Parties
Controller (Client): The salon or business entity that subscribes to and activates the Aura 300 Services
Processor: Aura 300 Inc., 8 The Green, STE R, Dover, DE 19901, USA
Purpose of Access
Aura requires CRM access to:
Retrieve and update appointment availability
Sync booking confirmations, cancellations, and changes
Personalize outbound communications
Enrich AI conversations with service/stylist data
Update customer records following calls or WhatsApp interactions
Nature of Access
CRM login credentials will be provided by the Client or created for Aura as a unique service user (recommended)
Where possible, multi-factor authentication (MFA) or one-time passcodes (OTP) should be disabled for this service user to enable continuous automation
Aura will access the system through encrypted connections and perform role-based access control
Data Scope
Data accessed may include:
Customer name, contact information, and notes
Appointment history and preferences
Service menus and staff assignments
Limitations & Security
Aura will:
Only access data required for contracted services
Not store or export CRM data outside of permitted systems
Log all API or manual access events for auditability
Sub-Processors
Aura may use sub-processors (e.g., AWS, OpenAI, Retell AI) under written agreements mirroring data protection obligations.
Revocation of Access
Client may revoke access at any time by disabling credentials and notifying privacy@aura300.ai. Upon revocation, Aura will cease processing within 24 hours.
Consent and Authorization
By ticking the checkbox during signup, Client confirms authorization of access and processing for the above purposes, and agrees to Aura’s Terms, Privacy Policy, and DPA.