AUERUA
Why UsHow It WorksResultsPricingBlog
Book a demoSign inGet started
AUERUA
Why UsHow It WorksResultsPricingBlog
Get started

Legal

  • Terms of Service
  • Privacy Policy
  • Data Processing Agreement
    • 1. Roles
    • 2. Scope of Processing
    • 3. Subprocessors
    • 4. Data Location
    • 5. Security Measures
    • 6. Breach Notification
    • 7. Return & Deletion
  • Acceptable Use Policy

STRUCTURAL DRAFT — placeholder text with [BRACKETED] markers. Requires review by qualified counsel before go-live. Nothing on this page is a live legal commitment yet.

Legal

Data Processing Agreement

Effective date: [EFFECTIVE DATE] · Between the Customer (controller) and [COMPANY LEGAL ENTITY NAME] (processor)

1. Roles

For personal data contained in Customer content (tracked pages, business information, competitor data, member emails), the Customer acts as data controller and [COMPANY LEGAL ENTITY NAME] acts as data processor, processing personal data only on the Customer's documented instructions as expressed through the Service's configuration.

2. Scope of Processing

Subject matter: operation of the Auerua platform. Duration: the subscription term plus the retention window in the Privacy Policy. Nature and purpose: monitoring AI-engine citations, generating and publishing content, applying technical fixes, and reporting. Categories of data subjects: the Customer's workspace members and individuals referenced in Customer content. Categories of data: contact details, business information, and content data.

3. Subprocessors

The Customer authorises the subprocessors listed in the Privacy Policy (Supabase, Vercel, Stripe, Anthropic, OpenAI, Google, Perplexity, [TRANSACTIONAL EMAIL PROVIDER]). We will provide [NOTICE PERIOD, e.g. 30 days'] notice of subprocessor changes, during which the Customer may object on reasonable data-protection grounds.

4. Data Location

Primary data storage is in the Supabase region [SUPABASE REGION — verify in your Supabase project settings, e.g. ap-southeast-1 (Singapore)]. AI providers process request content in their own regions under their own terms; transfers are safeguarded by [TRANSFER MECHANISM, e.g. SCCs] where required.

5. Security Measures

  • Row-level security isolating each workspace's data.
  • AES-256-GCM encryption for stored credentials and API keys; write-only after saving.
  • Secret redaction at all logging and error-persistence points.
  • Access to production data restricted to [ACCESS POLICY].

6. Breach Notification

We will notify the Customer of a personal data breach affecting their data without undue delay and within [BREACH WINDOW, e.g. 72 hours]of becoming aware, providing the information reasonably required for the Customer's own notification obligations.

7. Return & Deletion

On termination, Customer data is exportable on request and deleted per the retention schedule in the Privacy Policy, except where retention is required by law.

AUERUA
Why UsHow It WorksResultsPricingBlogLegal

© 2026 Auerua · [COMPANY LEGAL ENTITY, UEN]. All rights reserved. · Legal · Contact