Privacy Policy
Last updated: 2026
1. Who we are
Auroa LLC, a Wyoming limited liability company at 1305 West 7th Street, Suite 1, Unit 1248, Frederick, MD 21702. Contact: support@auroa.io.
2. What we collect
- Account data: name, work email, facility name, licensed capacity.
- Operational logs: timestamps, activity events, audit trail entries.
- Payment data: handled by a PCI-DSS Level 1 payment processor; we never see card numbers.
- Encrypted resident records: stored as ciphertext; we cannot decrypt them.
3. Zero-PHI architecture
Auroa is designed as a non-medical workforce-management tool. Resident-level wellness fields are encrypted in your browser with a passphrase only your facility holds. We cannot read, recover, export, or hand over decrypted content — including in response to a subpoena.
4. How we use data
To operate the Service, send notifications you request (including SMS), prevent abuse, comply with law, and improve the product. We do not sell personal information.
5. Subprocessors
We use a small number of vetted subprocessors for hosting, managed Postgres, payment processing, transactional email and SMS, and error monitoring. All are SOC 2 Type II or equivalent. Current subprocessor list available to customers on written request to support@auroa.io.
6. Retention & deletion
On account termination, your data is available for export for 30 days and then permanently deleted.
7. Your choices
You may request access, correction, or deletion of your account data by emailing support@auroa.io.
8. Changes
We may update this policy. Material changes are announced by email or in-app notice at least 14 days before they take effect.