choices, information regarding your preferences based on your use of our services, your interactions with advertising and marketing communications, and information regarding your customer profile. This may include demographic information such as age and gender.

7. Emails. If you activate our email protection services and connect your email service provider inbox to Aura, we will collect the emails in your inbox and emails that you receive on an ongoing basis. We will collect all data associated with the emails except for any files attached to your emails. This includes, but is not limited to, the sender’s email address, the content of the email, and the subject line.

8. Product-Specific Information. Some of our products, such as our Parental Controls software, may require you to provide us with third party account-specific information such as credentials to access child-specific social media accounts.

1.2 Information collected automatically when you use our services

We automatically collect personal data about your use of our services to monitor for problems and look for opportunities to make improvements. Some of this personal data is collected using cookies and similar technologies (see below for more information).

1. Usage information. We collect information about how you interact with our services, such as how often you use our services, how much bandwidth you use, and when and for how long you use our services.

2. Device information. We collect information such as device identifiers (like IP address or mobile device identifiers), browser types, device types and settings, device manufacturer and model, operating system versions, mobile, wireless, and other network information (such as internet service provider name, carrier name and signal strength), and application version numbers.

3. Diagnostic information. We may collect information about the nature of the requests that you make to our servers (such as what is being requested, information about the device and app used to make the request, timestamps, and referring URLs).

4. Location information. Unless otherwise expressly stated in product-specific materials, we do not automatically collect your precise geo-location information based on your device’s GPS or other device sensor data. However, we may collect your approximate location by calculating an imprecise latitude and longitude based on your IP address to provide you with better service (e.g. to connect you to the nearest and fastest VPN server).

1.3 Information provided to us by third parties

As part of our services, with your consent or where authorized by law, we can receive personal data about you from third parties. We take the same level of precautions and transparency of use that we provide for personal data you provide us directly.

1. Referrals. If you are invited to use an Aura service, the person who invited you may submit information about you, such as your email address or other contact information.

2. Third Party Accounts. Some services may allow you to register an account using a third-party account (such as a Google or Microsoft account), and in some cases, you may register third party accounts such as your bank accounts or social media accounts with us. If you do so, that third party may send us some information about you that they have. In the case of our Parental Controls software, we may receive information associated with account-specific social media content or messaging. You may be able to control what information they send us via your privacy settings for that third party account.

3. Threat Information. We receive information from reputable members of the security industry who provide information to help us to provide, develop, test, and improve our services (for example, lists of malicious URLs, spam blacklists, phone number blacklists, and sample malware). Some of this information may contain personal data on an incidental basis.

4. Business Customers. Organizations that use our business and enterprise products may submit personal data to facilitate account management and invite individuals to use those products. We process such personal data at the direction of such business customers.

5. Monitoring Services. For some of our products and services that we provide to you, we will collect publicly available personal data from third parties to provide the extent of disclosures to you. For example, court records, home title, auto title, and dark web scanning.

2. How Do We Use Your Personal Data?

Aura uses your information for the purposes described below. Aura employs internal risk management functions to ensure we continue to only use your personal data for the purposes we disclose to you and are taking appropriate steps to protect that personal data from exposure. Notwithstanding any other legal bases for the processing of personal data outlined in this Privacy Policy, namely Aura’s legitimate interest, we will only process personal data of residents of Canada with their consent, or where authorized by law.

1. To provide, maintain, troubleshoot, and support our services. We use your personal data for this purpose on the basis that it is required to fulfill our contractual obligations to you. Examples: using information about how much bandwidth you use and how long you use our services in order to provide the services in accordance with a plan to which you have subscribed; using threat and device information to determine whether certain items pose a potential security threat; and using usage information to troubleshoot a problem you report with our services and to ensure the proper functioning of our services.

2. For billing and payment purposes. We use your information in order to perform billing administration activities and process payments, which are required to fulfill our contractual obligations.

3. To communicate with users and prospective users. We use your personal data to communicate with you via email, SMS, push notifications or other messaging about the services or relevant updates, including by responding to your requests, and sending you information and updates about our services. We may do this in order to fulfill our contract with you, because you consented to the communication, or because we have a legitimate interest in providing you with information about our services.

