Effective Date: September 24, 2025
Last Updated: September 24, 2025
We are Aura for Creators, an unregistered partnership operated by independent creators based in Glasgow, Scotland, United Kingdom. We are planning to incorporate as a limited company in 2025. For data protection purposes, Aura for Creators serves as the Data Controller for the personal information we collect and process.
This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you visit our website, use our services, or interact with us.
We are committed to protecting your privacy and ensuring the security of your personal information. This policy complies with applicable data protection laws, including the General Data Protection Regulation (GDPR) for users in the European Economic Area (EEA) and the UK, and the California Consumer Privacy Act (CCPA) / California Privacy Rights Act (CPRA) for California residents.
IMPORTANT: By using our Service, you consent to the collection and use of information in accordance with this Privacy Policy. If you do not agree with our practices, please discontinue use of our Service immediately.
Account Information: Name, email address, username, password (hashed), and profile information.
Payment Information: Billing address, and transaction details. (Sensitive financial details are processed directly by third-party payment processors like Stripe; we do not store full card numbers).
Communications: Messages, feedback, customer support inquiries, and survey responses.
Content Data: Text prompts, descriptions, and instructions you provide for AI image generation.
Generated Content: AI-generated images and associated metadata.
Marketing Preferences: Communication preferences and subscription settings.
Device Information: IP address, browser type, operating system, and device identifiers.
Usage Data: Pages visited, time spent on site, click patterns, feature usage, and referral sources.
Location Data: General geographic location inferred from your IP address.
Log Data: Server logs, error reports, and system performance data.
Social Media: Profile information when you choose to connect through social media platforms.
Payment Processors: Confirmation of successful payments and transaction data.
Analytics Providers: Aggregated usage statistics and performance metrics (e.g., from Google Analytics).
Technical Service Providers: Various essential APIs and external services that power our AI image generation and infrastructure capabilities.
• Provide, maintain, and improve our AI image generation services.
• Process your prompts and deliver requested images.
• Manage your account, verify your identity, and authenticate users.
• Process payments and manage subscriptions.
• Provide necessary customer support and respond to inquiries.
• Analyze usage patterns to improve our algorithms and features.
• Train and refine our AI models (using aggregated and anonymized Content Data only, to ensure no personal identifiers are used).
• Develop new features and services and optimize website performance.
• Send essential service-related notifications, updates, and security alerts.
• Deliver marketing communications (only with your explicit consent).
• Respond to customer support requests.
• Comply with legal obligations, court orders, and regulations.
• Protect against fraud, abuse, security threats, and unauthorized access.
• Enforce our Terms of Service and policies.
• Maintain business and financial records as required by law.
For users in the European Economic Area (EEA) and UK, we process your personal data based on the following legal grounds:
1. Contract Performance: Processing is necessary to provide the services you have requested and fulfill our agreement with you (e.g., account management, generating images, processing payments).
2. Legitimate Interests: Processing is necessary for our legitimate interests and those of our users, provided these are not overridden by your fundamental rights (e.g., improving our products, ensuring security, detecting fraud).
3. Legal Compliance: Processing is necessary to comply with a legal obligation (e.g., tax reporting, responding to lawful requests from authorities).
4. Consent: We rely on your consent for certain processing activities, such as sending marketing communications. (You may withdraw consent at any time, as detailed in Section 8).
We share information with trusted third-party service providers who act as data processors to assist us in operating our business. These providers are only given access to the personal information necessary to perform their services and are contractually required to maintain its confidentiality and security.
• Payment processing (Stripe, PayPal)
• Cloud hosting and data storage (AWS, Google Cloud)
• Analytics and monitoring (Google Analytics)
• Email services (GMass)
• Technical Processing Services: Services that provide specific computational and AI features required for image generation.
In the event of a merger, acquisition, or sale of all or a portion of our assets, your information may be transferred to the acquiring entity. We will ensure the new entity adheres to privacy practices consistent with this Policy.
We may disclose your information if required to do so by law, court order, or if we believe in good faith that such action is necessary to: comply with a legal obligation, protect and defend the rights or property of Aura for Creators, prevent fraud, or ensure user safety.
We do not sell your personal information to third parties, nor do we share it for cross-context behavioral advertising.
We implement and maintain reasonable administrative, technical, and physical safeguards designed to protect your personal information from accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. These measures include:
Encryption: Using SSL/TLS encryption for all data transmission and industry-standard encryption protocols for data stored at rest.
Access Controls: Restricting access to personal data to only those employees and contractors who require it to perform their job functions, enforced through role-based access and multi-factor authentication (MFA).
