Aurono Labs

Privacy Policy

Last updated: 24 May 2026

1. Who we are

Aurono Labs is a company registered in the Netherlands (KVK 99807882, BTW-nr NL005411946B42, registered at Linnaeuskade 19-1, 1098 BE Amsterdam). We operate the website auronolabs.com and are developing a local-first crypto trading execution product. For any questions, including privacy and data-protection matters, contact info@auronolabs.com.

2. What data we collect

We operate a notification list for the upcoming pre-built Aurono Start Device tier. When you sign up, we may collect the following information:

  • Email address (required)
  • First name (optional)
  • Trading experience level (optional)
  • Which cryptocurrency exchanges you use (optional)
  • Consent confirmation to be contacted about Aurono updates

The optional fields exist only so we can prioritise development — you can leave them all blank and the form still submits. Separately, when you purchase an Aurono Start Software license, we collect the data described in section 10 (Webshop processing) below.

3. How we store your data

Device-notification-list submissions are stored in Redis (Upstash) in production, in a local JSON file in development. We do not transmit list data to any advertising network. The processors listed in section 10 handle webshop order data.

4. How we use your data

We use the information you provide solely to:

  • Notify you when the pre-built Aurono Start Device tier becomes available
  • Send you updates about the Aurono product and launch timeline
  • Understand the experience level and exchange preferences of potential users, so we can prioritize development

We will never sell, rent, or share your personal data with third parties for marketing purposes.

Legal basis. We process device-notification-list data on the basis of your consent (GDPR Art. 6(1)(a)), which you give by ticking the consent checkbox at signup. You can withdraw consent at any time by emailing info@auronolabs.com or using the unsubscribe link in any update email. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.

5. Cookies

This website does not use tracking cookies, advertising cookies, or analytics cookies. We do use a privacy-preserving, cookieless analytics service (Vercel Web Analytics, see section 6). The only cookie used is a session cookie for admin authentication, which is strictly necessary for website administration and is not set for regular visitors. Because we use only a strictly-necessary admin cookie and a cookieless analytics tool, we deliberately do not present a cookie banner — there is nothing for the visitor to consent to.

6. Analytics

We use Vercel Web Analytics (provided by Vercel Inc., USA) to understand which pages are visited and how visitors arrive on the site. It is privacy-friendly by design: no cookies, no cross-site tracking, and IP addresses are hashed with a daily-rotating salt and never stored in raw form. The collected data is limited to page paths, referrers, approximate country, and device/browser type. Legal basis: our legitimate interest in measuring site usage (GDPR Art. 6(1)(f)). Vercel’s data processing terms are available at vercel.com/legal/dpa.

7. Your rights under the GDPR

As a resident of the European Economic Area, you have the following rights regarding your personal data:

  • Right of access — You can request a copy of the personal data we hold about you.
  • Right to rectification — You can ask us to correct any inaccurate or incomplete data.
  • Right to erasure — You can ask us to delete your personal data at any time, subject to the legal-obligation exception described in section 8.
  • Right to restrict processing — You can ask us to limit how we use your data.
  • Right to data portability — You can request your data in a structured, machine-readable format.
  • Right to withdraw consent — You can withdraw your consent to be contacted at any time.

To exercise any of these rights, contact us at info@auronolabs.com. We will respond within 30 days.

You also have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) if you believe we have not handled your personal data lawfully. Their website is autoriteitpersoonsgegevens.nl.

8. Data retention

Waitlist data: retained as long as needed to contact you about Aurono availability. Webshop order data: retained for 7 years as required by Dutch tax law (Algemene wet inzake rijksbelastingen). Under GDPR Art. 17(3)(b), the right to erasure does not apply where processing is necessary for compliance with a legal obligation — so we keep your order record (including your name and email) for the full 7-year tax-retention window even if you request erasure. After the 7 years expire, the record is deleted entirely. You retain all other GDPR rights (access, rectification, restriction of processing for purposes outside the tax obligation) and can exercise them at any time by emailing info@auronolabs.com.

9. International data transfers

Some of our processors (Resend, Vercel) are based in the United States. Where a processor is certified under the EU-US Data Privacy Framework (DPF), we rely on the European Commission's adequacy decision for the DPF. Where DPF certification does not apply, we rely on Standard Contractual Clauses (SCCs) under Commission Implementing Decision (EU) 2021/914. You can request a copy of the SCCs applicable to a specific processor by emailing info@auronolabs.com. Mollie B.V. (Amsterdam) and Upstash (Frankfurt) host their data inside the EU; no transfer outside the EEA occurs for those processors.

10. Webshop processing (Phase 18 onward)

When you purchase an Aurono Start license at /buy, we process additional personal data and use the following third-party processors. Each is named here per GDPR Art. 13:

  • Order data we collect: email, name, locale, country of residence (required for EU OSS VAT compliance — we report VAT through the One-Stop-Shop scheme using the buyer's country rate), and an optional voucher code. We do not collect or store phone numbers, full postal addresses, demographic data, or payment card details.
  • Consumer-law audit fields: we record a timestamp and your IP address at checkout as the audit trail for the EU right-of-withdrawal waiver (Consumer Rights Directive Art. 16(m); see Terms of Sale section 6). Legal basis: legal obligation (GDPR Art. 6(1)(c)).
  • Mollie B.V. (Amsterdam, NL) — processes your payment. We share your email, name, locale, and order amount with Mollie. Mollie holds card data; we do not. Standard Mollie DPA applies: mollie.com/legal/data-processing-agreement.
  • Resend (US) — sends transactional emails (purchase confirmation, license delivery, fingerprint requests, sharer notifications). We share recipient email and message content with Resend. US transfer is covered by the DPF where Resend is certified, otherwise by SCCs (see section 9): resend.com/legal/dpa.
  • Upstash (EU region) — stores order records and voucher records in a managed Redis database hosted in Frankfurt. Data does not leave the EU. Their data processing terms: upstash.com/trust.
  • Vercel Inc. (US) — hosts the website and serverless functions. The deployment region is set to the EU (fra1) so runtime stays in the EU. US transfer is covered by the DPF where Vercel is certified, otherwise by SCCs (see section 9): vercel.com/legal/dpa.

Legal basis for order processing: contract performance (GDPR Art. 6(1)(b)). Legal basis for transactional emails: contract performance. Legal basis for the referral voucher program: legitimate interest (GDPR Art. 6(1)(f)) — a low-data referral mechanic with no special-category data and no profiling. Marketing emails (separate from transactional) require explicit consent (Art. 6(1)(a)) and have a clear unsubscribe link.

11. Children's data

This website is not directed at children under 18. We do not knowingly collect personal data from children. If we learn we have inadvertently collected data from a child, we will delete it. If you believe a child has given us data, please contact info@auronolabs.com.

12. Personal-data breaches

In the event of a personal-data breach that is likely to result in a risk to your rights and freedoms, we will notify the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) within 72 hours of becoming aware of it (GDPR Art. 33) and inform affected users without undue delay where the risk is high (GDPR Art. 34).

13. Changes to this policy

We may update this privacy policy from time to time. Any changes will be posted on this page with an updated revision date. We encourage you to review this page periodically.

14. Contact

For privacy questions, data-subject requests (access, rectification, erasure, portability), breach notifications, or any other matter, contact info@auronolabs.com.