4. To promote, operate or improve our services and advance our or a third party’s legitimate interests. We want to offer you the best services and user experiences we can. Where applicable, we have a legitimate interest in continually improving and optimizing our services. To do so, we use your personal data to help ensure the effective delivery of our services and communications to you as well as to our other customers and partners. Examples of when we may use your personal data for this purpose:

to notify you about changes to our terms or this Privacy Policy;
to promote and administer co-branded offers with trusted partners;
enable participation in interactive features of our services;
communicate commercial promotions or inform you about additional services or features that we think you may be interested in;
confirm sales conversions and conduct lead generation activities;
analyze certain usage, device, and diagnostic information to understand aggregated usage trends and user engagement with our services (and, for example, invest in technical infrastructure to better serve regions with increasing user demand);
use device and threat information or data to conduct spam, scam, threat, fraud and other scientific research to improve our detection capabilities;
improve our machine-learning algorithms to enhance our services;
review customer feedback to understand what we could be doing better;
use information such as who or what referred you to our services to understand how effective our advertising is;
use information to administer promotional activities such as sweepstakes, contests, offers, promotions and referral programs.

5. For measurement, research and analytics, including to develop new services. Where applicable, we have a legitimate interest in using your personal data for measurement, research and analytics, including to plan for and develop new services. For example, we may analyze certain usage information to understand how users interact with our services and make improvements; we may use customer feedback to understand what new services users may want.

6. For advertising and marketing our services, including targeted advertising, through the use of cookies. For more information on targeted advertising and cookies, please see Section 4 (Tracking Technologies & Cookies) and our Cookie Policy. Our app is not ad supported, and we do not share personal data from our app with third party advertising services.

7. Aggregated or anonymized data, for any purpose where the information is aggregated or anonymized so that no individual data is directly, or indirectly, identifiable.

8. To prevent harm or liability. We may use information for security purposes (such as to investigate security issues or to monitor and prevent fraud) and to prevent abuse. We may do this to comply with our legal obligations, to protect an individual’s vital interests, or because we have a legitimate interest in preventing harm or liability to Aura and our users. For example, we may use account, usage, and device information to determine if an entity is engaging in abusive or unauthorized activity in connection with our services.

9. For legal compliance. We internally use your information as required by applicable law, legal process, or regulation. To learn about our practices regarding sharing your information with third parties for legal compliance purposes, see Section 3.1 below. We also use your information to enforce our legal rights and resolve disputes and complaints.

REMOTE SUPPORT

If applicable for the Parental Control Services, Aura or its duly authorized support representatives, which may include its affiliate Circle (defined below), may need to access your account information in order to troubleshoot, debug, and otherwise offer support and solutions to users. Remote access may be enabled by the user via the App. If you make a support request and wish to limit the level of access for the Parental Control Services in your App or account, you must state those limitations at the time of your support request.

3. Who Do We Share Your Information With and Why?

In some situations, Aura may share your information with third parties who may collect, store, use, process and transfer the data for Aura. Aura employs oversight processes and controls to the secure sharing of personal data with only trusted parties.Neither Aura, nor any of the companies that comprise Aura, sell your personal data. Some of our uses of cookies and/or pixels, however, may be considered a “sale” under California law. Please see the U.S. Supplemental Privacy Notice for more details.

3.1. In General

We may disclose your information in the following circumstances:

1. In accordance with your instructions or consent. For example, some services may allow you to register an account using a third-party account (such as a Google or Microsoft account). If you choose to do so, we will share information with the third-party account provider.

2. To your business organization (for our business services). If a business customer is providing you with access to our services through a business account, others in that organization may be able to see and manage your basic account details and the information associated with your account (such as an administrator). For clarity, we do not share the information inside your account such as bank account information, credit scores, etc.

3. For collaborating with others. Some services may provide ways for different Aura users to interact or collaborate with each other (e.g. family plans). Your information will be shared in connection with those activities if you choose to engage in them.

4. Affiliates. We may share your name, email address, and other contact information with our subsidiaries and affiliates including Circle Media Labs, Inc. (“Circle”) to better market our collective products and services to you. We and our affiliated entities may also share information with third-party data controllers where such sharing is legally required, such as with the use of certain cookies and related tracking technologies for compliance with specific geographic laws.

5. With our partners. We may provide your personal data to partners to confirm your eligibility for joint or co-branded offers or to communicate and administer such offers (e.g. verify eligibility, assess effectiveness of joint offer, etc.). Our partners are not allowed to use any data including personal data that they receive from us for any purpose except for communicating, evaluating, improving, and administering the offer in question. This will not affect the partner’s ability to use personal data that it may already have obtained from you or other sources. If you do not wish to receive promotional emails from our partners, you can unsubscribe directly using the unsubscribe link or tool provided in the partner’s email or other communication to you.

