Privacy Policy

Last updated: October 10, 2025

Controller: Aurea Innovations Inc. — 450 Rue Saint-François-Xavier, Suite 416, Montréal (QC) H2Y 0E5, Canada
Privacy contact: contact@aureaapp.com

1) Scope

This policy applies to the Aurea app, website, and related services (the "Services"). We comply with Québec's Law 25, Canada's PIPEDA, and, where applicable, the EU/UK GDPR.

2) Data We Collect

Account & profile: name, email, password hash, photo/handle, interests, city/language.

Events & usage: events viewed/created, bookings, attendance (QR scans), messages, support.

Payments: processed by Stripe (we do not store card numbers).

Technical: IP, device/OS, logs, cookies/IDs, approximate location (if enabled).

Optional (consent-based): precise location, marketing preferences, analytics, notifications.

3) Purposes & Legal Bases

Provide the Service (accounts, ticketing/QR, messaging, organizer tools). Contract / legitimate interests.

Personalize recommendations and search. Legitimate interests / consent where required.

Communicate (confirmations, reminders, support). Contract / legitimate interests.

Security & fraud prevention (KYC via Stripe, chargebacks). Legal obligation / legitimate interests.

Compliance (tax/audit/records). Legal obligation.

Marketing (emails/push). Consent; you can opt out anytime.

4) Sharing

Organizers: necessary info for events (attendee lists, check-ins, messaging). Organizers are independent controllers for their uses; their policies apply.

Processors (hosting, email, analytics, Stripe). Bound by contracts and security measures.

Authorities: only when legally required.

Business transfers: we'll inform you before a material change of controller. We do not sell personal data.

5) International Transfers

Data may be processed outside your jurisdiction (e.g., Canada/USA/EU). We use appropriate safeguards (e.g., Standard Contractual Clauses) when required.

6) Retention

Account/usage data: while the account is active, then up to 24 months (support/disputes).

Payment/transaction records: up to 7 years where needed (tax/audit). Afterwards, we delete or irreversibly anonymize.

7) Security

Administrative, technical, and physical safeguards (encryption in transit, access controls, logging). No system is 100% secure; we run a risk-based security program and vendor due diligence.

8) Your Rights

Depending on your location: access, rectification, erasure, objection/restriction, portability (GDPR), withdraw consent, and marketing preferences control. Requests: contact@aureaapp.com (we may verify identity). Complaints: CAI (Québec), Office of the Privacy Commissioner of Canada, or your EU/UK data protection authority.

9) Cookies

Essential cookies (security/session) and, with consent, functional/analytics/marketing cookies. Manage preferences in the app/browser. Some features require essential cookies.

10) Minors & Public Content

The Services are not directed to children below the legal contracting age. Public fields (profiles, chats, event pages) may be visible to others—don't post sensitive data. Organizers must respect privacy and anti-spam laws.

11) Changes

We may update this policy. Material changes will be announced in-app or by email with reasonable advance notice when required. Continued use after the effective date means you accept the update.

12) Contact

Privacy Officer — Aurea Innovations Inc.
450 Rue Saint-François-Xavier, Suite 416, Montréal (QC) H2Y 0E5, Canada
Email: contact@aureaapp.com

Language note (Québec): A French version will be made available; in Québec, the French version prevails in case of discrepancy.