AURA 300
Privacy Policy
Effective Date: March 2026
This Privacy Policy explains how Aura 300 Inc. ("Aura", "we", "us") collects, uses, and protects personal data when providing AI-powered communication and automation services to salons, clinics, and beauty businesses ("Client").
1. Who We Are
Aura 300 Inc. is a Delaware C-Corp providing AI agents (Emma, Yuki, Nami) that automate salon and clinic communication, scheduling, marketing, and analytics.
2. Who This Applies To
• Salon owners, clinic owners, and their authorised staff using Aura 300 Services.
• End customers of salons and clinics who interact with AI agents by phone, SMS, WhatsApp, or other channels.
3. What Personal Data We Process
• From Clients: Name, business contact information, CRM login or API credentials, subscription and usage data.
• From End Customers (on behalf of Client): Name, contact information (email, phone), booking history, preferences, and responses to AI agents.
• Meta/WhatsApp Data: Message content, delivery status, opt-in/out preferences (as applicable).
• Advertising Data: For clients using Nami, we may process audience data, ad performance data, and conversion events via Meta's advertising platform.
4. Legal Basis for Processing
Aura processes personal data:
• As a data processor on behalf of Clients (the data controller), per GDPR Art. 28 and equivalent laws.
• As a data controller for limited administrative data (e.g., Client accounts, support logs) under legitimate interests or contractual necessity.
5. Data Use
We use data to:
• Deliver our AI reception, booking, re-engagement, marketing, and analytics services.
• Authenticate and sync with CRM systems.
• Create, manage, and optimise advertising campaigns on Meta platforms (Facebook/Instagram) for clients subscribed to Nami.
• Improve our AI performance and customer experience.
• Comply with legal obligations and enforce our terms.
6. Sharing and Sub-Processors
We use third-party sub-processors to deliver services. All sub-processors are under contract with equivalent data protection obligations. A current list is available at aura300.ai/sub-processors or upon request to privacy@aura300.ai.
Current Sub-Processors
• Stripe — payment processing (PCI-DSS compliant)
• Twilio — telephony and SMS
• Retell AI — AI voice agent infrastructure
• Meta (WhatsApp Business) — WhatsApp messaging
• Meta (Facebook & Instagram Advertising) — paid advertising campaigns for clients subscribed to Nami
• Authorised third-party advertising partners — campaign creation and management on behalf of Nami clients (identities disclosed upon request)
• OpenAI / Anthropic — large language model processing
• AWS — infrastructure hosting
• Phorest, Fresha, Treatwell, Shortcuts, Timely, Kitomba, Ovatu — CRM integrations
Note: Clients subscribing to Nami acknowledge that Meta's advertising platform and authorised advertising partners will have access to campaign-related data as necessary to deliver the advertising services.
7. International Transfers
We use Standard Contractual Clauses (SCCs) and the UK International Data Transfer Addendum (IDTA) where required for transfers of personal data outside the EU/UK/EEA. For transfers to the United States, we rely on SCCs under GDPR Chapter V.
8. Data Retention
• Client account data is retained while the subscription is active.
• End customer data processed on behalf of Clients is deleted within 30 days of subscription termination unless otherwise instructed by the Client in writing.
• Advertising campaign data (Meta) is retained for the period necessary to deliver and report on campaigns, after which it is deleted or anonymised.
9. Your Rights
Depending on your jurisdiction, you may have the right to:
• Access personal data held about you
• Request correction or deletion of your data
• Object to or restrict certain types of processing
• Withdraw consent where processing is based on consent
• Data portability (where applicable under GDPR)
• Lodge a complaint with a supervisory authority (e.g., the Irish DPC, the ICO in the UK, or the OAIC in Australia)
To exercise any of the above rights, please contact us at privacy@aura300.ai. We will respond within 30 days of receiving your verified request. In complex cases, we may extend this period by a further two months but will notify you within the initial 30-day period.
10. AI Disclosure
Aura 300's agents (Emma, Yuki, Nami) are AI-powered automated systems. End customers who interact with these agents are communicating with an artificial intelligence, not a human member of staff. Clients are responsible for informing their end customers that communications may be handled by an AI assistant, where required by applicable law or regulation. Aura 300 recommends that Clients include appropriate disclosure in their own privacy notices, booking confirmations, and website terms.
11. Security
We implement encryption in transit and at rest, role-based access controls, audit logging, and regular security testing to protect personal data.
12. Children
Aura services are not directed at individuals under the age of 16. Clients are responsible for ensuring lawful data collection from minors where applicable.
13. Marketing Communications
All marketing communications sent via Aura AI are governed by the Client's lawful basis and consent mechanisms. We honour opt-out preferences at all times. Clients are responsible for ensuring their own compliance with applicable anti-spam and electronic marketing laws (including PECR, AU Spam Act, and CAN-SPAM).
14. Changes to this Policy
We may update this policy periodically. Significant changes will be notified via email or platform dashboard. Continued use of the Services after notification constitutes acceptance of the updated policy.
15. Mergers and Acquisitions
In the event of a merger, acquisition, or sale of Aura 300 Inc., personal data may be transferred to the acquiring party, provided they commit to data protection standards no less protective than those in this Policy.
16. Contact
For any privacy-related queries, data subject rights requests, or concerns:
• Email: privacy@aura300.ai
• General: info@aura300.ai
• Website: aura300.ai
© 2026 Aura 300 Inc. All rights reserved. · aura300.ai · privacy@aura300.ai
AURA 300
AI Revenue Infrastructure for Salons
& Clinics. Live across Australia,
Ireland, UK and the United States.
© 2026 Aura 300 Inc. — Delaware C-Corp. All rights reserved.
🇦🇺 Australia
🇮🇪 Ireland
🇬🇧 United Kingdom
🇺🇸 United States