6. Third-party service providers. With the exception of any data collected through your use of our virtual private network where our VPN Product Privacy Notice applies, we may disclose the information we collect to service providers to help us provide some aspects of our services. We work with trusted third parties and partners (including our affiliate companies such as Circle when they act as our service providers). In cases where we may share your personal data, we enter into appropriate confidentiality and data processing agreements with these third parties, review their security practices, and limit information sharing to the scope of what they are helping us with. Examples of activities that third parties help us with include:

processing customer payments
providing analytics about our services to help us understand how the services are being used
providing sales and customer support
maintaining the infrastructure required to provide our services
delivering our marketing and advertising content
Improving our artificial intelligence software

7. For security research purposes. A de-identified subset of our threat intelligence data may be shared with selected reputable members of the cybersecurity industry for the purpose of security threat research and facilitating community efforts to improve online security.

8. In connection with a business transaction. If a corporate transaction occurs, for example changes to ownership or control of all or part of our services, assets, or business, sale of a website, initial public offering, or an investment entity is conducting due diligence in connection with an acquisition or investment, then we may share personal data necessary to that corporate transaction.

9. Aggregated or de-identified data. We may aggregate and de-identify any data we collect and use and share such data so that it no longer reveals the identity of an individual user for regulatory compliance, research and analysis, our own marketing and advertising activities and other legitimate business purposes.

10. To comply with legal process and the law. If you use our VPN product, we help protect your privacy by ensuring that we do not log or record online activities that you conduct over a VPN connection in any way that can be tied back to you, meaning that we do not have any data to share with law enforcement and government agencies who make requests for information about what you were doing through a VPN connection. Subject to the foregoing, we may share your information if we are required to do so by applicable law; to comply with our legal obligations; to comply with legal process; and to respond to valid law enforcement requests relating to a criminal investigation, or alleged or suspected illegal activity that may expose Aura, you, or any of our other users to legal liability. If we share your information for these purposes, we limit the information shared to what is legally necessary, and challenge information requests that we believe are unlawful, overbroad, or otherwise invalid.

11. To enforce our rights and prevent fraud and abuse. We may share limited amounts of your information to enforce and administer our agreements with customers and users, and to respond to claims asserted against Aura. We may also share your information in order to protect against fraud and abuse against Aura, our affiliates, users and others.

4. Tracking Technologies & Cookies

For more information on Tracking Technologies and Cookies and how we use Tracking Technologies and Cookies please see our Cookie Policy.

5. Security

Securing personal data is an important aspect of protecting privacy. Aura employs a range of administrative, organizational, technical, and physical safeguards designed to help protect your data against unauthorized access, use, disclosure, loss, or modification. We endeavor to use reasonably available state-of-the-art network and information security standards, protocols and technologies, including encryption, intrusion detection and data loss prevention, and we monitor our systems to ensure that they comply with our security policies.

We implement physical, technical and organizational safeguards to protect your personal data under our control, both at rest and in transit, and should these measures fail to prevent a data breach, we will promptly take the necessary remedial measures, and we will provide notices as required by applicable law.

If you have any questions about the security of your personal data or the security of our products, or wish to report a potential security issue, please contact security@aura.com. When reporting a potential security issue, please describe the matter in as much detail as possible and include any information that might be helpful.

6. Cross-Border Data Transfers

Aura may transfer your personal data to regions other than the one in which you reside. We do this to facilitate our operations, and transferees include other Aura group companies, service providers, and partners. Laws in other countries may be different to those that apply where you reside. For example, personal data collected within Canada, Switzerland, the United Kingdom, or the European Economic Area (EEA) may be transferred and processed outside Canada, Switzerland, the United Kingdom, or the EEA for purposes described in this policy.

By submitting information to us, you consent to the communication of your personal data to, and the storage of that data, outside of your region. When such data is outside of your region of residence, it is subject to the laws of that jurisdiction, and may be subject to disclosure to governments, courts, law enforcement or regulatory agencies pursuant to local laws.

When required by applicable law, we put in place appropriate safeguards that help to ensure that such data receives an adequate level of protection. These safeguards may include implementing the European Commission’s Standard Contractual Clauses for transfers of personal data between us and our business affiliates and associates to which we choose to transfer the information that requires these companies to safeguard personal data they process from the EEA, the UK and Switzerland. You may contact us if you would like more information about such safeguards. We implement similar appropriate safeguards with our third-party service providers and further details can be provided upon request.

You are welcome to contact us to obtain further information about Aura’s policies regarding service providers outside of Canada. See Contact Us below.

If you change your region of residence, the Aura affiliate or company responsible for your data may change accordingly, and your data may be transferred to that other company.

