Privacy Policy
Last updated: June 2026
What we collect
Aurora Cloud Business Manager (the "Service"), operated by Aurora Cloud LLC, collects only the data needed to run your business inside the app:
- Account data: your email, name, and the tenant (business) you belong to, provided when you sign up via AWS Cognito.
- Business data: the customers, jobs, estimates, invoices, payments, and photos that you enter into the Service.
- Billing data: handled by Stripe. We store a Stripe customer reference; we do not store your card number.
- Usage logs: standard server logs (IP, user agent, request paths) retained in CloudWatch for up to 30 days for security and debugging.
How we use it
We use your data only to operate the Service for you: rendering your dashboards, sending the emails you ask us to send (invoice delivery, booking confirmations), processing your subscription payment, and providing customer support when you request it. We do not sell your data, we do not use it to train AI models, and we do not share it with advertisers.
Multi-tenant isolation
The Service uses Postgres row-level security (RLS) so every query is filtered to your tenant. A bug in one tenant's interface cannot return another tenant's data — the database itself refuses the read.
Sub-processors
- Amazon Web Services — hosts the application, database, and file storage (us-east-1 region).
- Stripe — processes subscription payments and holds card data on our behalf.
- Resend — delivers transactional emails (invoice/estimate sends, booking confirmations).
We do not use analytics or advertising trackers on the Service.
Cookies
We use a single session cookie (acbm_id) to keep you signed in. We don't use third-party tracking cookies.
Your rights
You can request a copy of your data, request correction or deletion, or close your account at any time by emailing the address below. We respond within 30 days. After account deletion, we delete your data within 30 days.
Depending on where you live, you may have additional rights under laws such as the California Consumer Privacy Act (CCPA) or the GDPR — for example, to know what we hold, to delete it, and to opt out of any sale of personal information. We never sell personal information. Email us at the address below to exercise any of these rights.
Email from your customers
When a customer submits your public booking page, their name, email, phone, address, and message become part of your customer record. You — not Aurora Cloud — are the controller of that data and are responsible for its handling under the privacy laws that apply to your jurisdiction.
Security
Data is encrypted in transit (TLS) and at rest (AWS RDS encryption, S3 SSE-S3). Access to production systems is limited to authorized personnel via AWS IAM Identity Center. We follow defense-in-depth practices (RLS, per-route security headers, signed Stripe webhooks) documented in our public architecture & security notes.
Contact
Aurora Cloud LLC. Privacy questions: privacy@auroracloudllc.com.
See also our Terms of Service.