Privacy Policy

Last updated: May 27, 2026

This Privacy Policy describes how AuraMM collects, uses, discloses and protects personal data when you use our website, purchase our Expert Advisors (EAs), or otherwise interact with us. AuraMM is not a registered company; it is the trading name used by the individuals operating the service.

Contact

For privacy-related questions, you may contact us at: [email protected]. You can also reach us through our Whop product page or our Discord (links available on the product pages).

Scope

This policy applies to personal data processed in connection with our website and services, including purchases made through third-party platforms (for example, Whop) and any customer support provided through email or third-party channels.

Data We Collect

• Account & purchase data: information required to process purchases (name, email, billing metadata) when you buy through our storefront (Whop or other providers).
• Communications: messages you send to us via email, support channels or through Whop/Discord.
• Technical data: IP address, browser, device information and basic usage logs collected by our hosting or third-party services. We do not currently deploy site analytics scripts other than what third-party platforms provide; if we add analytics, we will update this policy.

How We Use Personal Data

We use personal data to:

• Provide and manage purchases of our products and services;
• Communicate with you about orders, updates, and support;
• Comply with legal obligations;
• Protect our rights and the rights of our users.

Third-Party Services

We use third-party service providers to operate the business, including payment and storefront providers (e.g., Whop), email providers (e.g., Brevo), hosting and infrastructure providers. Those providers may process personal data on our behalf. We require that processors implement reasonable security measures and limit use of personal data to the purposes we authorize.

Cookies & Tracking

At present, AuraMM does not deploy analytics or tracking scripts beyond third-party service requirements. If we introduce analytics (e.g., Google Analytics) or marketing cookies, we will update this policy and provide opt-out information. Transactional emails (license keys, receipts) are sent via our email provider.

Cookies in Production

When the site is deployed to a production domain (for example on a VPS with HTTPS), the following cookie behaviour applies:

• Session cookie (PHPSESSID): used to maintain logged-in sessions. It is marked HTTP-only and by default is a session cookie (expires when the browser is closed). In production we configure the cookie with the Secure flag so it is only sent over HTTPS.
• Purpose: authentication and session management for customers and admins (required for the site to function).
• Retention: session lifetime is controlled server-side; session cookies are not used for long-term tracking by AuraMM.
• Third-party cookies: third-party services (payment/storefront providers like Whop, or email/marketing providers like Brevo) may set cookies from their own domains. These cookies are outside AuraMM's first-party cookie set and may require a consent banner if they are used for analytics or marketing.

Production checklist (cookies & deployment):

• Serve the site over HTTPS and enable HSTS.
• Set APP_URL to the production domain and enable APP_SESSION_SECURE=1 so session cookies use the Secure flag.
• If using subdomains, consider setting a session cookie domain (for example .yourdomain.com) via an env variable.
• Perform a cookie audit after adding any analytics/marketing scripts and add a cookie consent banner that blocks non-essential scripts until consent is given.
• Update this Privacy Policy to list any third-party cookies and retention periods when such services are enabled.

Data Sharing

We may share personal data with:

• Service providers who support our business (payment processors, email providers, hosting providers).
• In response to lawful requests by public authorities, courts, or to comply with legal obligations.

Data Retention

We retain personal data as long as necessary to provide services, comply with legal obligations, resolve disputes, and enforce agreements. Specific retention periods depend on the nature of the data and legal requirements.

International Transfers

We operate from Italy and may transfer personal data to service providers in other countries. Where transfers occur, we rely on appropriate safeguards (e.g., standard contractual clauses) or where permitted by law.

Your Rights

Depending on your location and applicable law, you may have rights to access, correct, or delete your personal data, and to object to or restrict processing. To exercise these rights please contact us at [email protected]. Because AuraMM sells worldwide and operates from Italy, residents of the EU are additionally protected under the GDPR.

Security

We take reasonable technical and organizational measures to protect personal data. However no system is completely secure — we cannot guarantee absolute security.

Children

Our services are not directed to children under 16. We do not knowingly collect personal data from children.

Changes to this Policy

We may modify this Privacy Policy from time to time. If changes are material, we will provide notice on the site or by other means.

Last updated: May 27, 2026