7. Data Retention

Aura generally retains your personal data for as long as is needed to provide the services to you, as specified with any product-specific privacy notice, or for as long as you have an account with us. We may also retain personal data if required by law, or, where applicable, for our legitimate interests, such as abuse detection and prevention, and defending ourselves from legal claims. Residual copies of personal data may be stored in backup systems for a limited period as a security measure to protect against data loss.

8. Your Rights with Your Personal Data

If you live in the European Economic Area (“EEA”), you may have certain legal rights in relation to your personal data that we maintain. Subject to exceptions and limitations provided by applicable law, these may include the right to:

1. be informed of the source(s) from which we obtained your personal data;

2. access and receive a copy of your personal data that we hold;

3. request that we provide you with the categories of personal data we collect, disclose or sell about you (including the categories of sources of such information, the business or commercial purpose for collecting or selling your personal data, and the categories of third parties with whom we share your personal data, all of which we may include in this Privacy Policy);

4. update or correct your personal data if it changes or if you believe that any information that we have collected about you is inaccurate or out-of-date;

5. request information about data processing;

6. to object to or restrict our use or processing of your personal data;

7. be informed of and submit observations regarding automated decision-making;

8. unsubscribe from our email list by clicking the link at the bottom of our marketing emails;

9. unsubscribe from SMS marketing by replying with the word ‘Stop’;

10. tailoring advertising through third party cookies (refer to our list of advertising services using cookies here for company-specific choices, or visit http://optout.aboutads.info to exercise an industry-wide opt-out);

11. reject or delete cookies through your browser settings;

12. request that we delete or erase your personal data;

13. port your data to another service provider;

14. withdraw your consent in circumstances we rely upon your consent to process your personal data (please note that withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal data conducted upon other lawful processing grounds); or

15. lodge a complaint with a data protection authority.

Please note your rights and choices vary depending upon your location, and some information may be exempt from certain requests under applicable law.

You may be able to exercise some of these rights by submitting your request at https://preferences.aura.com/privacy or by using the settings and tools provided in our services. For example, you may be able to update your user account details via the relevant account settings screen of our apps. You may also be able to opt out from receiving marketing communications from us by clicking an “opt out” or “unsubscribe” link in such communications.

Specifically, the GDPR gives users residing in the EU the rights to access, correct, delete or object to the processing of your personal data. If you are a resident of any EU member country, you may also exercise these rights by submitting your request at https://preferences.aura.com/privacy. For other inquiries, including access and rectification requests, you can contact our Data Protection Officer (DPO). Aura has appointed Bird & Bird DPO Services SRL as a DPO. You can reach Bird & Bird by:

1. emailing DPO.Aura@twobirds.com; or

2. mail at the following address: Bird & Bird DPO Services SRL, Avenue Louise 235 b 1, 1050 Brussels, Belgium.

You may also submit your request at https://preferences.aura.com/privacy or by dialing 1 (844) 914-2991. As permitted by law, we may ask you to verify your identity before taking further action on your request.

9. Legal Basis for Our Processing of Your Personal Data

We may only process personal data where we have a sufficient legal basis, such as your consent or where authorized by law.


Aura Processing Activity	Legal basis under GDPR	Legal basis under Canadian Law
Placement of cookies on Our Site	Consent	Consent
Collecting, processing, and sharing your child’s personal data	Consent*	Consent*
Collection and Processing of your personal data to maintain and fulfill the Services	Contract	Consent
Processing your personal data to improve our Services	Legitimate Interest	Consent
Using your personal data to send you email communications and updates	Legitimate Interest	Consent
Processing your personal data for market research	Legitimate Interest	Consent
Processing your personal data necessary for compliance with a legal or regulatory obligation that we are subject to	Legal Obligation	Authorized By Law

‍

‍*You expressly authorize and consent to the collection, processing, and sharing of your child’s personal data by adding them to your Family Plan, setting up and by registering their devices with the Parental Control Services and/or creating their profile for the Parental Control Services with us under your account or the Family Plan.

10. Your State Privacy Rights (US Only)

Certain U.S. states may grant you enhanced privacy rights related to our processing of your personal information. Above, we have provided all of the categories of personal information that we collect, process, and disclose to service providers (or ‘processors’). We have also described the various privacy choices you have with respect to your right to know the specific pieces of personal information we process on your behalf, the capability to opt-out of various marketing communications, and the ability to modify or delete your personal information.

