← Back to home

auravoice.ai

Privacy Policy

Privacy Policy · Last updated: April 27 2026

This privacy notice explains how personal data is processed on the website auravoice.ai (hereinafter the “Website”) by Aura Intelligence Group FZCO. Aura Intelligence Group FZCO processes only such data as is necessary to provide and secure the Website and its services, guided by the principle of data minimisation. “Personal data” means any information relating to an identified or identifiable natural person (data subject), such as name, address, telephone number, date of birth, email address or IP address. Information that cannot be attributed to a specific person, for example due to anonymisation, is not regarded as personal data.

Insofar as users resident in Switzerland are affected, the following notices apply accordingly to processing operations that are subject to the Swiss Federal Act on Data Protection (revDSG); in such cases, references to the GDPR are to be understood as references to the corresponding provisions of the revDSG.

1. Data Controller

The controller within the meaning of the GDPR for the processing of personal data on this website is:

Aura Intelligence Group FZCO

Building A1, Digital Park, Silicon Oasis

Dubai, United Arab Emirates

Website: https://auravoice.ai

For data protection enquiries or to exercise your data subject rights, please contact data.protection@auravoice.ai.

Representative in the European Union (Art. 27 GDPR)

As the controller is established outside the EU/EEA, we have appointed a representative in the Union in accordance with Art. 27 GDPR:

John Torres, CTO, Aura Intelligence Group FZCO

Email: data.protection@auravoice.ai

2. Data Protection Officer

Our Data Protection Officer (DPO) and Information Security Officer is

The following has been appointed as Data Protection Officer and Information Security Officer:

Kertos GmbH

Brienner Straße 41

80333 München

Germany

Email: dataprivacy@kertos.io

3. Data processing on our website

3.1 Provision of the website

Purpose of processing

We process your data in order to

  • ensure the reliable operation of the website
  • enable user-friendly access to our website
  • and maintain IT security

Recipient: Netlify, Inc., 101 2nd Street, San Francisco, CA 94105-2239, USA

Processed data

  • IP address of the requesting device
  • method (e.g. GET, POST), date and time of the request
  • address of the website accessed and path of the requested file
  • where applicable, the previously accessed or requesting website/file (HTTP referer)
  • information about the browser and operating system used
  • version of the HTTP protocol, HTTP status code, size of the file transferred
  • request information such as language, content type, content encoding, character encodings

Legal basis: Art. 6(1)(f) GDPR. The processing of the data referred to is necessary to provide the website and to ensure secure and user-friendly operation.

Storage period: The data collected is deleted as soon as it is no longer required for the operation of the website, but no later than 30 days, unless a statutory retention obligation applies.

Transfer to third countries: The data is processed and stored exclusively within the European Union, so that no transfer to a third country takes place.

Further information: https://www.netlify.com/privacy/ | https://www.netlify.com/gdpr-ccpa/

3.2 Booking a demo/appointment

Purpose: Collection of contact information to schedule and carry out product demonstrations or meetings

Recipient: Calendly LLC, 115 E Main St., Ste A1B, Buford, GA 30518, USA

Processed data

  • contact information (e.g. name, email address)
  • company data (e.g. company name, position)
  • appointment preferences (e.g. preferred date, time)
  • technical data (e.g. IP address, browser type)

Legal basis: Performance of a contract or pre-contractual measures pursuant to Art. 6(1)(b) GDPR for the data processing required to book a demo; legitimate interest pursuant to Art. 6(1)(f) GDPR for the processing of additional data to optimise our services and for customer support.

Storage period: The data is stored for the duration of the business relationship and beyond in accordance with the statutory retention periods. At Calendly, the data is stored for a maximum of 30 days, unless longer retention is required by law or necessary for the performance of the contract.

Transfer to third countries: The information is transmitted to a Calendly server in the USA and stored there. For data transfers to the USA, there is an adequacy decision of the EU Commission, the EU-U.S. Data Privacy Framework. Calendly is certified under this framework (Art. 45 GDPR). In addition, standard contractual clauses (SCCs) pursuant to Art. 46 GDPR are in place.

Further information: https://calendly.com/legal/privacy-notice

3.3 Try Aura live

On our website, the “Try Aura live” button lets you test the product directly. Via this button you are redirected to the external funnel page https://auravoice.perspectivefunnel.com/web-form2/. There you can leave your telephone number to receive a test call and optionally provide your email address to be contacted.