Monitoring: Continuous system monitoring, vulnerability scanning, and regular security audits.
Payment Data: All payment processing is handled by third-party payment gateways (e.g., Stripe) that are compliant with the Payment Card Industry Data Security Standard (PCI DSS). We do not store or process full payment card details ourselves.
We retain personal information only for as long as is strictly necessary to fulfill the purpose(s) for which it was collected, including satisfying any legal, accounting, or reporting requirements. Our retention periods are as follows:
Financial/Payment Records: Retained for up to seven (7) years to comply with tax and financial reporting obligations.
User Account Data & Generated Content: Retained for the duration your account is active. If your account is closed, we will retain necessary data for a limited period (90 days) for account recovery, after which it is deleted or anonymized.
Inactive Accounts: Accounts showing no login or usage activity for a continuous period of two (2) years may be classified as inactive and subject to permanent deletion.
Security/Server Logs: Retained for a maximum of 18 months for security incident investigation, fraud detection, and system maintenance.
Customer Support Records: Retained for a maximum of three (3) years after the resolution of a specific issue to defend against potential legal claims.
You have the following rights regarding your personal information. To exercise any of these rights, please contact us at support@auraforcreators.com.
| Right (GDPR) | Global & CCPA/CPRA Equivalent | Description |
|---|---|---|
| Right to Access | Right to Know | The right to request copies of the personal data we hold about you. |
| Right to Rectification | Right to Correct | The right to request that we correct any inaccurate or incomplete personal information we hold. |
| Right to Erasure | Right to Delete | The right to request the deletion of your personal information, subject to certain exceptions. |
| Right to Restrict Processing | N/A | The right to request that we limit the processing of your personal data. |
| Right to Object | Right to Opt-Out of Sale/Sharing | The right to object to processing based on legitimate interests (e.g., direct marketing) or for cross-context behavioral sharing. |
| Right to Data Portability | N/A | The right to request that we transfer your collected data to another organization or directly to you. |
| Right to Withdraw Consent | N/A | The right to withdraw consent at any time where processing relies on consent. |
| N/A | Right to Non-Discrimination | The right not to receive discriminatory treatment for exercising your privacy rights. |
We will respond to all legitimate requests without undue delay and within the legally required timeframes (e.g., 30 days for GDPR, 45 days for CCPA).
We use cookies and similar tracking technologies to track activity on our Service and hold certain information. You have control over these, as detailed in our separate Cookie Policy below.
Aura for Creators is based in the United States. Your personal information will be transferred to and processed in the United States and other locations where our service providers operate.
For users residing in the EEA or the UK, this means your personal data will be transferred outside your jurisdiction. We ensure that any transfer of personal data outside of the EEA/UK is done in accordance with applicable data protection laws:
Standard Contractual Clauses (SCCs): We implement the European Commission's Standard Contractual Clauses (SCCs) with our service providers to lawfully transfer personal data outside of the EEA/UK where required.
Consent: By using the Service, you consent to the transfer of your personal information to the U.S. and other jurisdictions necessary for the Service's operation.
Our Service is strictly limited to individuals who are 16 years of age or older. We do not knowingly collect personal information from anyone under the age of 16. If you are a parent or guardian and you are aware that your child has provided us with personal data, please contact us. If we become aware that we have collected personal data from a child under 16, we will take immediate steps to remove that information from our servers.
We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date at the top. For material changes, we will provide you with prominent notice (e.g., via email or a notification on the Service) prior to the change becoming effective.
Business Name: Aura for Creators
Legal Structure: Unregistered Partnership (incorporating as Limited Company in 2025)
Business Location: Glasgow, Scotland, United Kingdom
Registered Address: Available upon request - contact us using the details below
Email: support@auraforcreators.com
Phone: 07762 559283
Response Time: We aim to respond to all privacy-related requests within 30 days
DPO Status: As we process personal data for more than 250 individuals regularly, we are required to appoint a Data Protection Officer under GDPR Article 37.
Current Status: DPO appointment in progress. During this interim period, please direct all DPO-related inquiries to support@auraforcreators.com with "DPO Inquiry" in the subject line.
DPO Responsibilities: Once appointed, our DPO will monitor GDPR compliance, conduct data protection impact assessments, serve as point of contact for supervisory authorities, and provide data protection advice.
