Last updated: April 16, 2026
AuroraDocs is developed and operated by Henrik Øgård ("we", "us"). We are the data controller for personal data we collect about you.
Contact us:
Email: contact@auroradocs.eu
Address: Henrik Øgård, Stavanger, Norway
localStorage, sessionStorage, and IndexedDB exclusively for app functionality (preferences, offline cache, short-lived handoff state). We use no third-party tracking cookies.| Purpose | Legal basis |
|---|---|
| Provide and maintain the service | Contract (GDPR art. 6(1)(b)) |
| Send email notifications (optional) | Consent (GDPR art. 6(1)(a)) |
| Security and abuse prevention | Legitimate interest (GDPR art. 6(1)(f)) |
| Comply with legal obligations | Legal obligation (GDPR art. 6(1)(c)) |
Cloud-synced data is stored on AuroraCloud infrastructure that we operate ourselves. Our current server is located in Helsinki, Finland (EU). We plan to migrate to a Norwegian data centre later in 2026 — we will notify users when that move takes place. We retain account data for as long as your account is active. After account deletion, all personal data is removed within 30 days, except anonymised log data which may be retained for up to 90 days for security purposes.
If paid plans are enabled later, billing and invoice records follow the billing retention policy and applicable legal obligations rather than the standard account deletion window.
AuroraDocs supports end-to-end encryption (E2EE) for the main object content body, object titles, property values, comments, workspace chat messages, and uploaded file/image bytes. When E2EE is active, that data is encrypted client-side using keys derived from your login password before it reaches our servers. Save your recovery phrase — we cannot recover your data without it.
Current scope note: E2EE still does not yet cover all structural metadata. Object type, parent/child relationships, some workspace-level settings, and other server-visible sync metadata may still be readable by the server and are used to power sidebar labels, graph structure, sharing, and similar features.
This means the current implementation should be understood as broad content-and-attachment encryption, not full-workspace encryption.
We do not share personal data with third parties, except:
We never sell personal data.
Under GDPR you have the right to:
Business customers who process personal data through AuroraDocs may request a data processing agreement by contacting us at contact@auroradocs.eu.
We keep a current subprocessor register for business customers. The active processors are Hetzner for cloud infrastructure and object storage, and Resend for transactional email when email notifications are enabled. Business customers can request the latest subprocessor list and a DPA copy by emailing contact@auroradocs.eu.
AuroraDocs uses no third-party tracking cookies. We use the browser's localStorage, sessionStorage, and IndexedDB to store user preferences, offline content cache, folder sync handles, and short-lived handoff state locally on your device. This notice is informational only. This data never leaves your device unless you explicitly enable cloud sync.
We will notify you by email of material changes. Minor updates will be published on this page with an updated date.