In addition to the rights available to all Aura users, you may also have the right to opt-out of the ‘sale’ of your personal information, or the ‘sharing’ of your personal information for targeted or cross-contextual behavioral advertising purposes. Aura does not ‘sell’ personal information as that term is commonly understood, but we enable third party advertising services to utilize pixel tags and cookies on our website or through other tracking technologies in order for Aura to advertise our products and services on other websites or mobile applications. These third party advertising services are considered to be categorized as a ‘sale’ or ‘share’ for targeted or cross-contextual behavioral advertising. You can learn more about this in our Cookie Policy. You can opt out of these ‘sale’ and ‘sharing’ activities by accessing our Your Privacy Choices page located from the footer of our website. This page also describes how we honor opt-out preference signals (aka; ‘Global Privacy Control’) which you may configure through your browser. We do not respond to what is formerly known as ‘Do Not Track’ signals.

In addition, you may have additional rights to limit the use of your ‘sensitive personal information’, which may include government-issued identifiers, precise geo-location information, or financial account information. For sensitive personal information that we collect, we will only use or disclose it either with your specific consent when required, or as otherwise permitted by law. As we do not use or disclose sensitive personal information for other purposes without your consent, we do not offer you an option to limit the use of sensitive personal information other than through the settings and controls available to you through our software and services, your third party account providers or your browser or mobile device operating system.

Finally, some states have specific rights related to the use of personal information for ‘profiling’ purposes. Aura does not use your personal information to create profiles about you that we use to inform decisions that have legal or similarly significant effects. However, some of our services such as our financial alerts or Parental Controls software may provide you with information which you may use to make your own decisions. You can control our use of this information for material alerts at any time through your account settings or controls.

You have the right to not be discriminated against. We do not discriminate against you if you exercise any rights provided to you by state law.

Some of our software and services enable parents or guardians to register or otherwise enable Aura to process the personal information associated with children under the age of 16. We do not knowingly sell or share personal information related to children under 16 years of age.

Some states may provide you with the right to appoint an authorized agent to act on your behalf.

Where acceptable by law, we may require you to verify your identity using the processes we describe in the dashboard or the privacy choices page before we fulfill your request, even if you utilize an authorized agent to complete such a request on your behalf.

Some states allow you to appeal a denial of your request to exercise the privacy rights provided by the state law. If you are a resident of Colorado, Connecticut, Oregon, Texas, or Virginia and we deny your request, you can appeal the denial of a request to exercise privacy rights by following the instructions listed in the denial communication, by submitting a request through a privacy inquiry form.

11. Technology Licensing

Aura occasionally licenses its technology to third party partners who may integrate it with applications developed and offered by those partners. Our partners, and not Aura, are responsible for those applications and for determining what data is collected by those applications and how it is processed. Please contact the relevant partner and refer to their Privacy Policy to learn more about how those applications process your personal data.

12. Age Restrictions

The administration, configuration and management of Aura accounts are not intended for and may not be used by minors. In this context, minors are individuals under the age of 18 or as defined by applicable law. Aura does not knowingly collect personal data from minors when creating or administering our accounts or allow them to be an administrator of our services except in certain cases. Minors may use certain of our services but only with the consent and administration of their parent or legal guardian.

In the case of Parental Controls (“Parental Control Services”) offered as part of the Aura subscription, our Parental Control Services are expressly designed for parents to monitor the Internet and mobile activity of their children. As a result, certain personal data related to a minor child may be accessible by the parent-administrators of the Parental Control Services, as well as Aura in our administration of the Services. For more information please see the Supplemental Parental Controls Privacy Notice.

If we discover that we have collected personal data from a minor without appropriate consents, we may delete such data without notice. For certain regions, parental consent may be required for processing the personal data of children under the age of 16. In such cases, those under the age of 16 may not use the services without the consent or authorization of their parent or legal guardian. If you believe your minor child has provided personal data without parental or guardian consent, you, as the parent or guardian may contact us by emailing us at privacy@aura.com.

13. Privacy Policy Updates

We may revise this policy from time to time and we will notify you of any changes. Review it occasionally so that you keep up-to-date on our most current practices. We will put the “Last Updated” date at the top of each policy. If you disagree with such an update to this policy, you may cancel your account. If you do not cancel your account before the date the update becomes effective, your continued use of our services will be subject to the updated Privacy Policy.

14. Contact Us

We expect this Privacy Policy to evolve over time and welcome feedback from our users about our privacy practices. If you have any questions or complaints about our privacy practices, you can contact our privacy officer at privacy@aura.com or at the following addresses, based on the product that you use:

Aura Sub LLC dba Aura
250 Northern Ave.
3rd Floor
Boston, MA 02210