Aurexis ← Back to Aurexis

AUREXIS — PRIVACY POLICY

Effective date: 13 April 2026

Last updated: 13 April 2026

This Privacy Policy explains how Aurexis ("Aurexis," "we," "us," or "our") collects, uses, shares, and protects personal data when you visit aurexis.app (the "Site"), request access to, or use the Aurexis opportunity-to-reality engine and related services (together, the "Services").

Aurexis is operated by AUREXIS AI PRIVATE LIMITED, a company incorporated in India (Faridabad, Haryana). For the purposes of India's Digital Personal Data Protection Act, 2023 ("DPDP Act"), we are the Data Fiduciary for the personal data we handle, and you are the Data Principal.

We built Aurexis on one principle: nothing is simulated — every number traces to a real source, or it is honestly marked absent. We apply the same honesty here. This policy describes what we actually collect and do today, and clearly marks what is planned but not yet in place.

1. Scope

This policy applies to personal data of visitors to the Site, people who request early access, and users of the Services. It does not apply to: (a) the internal engineering of third-party providers we rely on, which have their own policies; or (b) applications that you design, build, and deploy using Aurexis, which you control and are responsible for (see Section 12).

2. Information we collect

a) Information you give us directly

b) Information generated when you use the Services

c) Information collected automatically

We do not intentionally collect special-category or sensitive personal data, and we ask that you not enter such data into a run.

3. How we use your information, and our legal bases

Under the DPDP Act we process personal data on the ground of your consent, or on a legitimate use the Act specifically permits (such as a purpose for which you voluntarily provided the data, or preventing fraud and securing the Services). We do not rely on a general "legitimate interests" ground for DPDP purposes, because the DPDP Act does not provide one. For users in the EU/UK, we identify the corresponding GDPR basis separately.

PurposeExamplesDPDP (India) groundGDPR (EU/UK) basis
Provide and operate the ServicesRun the seven-stage engine, build your profile, generate and deploy your productConsent; the purpose you provided the data forPerformance of a contract
Communicate with youAccess invitations, service and security notices, replies to your requestsConsentConsent; legitimate interests
Secure the Services and prevent abuseDebugging, preventing fraud/abuse, measuring reliabilityLegitimate use (fraud prevention / security)Legitimate interests
Comply with lawRespond to lawful requests; keep required recordsLegal obligationLegal obligation

Consent and notice. Where we rely on your consent, we obtain it through a clear affirmative action (for example, a checkbox that is not pre-ticked) at the point of collection, together with an itemized notice of the data we collect, the purposes, and how to withdraw. You may withdraw consent at any time (see Sections 9–10); withdrawal does not affect processing already carried out, and may limit features that require the data.

We process your personal data only for the purposes for which you provided it, or for compatible purposes described here. We do not sell your personal data, we do not use it for third-party advertising, and we do not use your profile intake or run content to train third-party AI models beyond what is needed to return your result (see Section 4).

4. AI processing (important)

Aurexis relies on third-party AI providers to deliver core stages of a run:

Your inputs are sent to these providers solely to perform your run. We do not use, and do not authorize these providers to use, your inputs to train their public models beyond what is necessary to return your result, subject to each provider's terms. AI-generated output can be inaccurate or incomplete; you are responsible for reviewing it before you rely on or publish it.

5. When we share your information — subprocessors

We share personal data only with service providers ("subprocessors") that process it on our behalf to deliver the Services, under contracts that require appropriate confidentiality and security:

SubprocessorPurposeApprox. location
AnthropicAI reasoning (Profile, Discover, Blueprint, GEO probes)United States
v0 by VercelApp building and production deploymentUnited States
Perplexity (optional)Additional GEO probingUnited States
SupabaseDatabase and persistence (when configured)United States / EU
Google (Forms)Early-access request formUnited States

GitHub is not a personal-data subprocessor. For the Discover stage we query the GitHub Search API for public software-project statistics (repository counts, stars, new-project activity). We send only ecosystem search terms; no personal data about you is shared with GitHub.

We may also disclose personal data: (a) to comply with law, legal process, or a lawful government request; (b) to protect the rights, safety, or property of Aurexis, our users, or the public; and (c) in connection with a merger, acquisition, financing, or sale of assets, in which case we will require the recipient to honor this policy or notify you of any material change.

6. International data transfers

Aurexis is based in India, and several of our subprocessors are located outside India (primarily the United States). Where we transfer personal data across borders, we do so in reliance on appropriate safeguards, such as the recipient's contractual commitments and standard data-protection terms, and in accordance with applicable law, including any restrictions the Government of India may notify under the DPDP Act. For transfers of EU/UK personal data to the United States, we rely on standard contractual clauses and equivalent contractual safeguards.

7. Data retention

We keep personal data only as long as needed for the purposes in this policy, and then delete or anonymize it:

Where a run creates a real public deployment or generated source, those artifacts may persist with the third-party builder/host until removed.

8. Security

We take reasonable technical and organizational measures to protect personal data, including encryption of data in transit, access controls, and vetting of the subprocessors we use. Notably, the Aurexis engine's security stage (Sentinel) never executes model-generated code when it audits it, so the audit itself does not become a security hole.

No method of transmission or storage is completely secure, and we cannot guarantee absolute security. We do not claim any specific security certification (such as SOC 2, ISO 27001, or HIPAA compliance) unless and until we have actually obtained it.

Personal-data breach. If we become aware of a personal-data breach, we will notify each affected Data Principal without undue delay — describing, in plain language, the nature of the breach, its likely consequences, the measures we have taken or propose to take, and steps you can take to protect yourself — and we will notify the Data Protection Board of India (and any other authority) with the particulars and within the timelines required by the DPDP Act and its rules.

9. Your rights

Subject to applicable law, you have the right to:

To exercise any right, contact us using Section 10. We will respond to rights requests within 30 days, or any shorter period required by applicable law. You also have the right to complain to the Data Protection Board of India (or your local supervisory authority) if you believe your rights have been infringed.

10. Grievance Officer and contact

For any question, request, or complaint about your personal data, contact:

Grievance Officer / Privacy Contact

AUREXIS AI PRIVATE LIMITED

Email: founder@aurexis.app

We will acknowledge grievances promptly and aim to resolve them within 90 days, or sooner where required by the DPDP Act and its rules.

11. Children

The Services are not directed to, and may not be used by, anyone under 18. We apply an age confirmation at sign-up/intake to check that you are 18 or older, and we do not knowingly collect personal data from children.

Consistent with the DPDP Act, we do not knowingly undertake tracking, behavioral monitoring, profiling, or targeted advertising directed at children. If processing of a child's or a person with disability's data ever becomes necessary or is discovered, we will obtain verifiable consent of a parent or lawful guardian as required, and will otherwise delete the data. If you believe a child has provided us personal data, contact us and we will delete it.

12. Third-party links and the apps you build

The Site and Services may link to third-party sites, and Aurexis lets you build and deploy your own applications to live URLs. Those third-party sites, and the applications you create and operate, are not governed by this policy. You are the controller of any personal data your deployed application collects, and you are responsible for its privacy practices and compliance.

13. Changes to this policy

We may update this policy from time to time. We will post the updated version here with a new "Last updated" date and, for material changes, take additional steps to notify you where required.

14. Contact us

Questions about this policy? Email founder@aurexis.app.

© 2026 AUREXIS AI PRIVATE LIMITED| PrivacyTerms| Home