Torna ad AURA

AURA LEGAL

Privacy Policy

April 21, 2026

Data Controller

AURA is a proprietary product of Aven Labs, di Daniel Matei.

Controller details: Aven Labs, di Daniel Matei, Via Ferrovia 28, Sommariva del Bosco, 12048 (CN), Italy.

  • Tax Code (C.F.): DNLMFL02H26I470S
  • VAT number (P.IVA): 04209500042
  • Phone: +39 329 499 1620
  • Email: amministrazione@aven-labs.com

Scope of this Policy

This Policy applies to personal data processed through the AURA website, waitlist and investor contact forms, and related pre-contractual interactions.

AURA is focused on hospitality workflow orchestration, guest communication, booking, confirmation, payment continuity, and internal operations.

Categories of Personal Data

  • Identification and contact data: name, company name, email address, role, phone number.
  • Business context data: hospitality segment, message content provided in forms, optional notes.
  • Consent and preference data: newsletter opt-in, privacy consent choices, cookie preferences.
  • Technical and navigation data: IP addresses, device/browser metadata, access logs, diagnostic data.

Data Submitted Through Forms

When users complete waitlist, contact, or investor forms, Aven Labs processes the submitted data to respond to requests, evaluate onboarding, and manage follow-up communication.

Newsletter communications are optional and separate from mandatory privacy consent.

Purposes of Processing

  • Provide information about AURA and manage inbound requests.
  • Organize early-access qualification and onboarding.
  • Handle investor outreach and founder-level follow-up.
  • Maintain platform security, service continuity, and fraud prevention.
  • Comply with legal obligations, accounting requirements, and enforcement needs.
  • Send product updates and insights only where specific consent is provided.

Legal Bases (GDPR Art. 6)

  • Contractual or pre-contractual necessity (Art. 6(1)(b)) for request handling and onboarding steps.
  • Legal obligation (Art. 6(1)(c)) for regulatory and accounting compliance.
  • Legitimate interests (Art. 6(1)(f)) for security, anti-abuse, service reliability, and business operations.
  • Consent (Art. 6(1)(a)) for optional newsletter communications and non-essential cookies.

Methods of Processing and Security

Data is processed using electronic and organizational measures designed to protect confidentiality, integrity, and availability.

Access is restricted to authorized personnel and service providers under confidentiality and data-processing obligations.

Aven Labs applies proportional security controls and periodically reviews operational safeguards.

Retention

Personal data is retained only for the time necessary to achieve the stated purposes and to comply with applicable obligations.

  • Lead and inquiry data: 24 months after last contact.
  • Newsletter data (if consented): until opt-out.
  • Security and technical logs: 12 months.
  • Legal/accounting records: according to applicable statutory terms.

Recipients and Categories of Recipients

Data may be processed by authorized internal personnel and by external processors acting on documented instructions.

  • Hosting/infrastructure provider: Vercel (EU region).
  • Database and email delivery: Supabase and Postmark (EU infrastructure).
  • Analytics providers (if enabled): Vercel Analytics (anonymized).
  • Professional advisors, legal counsel, or authorities when required by law.

International Data Transfers

If personal data is transferred outside the EEA/UK, Aven Labs will rely on applicable transfer mechanisms under GDPR.

  • Examples include adequacy decisions or Standard Contractual Clauses (SCCs), with supplementary measures where required.
  • Primary data storage is in the EU. Any required transfers are secured via Standard Contractual Clauses.

Data Subject Rights

Data subjects may exercise rights under GDPR, including access, rectification, erasure, restriction, portability, and objection where applicable.

Consent may be withdrawn at any time for processing based on consent, without affecting prior lawful processing.

  • Requests can be sent to amministrazione@aven-labs.com.
  • Data subjects may also lodge a complaint with the competent supervisory authority.

Cookies and Tracking Technologies

Information on cookies and trackers, including preference management, is provided in the Cookie Policy.

Non-essential cookies are activated only after valid consent where required.

DPO and Contacts

For privacy requests or rights exercise, contact amministrazione@aven-labs.com.

A formal DPO has not been appointed as the processing scope does not meet the GDPR threshold, but privacy inquiries are handled directly by the administration team.

Policy Updates

This Policy may be updated to reflect legal, technical, or operational changes. Material updates will be published on this page with a revised date.