Purpose: Providing the opportunity to test the “Aura” product live and, where you consent, contacting you for demo and sales purposes.

Recipients: Perspective Software GmbH, Stresemannstraße 123, 10963 Berlin, Germany (funnel platform); Attio Ltd., 86-90 Paul Street, London EC2A 4NE, United Kingdom (CRM).

Processed data

  • email address
  • telephone number
  • entries from the funnel form
  • technical data (e.g. IP address, browser type, time of access)

Legal basis: For processing your request and carrying out the live test: Art. 6(1)(b) GDPR (pre-contractual measures at your request).

For the transfer of your email address and telephone number to our CRM (Attio) and the subsequent contact for demo and sales purposes by email and/or telephone: your consent pursuant to Art. 6(1)(a) GDPR. Consent is voluntary and is not a condition for using the live test. You can withdraw your consent at any time with effect for the future; the lawfulness of the processing carried out up to the withdrawal remains unaffected.

Storage period: The data collected in the funnel is stored for the duration of processing your test or contact request and, where applicable, a subsequent business relationship; otherwise, the data is deleted as soon as the purpose no longer applies and no statutory retention obligations preclude this.

Transfer to third countries: Attio Ltd. is established in the United Kingdom. For data transfers to the United Kingdom, there is an adequacy decision of the EU Commission (Art. 45 GDPR). As a rule, no transfer to other third countries takes place.

Further information Perspective: https://www.perspective.co/privacy

Further information Attio: https://attio.com/legal/privacy-policy

3.4 Cloud services Aura chatbot

To provide the technical infrastructure and functions of our voice and chatbot “Aura”, we use various cloud providers. All service providers used are carefully selected and monitored; a data processing agreement (DPA) pursuant to Art. 28 GDPR is in place with each provider. Your data is only disclosed to the extent necessary for the respective function.

Purpose: Provision, operation and further development of the voice and chatbot “Aura”, in particular speech input and output, call handling, data storage, workflow automation, cloud infrastructure and AI-supported response generation.

Categories of recipients

  • providers of speech technology (speech-to-text and text-to-speech)
  • telephony providers for connection to the public telephone network (PSTN routing)
  • providers of database hosting
  • providers of workflow automation and PMS integrations
  • providers of cloud infrastructure
  • providers of AI routing platforms and the Large Language Model (LLM) providers connected through them

Processed data

  • audio and voice data and transcripts created from it
  • telephone number and connection data (e.g. date, time, duration of the call)
  • input prompts and responses generated by the system
  • content and contact data collected in the course of product use
  • technical connection and usage data (e.g. IP address, device information)

Legal basis: Art. 6(1)(b) GDPR (performance of pre-contractual measures or carrying out the live test) and Art. 6(1)(a) GDPR (consent), where such consent is obtained; additionally Art. 6(1)(f) GDPR (legitimate interest in a functional, secure and high-performance provision of the product).

Storage period: The data is stored only for as long as necessary to provide the respective service and is then deleted, unless statutory retention obligations preclude this.

Transfer to third countries: Data processing takes place primarily within the EU. Some of the recipient categories listed above are established outside the EU/EEA (including the USA and possibly other third countries). Where a transfer to third countries takes place, it is safeguarded on the basis of the EU-U.S. Data Privacy Framework (Art. 45 GDPR), by EU standard contractual clauses (Art. 46 GDPR) and, where applicable, supplementary technical and organisational measures.

On request, we will be happy to provide you with a specific list of the processors used. Please contact data.protection@auravoice.ai for this.

3.5 Analytics and Tracking

Cookies are small text files that are stored on your device by your browser. Cookies do not run programs and do not install malware. Comparable technologies include web storage (local/session storage), fingerprinting, tags and pixels. Most browsers accept these technologies by default; however, you can adjust your settings so that their use is blocked or consent is requested. If cookies or similar technologies are blocked, certain functions of the website may not be fully available.

Purpose: We use tracking and analytics tools to continuously optimise our website and tailor it to your requirements. For this purpose, information is collected using appropriate technologies or device information is combined (device fingerprinting).

Legal basis: We use technically necessary tools for the operation of the website on the basis of our legitimate interest pursuant to Art. 6(1)(f) GDPR or to perform a contract or pre-contractual measures pursuant to Art. 6(1)(b) GDPR. In these cases, the storage of, or access to, information on your device is strictly necessary and is governed by § 25(2) TDDDG. Optional tools are used exclusively with your consent pursuant to Art. 6(1)(a) GDPR in conjunction with § 25(1) TDDDG. The tracking and analytics tools used, their respective purpose and the data processed are described below.