Data Controller: Aura for Creators (unregistered partnership)
Legal Basis: As detailed in Section 4
Supervisory Authority: Information Commissioner's Office (ICO) - United Kingdom
EU Representative: Not required as we are based in the UK with adequacy decision coverage
Business Category: Technology/AI Services
Commercial Purpose: Providing AI image generation services
Data Sales/Sharing: We do not sell or share personal information for cross-context behavioral advertising
Designated Request Address: support@auraforcreators.com
GDPR Compliance: In the event of a personal data breach, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach, where feasible.
User Notification: If the breach is likely to result in a high risk to your rights and freedoms, we will notify affected users without undue delay.
Breach Response: We maintain incident response procedures to contain breaches, assess impact, and implement corrective measures.
For all privacy-related inquiries, data subject requests, or general questions about this Privacy Policy:
Email: support@auraforcreators.com
Phone: 07762 559283
Business Location: Glasgow, Scotland, United Kingdom
Postal Address: Available upon request
Response Time: We aim to respond to all privacy-related requests within 30 days (GDPR requirement)
This list includes services we utilize to provide our core product, all of which maintain their own privacy policies:
Payment Processing: Stripe (https://stripe.com/privacy) | Website Analytics: Google Analytics (https://policies.google.com/privacy) | Database & Hosting: Supabase (https://supabase.com/privacy) / Netlify (https://www.netlify.com/privacy/) | Image Hosting: ImgBB (https://imgbb.com/privacy) | AI Image Generation API: Higgsfield (https://higgsfield.ai/privacy-policy)
We obtain and record your consent through the following mechanisms:
• Account Registration: Consent checkboxes during signup process
• Cookie Consent: Cookie consent banners on first website visit
• Service Usage: Implicit consent through continued use of our Service
• Marketing Communications: Explicit opt-in for promotional emails
We maintain timestamped records of consent including:
• Date and time of consent
• Specific consents granted (e.g., data processing, marketing)
• Method of consent (e.g., checkbox, continued use)
• IP address and user agent information
• Version of privacy policy consented to
You can withdraw your consent at any time through the following methods:
• Account Settings: Manage consent preferences in your user account
• Email Unsubscribe: Use unsubscribe links in marketing emails
• Direct Contact: Email us at support@auraforcreators.com
• Account Deletion: Request complete account and data deletion
Note: Withdrawing consent may limit your ability to use certain features of our Service.
Effective Date: September 24, 2025
Last Updated: September 24, 2025
This Cookie Policy provides details about how we use cookies and similar tracking technologies on the Aura for Creators Service.
Cookies are small text files placed on your computer or mobile device by a website. They are used to make websites work efficiently, enhance user experience, and provide us with operational and analytical information.
We use cookies to:
• Operate the Service reliably (Essential Cookies).
• Monitor and analyze Service performance (Analytics Cookies).
• Store user preferences and settings (Functional Cookies).
• Deliver relevant advertising (Marketing Cookies - only with explicit consent).
| Category | Purpose | Data Collected | Retention |
|---|---|---|---|
| Essential / Strictly Necessary | Required for the core operation of the Service, enabling security, user login, and maintaining session state. | Session tokens, security settings. | Session to 1 year |
| Analytics / Performance | Measures traffic, usage patterns, and popular features to help us understand and improve the Service. (Third-party: Google Analytics) | Anonymized IP addresses, pages visited, time on site. | Up to 2 years |
| Functional / Preferences | Remembers user choices (e.g., language, currency) to provide a more personalized experience. | User preferences, login status. | Up to 1 year |
| Marketing / Targeting | Used by us and third parties to create interest profiles and show relevant ads on other websites. (Third-party: Social Media, Ad Networks) | Browsing history, derived interests. | Up to 1 year |
When you use our Service, you may encounter cookies from third-party services, such as:
• Analytics Providers: Google Analytics.
• Payment Processors: Stripe (essential for the payment flow).
• Social Media Platforms: If you use integrated social sharing buttons, those platforms (e.g., X, Facebook) may set cookies to track your interaction.
Note on Technical APIs: We do not believe that the Higgsfield API or other technical processing APIs set client-side cookies for tracking purposes, as they are primarily server-side integrations.
You have the ability to control and manage cookies.
Cookie Consent Banner: Upon your first visit, you will be presented with a banner allowing you to accept or reject non-essential cookies.
Browser Settings: You can adjust your browser settings to refuse some or all cookies. Consult your browser's help section for instructions.
Opt-Out Tools: You can utilize industry-standard opt-out tools for network advertisers.
Be aware that disabling Essential Cookies may impair the functionality of the Service.
If you have any questions about this Cookie Policy, you can contact us at: support@auraforcreators.com