Back to AuroraDocs

Privacy Policy

Last updated: March 31, 2026

1. Data Controller

AuroraDocs is developed and operated by Henrik Øgård ("we", "us"). We are the data controller for personal data we collect about you.

Contact us:
Email: privacy@auroradocs.eu
Address: Henrik Øgård, Stavanger, Norway

2. Data We Collect

  • Account information: email address and display name you provide at registration.
  • Content you create: pages, notes, tasks, and other objects you store in AuroraDocs.
  • Usage data: login timestamps and last-active time — used only for security and debugging.
  • Local storage: we use localStorage and session storage exclusively for app functionality (preferences, cache). We use no third-party tracking cookies.

3. Purpose and Legal Basis

PurposeLegal basis
Provide and maintain the serviceContract (GDPR art. 6(1)(b))
Send email notifications (optional)Consent (GDPR art. 6(1)(a))
Security and abuse preventionLegitimate interest (GDPR art. 6(1)(f))
Comply with legal obligationsLegal obligation (GDPR art. 6(1)(c))

4. Storage and Retention

All data is stored on AuroraCloud infrastructure that we operate on Hetzner services in the EU (Helsinki, Finland). We retain account data for as long as your account is active. After account deletion, all personal data is removed within 30 days, except anonymised log data which may be retained for up to 90 days for security purposes.

5. End-to-End Encryption (E2EE)

Workspace owners can enable end-to-end encryption on a per-workspace basis. When E2EE is enabled:

  • All page content, titles, and properties are encrypted in the browser before leaving your device using AES-256-GCM.
  • Encryption keys are derived from a passphrase you choose and are never sent to the server.
  • We cannot read, decrypt, or recover your encrypted content. If you lose your passphrase, the data is unrecoverable.
  • When you invite members to an encrypted workspace, keys are securely shared via X25519 ECDH key exchange — the server never sees the plaintext key.

E2EE is optional. Workspaces without E2EE enabled store content in plaintext on the server, protected by access controls and server-side isolation rules.

6. Third-Party Processors

We do not share personal data with third parties, except:

  • Hetzner Online GmbH — server hosting (EU, Helsinki). Data stays on infrastructure we control.
  • Resend Inc. — email delivery, only when you have enabled email notifications.

We never sell personal data.

7. Your Rights

Under GDPR you have the right to:

  • Request access to the data we hold about you.
  • Request correction of inaccurate data.
  • Request deletion ("right to be forgotten") — available directly in Settings → Account.
  • Withdraw consent (e.g. email notifications) at any time.
  • Lodge a complaint with your local data protection authority.

8. Data Processing Agreement (DPA)

Business customers who process personal data through AuroraDocs may request a data processing agreement by contacting us at privacy@auroradocs.eu.

9. Cookies and Local Storage

AuroraDocs uses no third-party tracking cookies. We use the browser's localStorage to store user preferences and application cache locally on your device. This data never leaves your device unless you explicitly sync it to the cloud.

10. Changes to This Policy

We will notify you by email of material changes. Minor updates will be published on this page with an updated date.

Terms of Service AuroraDocs privacy@auroradocs.eu