Recipient: Plausible Analytics

Plausible Analytics

Purpose: Website analytics to improve the user experience and understand visitor behaviour without compromising privacy.

Recipient: Plausible Analytics OÜ, Västriku tn 2, 50403 Tartu, Estonia

Processed data

  • page views (e.g. URL, referrer)
  • visit duration (e.g. time on page, bounce rate)
  • device information (e.g. browser, operating system, screen size)
  • approximate location data (e.g. country, city based on IP address)

Legal basis: Legitimate interest pursuant to Art. 6(1)(f) GDPR (optimisation of the user experience and our web presence). Plausible processes data without cookies and without personal identifiers.

Storage period: The data is aggregated and stored for 24 months.

Transfer to third countries: No transfer to third countries; processing within the EU (Estonia).

Further information: https://plausible.io/data-policy

Cookie overview

NameProviderPurposeCategoryStorage period

No cookies are currently used on the website (as of 24.04.2026, source: Decareto scan).

3.6 YouTube (two-click solution)

Where applicable, we embed YouTube videos on our website. They are embedded in the so-called extended data protection mode (“youtube-nocookie”) and via a two-click solution: YouTube videos are only loaded after your active confirmation. Before this confirmation, no personal data is transmitted to YouTube. The connection to YouTube is only established by your click (consent).

Purpose: Embedding videos in our website and improving the user experience.

Recipients: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland and Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“YouTube”).

Processed data

  • IP address
  • date and time of the request
  • page visited on our website
  • browser type and operating system used
  • technical connection data (e.g. HTTP headers)
  • YouTube account information (if logged in)

Legal basis: Consent pursuant to Art. 6(1)(a) GDPR and § 25(1) TDDDG. Consent is given by actively clicking the preview image or the activation button (two-click solution). You can withdraw your consent at any time with effect for the future.

Storage period: In accordance with YouTube’s privacy policy.

Transfer to third countries: Data may be transmitted to the USA. Transfers are based on the EU-U.S. Data Privacy Framework (Art. 45 GDPR) and additionally on standard contractual clauses (SCCs) pursuant to Art. 46 GDPR.

Further information: https://www.youtube.com/howyoutubeworks/privacy/

3.7 Contact by email

Purpose: Processing and responding to your enquiry.

Processed data

  • name
  • email address
  • content of your message

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in communicating with you). Insofar as your enquiry is aimed at concluding or performing a contract, the processing is carried out on the basis of Art. 6(1)(b) GDPR.

Storage period: Your data is stored only for as long as is necessary to conclusively process your enquiry.

3.8 CRM, sales and lead management

Purpose: Managing and maintaining relationships with customers, prospects and other contractual or business partners (B2B), including lead management, qualification and prioritisation of leads, documentation of communication and contract histories, and the planning and management of sales activities.

Recipient: Attio Ltd., 86-90 Paul Street, London EC2A 4NE, United Kingdom

Processed data

  • surname and first name
  • business contact data (e.g. email address, telephone number, business address)
  • company-related data (e.g. company name, industry, function/position)
  • data on contractual matters and enquiries (e.g. interest in services, history of enquiries and transactions)
  • communication and interaction data (e.g. appointments, conversation notes, response to emails)

Legal basis: Performance of a contract and carrying out pre-contractual measures pursuant to Art. 6(1)(b) GDPR, insofar as we are in a (pre-)contractual relationship with you/your employer. In addition, legitimate interest pursuant to Art. 6(1)(f) GDPR in the efficient organisation of sales and business relationships and in targeted B2B communication. Insofar as we process personal data for direct marketing purposes, you can object to this processing at any time with effect for the future.

Insofar as we process personal data for direct marketing purposes (e.g. contact by email or telephone regarding product information, demos and offers), this is done – where legally required – on the basis of your consent pursuant to Art. 6(1)(a) GDPR (e.g. given via the “Try Aura live” funnel). You can withdraw consent given at any time with effect for the future. Irrespective of this, you can object to the processing of your data for direct marketing purposes at any time (Art. 21 GDPR).

Storage period: For the duration of the business relationship or as long as there is a legitimate interest in further storage; subsequent deletion or anonymisation, unless statutory retention periods preclude this.

