Privacy Policy (GDPR & UAE-Compliant)

1. Who We Are

Auras Pay is a blockchain-based, non-custodial crypto payment gateway operated by AURAS Technologies MENA FZCO, a company registered in Dubai, United Arab Emirates. We do not hold or transfer customer or merchant funds. Our service is a software-as-a-service (SaaS) solution for merchants accepting direct on-chain crypto payments.

2. Data We Collect

When registering for our service, we collect:

• Full name
• Email address
• Mobile number
• Store name
• Wallet address (optional)

Note: Know Your Customer (KYC) checks are conducted through licensed third-party providers.

3. Legal Basis for Processing

We process your data under:

• Contractual necessity (to create and manage your account)
• Legal obligation (to comply with UAE and international regulations)
• Legitimate interests (to provide and improve our services)

4. How We Use Your Data

We use your personal data to:

• Create and maintain your merchant account
• Process payment gateway transactions
• Comply with KYC/AML requirements
• Send service-related notifications
• Improve our platform and user experience

5. Data Sharing and Third Parties

We may share your data with:

• Licensed KYC/AML verification providers
• Cloud hosting services (data stored in secure, compliant data centers)
• Law enforcement or regulatory bodies when legally required

We do not sell or rent your personal data to third parties.

6. Data Retention

We retain your personal data for as long as your account is active or as needed to provide services. After account closure, we retain data for the minimum period required by UAE and international law (typically 5-7 years for financial records).

7. Your Rights

Under GDPR and UAE law, you have the right to:

• Access: Request a copy of your personal data
• Rectification: Correct inaccurate or incomplete data
• Erasure: Request deletion of your data (subject to legal obligations)
• Portability: Receive your data in a structured format
• Object: Object to processing based on legitimate interests
• Withdraw Consent: Where processing is based on consent

To exercise your rights, contact us at: privacy@auraspay.com

8. Security Measures

We implement industry-standard security measures including:

• Encryption of data in transit and at rest
• Regular security audits and penetration testing
• Access controls and authentication mechanisms
• Secure blockchain infrastructure

9. International Data Transfers

If data is transferred outside the UAE or EEA, we ensure adequate protection through:

• Standard Contractual Clauses (SCCs)
• Adequacy decisions
• Other legally approved transfer mechanisms

10. Cookies and Tracking

We use essential cookies to ensure platform functionality. Optional analytics cookies may be used with your consent. You can manage cookie preferences in your browser settings.

11. Children's Privacy

Our services are not intended for individuals under 18 years of age. We do not knowingly collect data from minors.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated effective date. Continued use of our services constitutes acceptance of the revised policy.

13. Contact Us

For privacy-related inquiries, please contact:

14. Supervisory Authority

If you are located in the EEA, you have the right to lodge a complaint with your local data protection authority. In the UAE, you may contact the UAE Data Office.