Aurea Logo
TermsPrivacy

Privacy Policy – AUREA PLATFORM LLC

This Privacy Policy governs the processing of personal data carried out by AUREA-PLATFORM LLC (hereinafter, “AUREA”), in connection with the use of its digital platforms, including the website, mobile application, and other digital environments managed by AUREA, as well as digital interaction activities (social media, promotional campaigns, events, sweepstakes, contact forms, etc.).

This policy applies to the various types of users who register with or interact with AUREA, specifically:

  • Creators: natural persons (such as artists, designers, artisans) or legal entities (such as brands or organizations) who use AUREA’s technology to authenticate physical assets through digital certificates linked to encrypted NFC tags.
  • Verifiers: professionals or entities validated by AUREA to assess the authenticity of physical assets and confirm the information included in the certificates.
  • Viewers: users who access the platform to consult and publicly verify issued digital certificates.

This Policy applies in accordance with applicable data protection legislation, including, where relevant, the European Union’s General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and any other applicable law based on the user's jurisdiction.

Who is Responsible for Processing Your Data?

AUREA-PLATFORM LLC, with registered address at 30 N Gould St, Ste N, Sheridan, WY 82801, United States of America, is the data controller for the personal data of Users (Creators, Verifiers, and Viewers) collected through its digital platforms, including the website, mobile application, and related technology services.

AUREA ensures the confidentiality, integrity, and security of personal data processing, in compliance with the GDPR and any other applicable data protection regulations in the user’s jurisdiction.

For any questions related to the protection of your personal data or to exercise your rights, users may contact AUREA’s privacy officer at:

📩 legal@aurea-solution.com
(If a Data Protection Officer –DPO– is appointed, this information will be updated accordingly.)

For What Purpose Do We Process Your Personal Data?

At AUREA, we process users’ personal data - whether they are Creators, Verifiers, or Viewers - in accordance with their relationship to the service, for the following purposes:

a) User Management and Service Delivery

  • To manage user registration and identity authentication.
  • To enable access to and use of the AUREA App and its functionalities, including the creation, verification, and viewing of digital certificates in the form of NFTs.
  • To manage wallet linking and authorization, identity verification processes (KYC/AML), and the issuance of digital certificates tied to physical assets.

b) Communications and Support

  • To send technical, operational, and legal notices (e.g., billing, changes to Terms and Conditions, app updates, or incident reports).
  • To handle user inquiries, support requests, or complaints through the available communication channels.

c) Regulatory Compliance

  • To comply with applicable legal obligations, particularly in tax, accounting, anti-money laundering, and counter-terrorist financing regulations.
  • To maintain records required by audits, regulators, or competent authorities.

d) Service Improvement and Security

  • To analyze app usage (in aggregate or anonymized form) for performance optimization and user experience enhancement.
  • To implement security measures, detect fraud, and prevent misuse or unauthorized access to the platform.

e) Marketing and Promotional Activities (subject to consent)

  • To send promotional communications about products, features, or services offered by AUREA.
  • To invite users to participate in surveys, sweepstakes, promotional campaigns, referral programs, events, or other commercial initiatives.

f) Additional Specific Processing

  • To manage participation in promotions, contests, or events in accordance with their specific legal terms.
  • To use anonymized behavioral and statistical information for operational improvement, strategic analysis, or market research purposes.

How long will we retain your data?

AUREA-PLATFORM LLC will retain Users' personal data only for as long as necessary to fulfil the purposes for which it was collected and while there is a valid legal basis for doing so. The different scenarios are outlined below:

a) Registered users of the AUREA platform (Creators, Verifiers, and Viewers)

Personal data will be retained for the duration of the relationship with AUREA, from the moment of registration or service engagement until the user voluntarily deregisters or all contractual obligations are fulfilled. Once the relationship has ended:

  • The data will be retained for a minimum of 3 years or until the fiscal year is closed and any related audits are completed, in order to comply with legal, tax, or regulatory obligations.
  • If there are any claims, investigations, litigation, or administrative/judicial proceedings, the data will be blocked for a maximum of 5 years, or as otherwise required by applicable law.

b) Commercial communications

With the User's express consent, AUREA may process personal data for commercial purposes for up to 2 years from the end of the contractual relationship or from the last relevant interaction.

For processing based on legitimate interest, data will be retained as long as the right to object or unsubscribe has not been exercised.

c) Participation in raffles, promotions, or events

Data will be processed only for the time strictly necessary to manage participation, prize delivery, or related actions. Once this management is completed:

  • The data will be blocked for up to 5 years to address potential legal or regulatory liabilities.

d) Potential clients and lead generation campaigns

If the data was obtained directly from the data subject, it will be retained for a maximum of 2 years for marketing or commercial outreach purposes.

If the data was sourced from public databases or third parties, it will be retained according to the timeframe indicated by the data provider (usually 1 year), and subsequently blocked for 3 years, in accordance with Article 72.1 of the Spanish LOPDGDD.

e) Final deletion

Once the above retention periods have expired, personal data will be permanently deleted using secure destruction techniques or irreversible anonymisation, ensuring it cannot be restored or reidentified.