Privacy Policy
Last updated: February 10, 2026
1. Data Controller
Aurion is operated by SMC Consulting, a company registered in Belgium with offices in Brussels. For privacy inquiries, contact us at privacy@aurionai.eu.
2. Data We Collect
2.1 Website Visitors
- Contact forms: Name, email address, company name, job title, and message content when you submit a demo request or contact form.
- Analytics: Anonymized usage data (page views, referrer, device type) via Vercel Analytics. No cookies are used for tracking.
2.2 Aurion Service Users (Tenants)
- Account data: Organization name, admin email, billing information.
- Voice data: Call recordings, transcripts, and caller authentication attempts (name and badge ID hash).
- ITSM data: Ticket information, knowledge base searches, and asset queries processed during voice calls. This data transits through Aurion but is stored in your ITSM platform.
- Usage data: Call duration, resolution metrics, and conversation analytics.
3. How We Use Your Data
- To provide and operate the Aurion voice AI service.
- To authenticate callers using voice-based 2-factor verification.
- To respond to your inquiries and demo requests.
- To generate usage analytics for your admin dashboard.
- To improve service quality and performance.
We do not use your voice data to train AI models. We do not sell or share personal data with third parties for marketing purposes.
4. Legal Basis (GDPR Art. 6)
- Contract performance: Processing necessary to deliver the Aurion service you subscribed to.
- Legitimate interest: Analytics and service improvement, balanced against your privacy rights.
- Consent: Marketing communications (opt-in only).
5. Data Storage and Security
- Location: All data is stored in the European Union, specifically AWS eu-west-3 (Paris, France).
- Encryption: Data at rest is encrypted with AES-256. Data in transit uses TLS 1.3.
- Call recordings: Stored in encrypted S3 buckets with configurable retention periods. You control retention settings in your admin dashboard.
- Caller authentication: Badge IDs are stored as bcrypt hashes (cost factor 12). Raw badge IDs are never stored or logged.
- Tenant isolation: Each tenant's data is isolated using PostgreSQL Row-Level Security and dedicated Kubernetes pods.
6. Data Retention
- Website inquiries: Retained for 12 months, then deleted.
- Call recordings: Configurable by you (default: 90 days). You can adjust or disable recording in your admin dashboard.
- Transcripts and analytics: Retained for the duration of your subscription plus 30 days.
- Account data: Retained for the duration of your subscription plus 90 days for billing reconciliation.
7. Your Rights (GDPR)
Under the General Data Protection Regulation, you have the right to:
- Access your personal data.
- Rectify inaccurate data.
- Erase your data ("right to be forgotten").
- Restrict processing.
- Data portability — receive your data in a structured format.
- Object to processing based on legitimate interest.
- Withdraw consent at any time.
To exercise these rights, contact privacy@aurionai.eu. We respond within 30 days.
8. Sub-Processors
We use the following sub-processors to deliver the Aurion service:
| Sub-Processor | Purpose | Location |
|---|---|---|
| Amazon Web Services (AWS) | Infrastructure hosting (EKS, RDS, S3) | Paris, France (eu-west-3) |
| Twilio | SIP trunking for phone calls | EU region |
| LiveKit | Real-time voice communication | EU-hosted |
| OpenAI | Speech-to-text (Whisper) | EU API endpoint |
| Anthropic | LLM reasoning (Claude) | US (data not stored) |
| Cartesia | Text-to-speech synthesis | US (data not stored) |
| Stripe | Payment processing | EU |
| Vercel | Website hosting (marketing site only) | Global CDN |
9. Cookies
The Aurion marketing website uses no tracking cookies. We use Vercel Analytics, which collects anonymized, cookieless analytics data. No consent banner is required.
The Aurion admin dashboard uses essential session cookies for authentication. These are strictly necessary and do not require consent under GDPR.
10. Changes to This Policy
We may update this policy to reflect changes in our practices or legal requirements. Material changes will be communicated via email to registered users. The "last updated" date at the top indicates the most recent revision.
11. Contact
For privacy-related questions or to exercise your data rights:
- Email: privacy@aurionai.eu
- Address: SMC Consulting, Brussels, Belgium
You also have the right to lodge a complaint with the Belgian Data Protection Authority (Autorité de protection des données / Gegevensbeschermingsautoriteit).