Transfer to third countries: Attio Ltd. is established in the United Kingdom. For data transfers to the United Kingdom, there is an adequacy decision of the EU Commission (Art. 45 GDPR).

Further information: https://attio.com/legal/privacy-policy

4. International data transfers

Personal data is processed primarily within the EU/EEA. Transfers to so-called “third countries” take place exclusively in compliance with the requirements of the GDPR and where appropriate safeguards are in place. Before a transfer to a service provider in a third country, the level of data protection is assessed. A transfer only takes place if sufficient protective mechanisms exist. All service providers must conclude a data processing agreement. Additional measures are required for providers outside the EEA. Pursuant to Art. 44 et seq. GDPR, a transfer is permitted if at least one of the following conditions is met:

  • The European Commission has determined an adequate level of data protection.
  • Standard contractual clauses have been agreed with the recipient.
  • Other appropriate safeguards pursuant to Art. 46 GDPR exist.
  • In certain exceptional cases pursuant to Art. 49 GDPR.

5. Recipients of personal data

As a rule, the personal data we collect is only disclosed if

  • you have given us your explicit consent to do so pursuant to Art. 6(1)(a) GDPR,
  • the disclosure is necessary to protect our legitimate interests or to assert, exercise or defend legal claims and there is no reason to assume that your legitimate interests or fundamental rights and freedoms requiring the protection of personal data override them (Art. 6(1)(f) GDPR),
  • we are legally obliged to disclose it (Art. 6(1)(c) GDPR), or
  • this is legally permissible and necessary to perform a contract with you or to carry out pre-contractual measures at your request (Art. 6(1)(b) GDPR).

Possible recipients are

Processors

Group companies or external service providers (e.g. in the area of technical infrastructure and processing, maintenance, payment processing) that are carefully selected and monitored. Processors may process the data exclusively in accordance with our instructions.

Public authorities

Authorities and government institutions (e.g. tax authorities, public prosecutors, courts) to which we must transmit personal data, for example to comply with legal obligations or to protect legitimate interests.

6. Data security and protective measures

We use appropriate technical and organisational measures to ensure the security and confidentiality of your personal data. These measures serve to protect against unauthorised access, manipulation, loss or misuse. Our security precautions are reviewed regularly and adapted to the state of the art and current industry standards.

Please note that, despite extensive protective measures, data transmission over the internet can generally have security vulnerabilities. In particular, with unencrypted communication (e.g. standard email), there is a risk that data may be read by third parties. We have no influence over the conduct of external parties. We therefore recommend using encryption or other protective measures when electronically transmitting sensitive information in order to minimise potential risks.

7. Storage period and deletion/blocking of data

Personal data is deleted or blocked as soon as the purpose of storage no longer applies. Storage beyond this only takes place if it is required by Union law or national provisions to which the controller is subject. The data is also deleted or blocked as soon as a statutory retention period expires, unless further storage is necessary for the performance of a contractual relationship.

8. Data subject rights

You have the following rights with regard to your personal data

Right of access (Art. 15 GDPR, § 34 BDSG): You can request information about whether and which personal data we process, for what purpose, to which recipients or categories of recipients the data is transmitted and how long the data is stored.

Right to rectification (Art. 16 GDPR): You can request the immediate rectification of inaccurate personal data or the completion of incomplete personal data.

Right to erasure (Art. 17 GDPR): You can request the erasure of your personal data, in particular if it is no longer required, you withdraw your consent or the data has been processed unlawfully.

Right to restriction of processing (Art. 18 GDPR): You can request the restriction of the processing of your data, e.g. if the accuracy of the data is contested.

Right to data portability (Art. 20 GDPR): You have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used and machine-readable format or – where technically feasible – to request its transmission to another controller.

Right to withdraw consent (Art. 7(3) GDPR): You can withdraw consent given at any time with effect for the future. The lawfulness of the processing up to the withdrawal remains unaffected.

Right to object (Art. 21 GDPR): You can object to the processing of your personal data at any time on grounds relating to your particular situation, in particular in connection with direct marketing or associated profiling.

Right to lodge a complaint with a supervisory authority (Art. 77 GDPR): You have the right to lodge a complaint with a data protection supervisory authority if you believe that the processing of your personal data infringes data protection provisions.

Changes to this Privacy Policy

DateVersionReason for change
17.04.20261.0First version of the privacy policy for auravoice.ai