Aura Hr logo Aura Hr

Privacy Policy

How we protect and use your personal data

Effective Date: May 25, 2025 | Last Updated: May 25, 2025

Who We Are

Aura HR is a product of Aurelium Ltd, providing AI-powered HR support tools to enterprise clients and their employees. We are committed to protecting your privacy and ensuring transparency around how we use your personal data.

Data Processing Roles

Aura HR acts as a data processor on behalf of our client organizations, who are the data controllers. This means:

  • Your employer determines what data is collected and how it's used
  • Aura HR processes this data according to your employer's instructions
  • Your employer remains responsible for responding to your privacy rights requests
  • We support your employer in fulfilling their GDPR obligations

For employees: Contact your HR department for data-related requests.
For client administrators: Contact ask@aurelium.tech for technical assistance.

What Data We Collect

We may collect and process the following types of personal data:

Category Examples
Account Data Name, email address, job title, language preference
Chat Interactions Questions submitted via chatbot
Document Content Data from uploaded HR policies
Usage Analytics Timestamps, feature usage, clickstream
Support Correspondence Email or platform-based messages

We do not collect sensitive data unless explicitly provided by the client.

How and Why We Use Your Data

Purpose Legal Basis
Provide and improve our AI assistant Performance of a contract
Personalize responses via AI/LLM Legitimate interest / contract
Support and service operations Legitimate interest
Usage analysis and performance monitoring Legitimate interest
Legal compliance Legal obligation

Use of Large Language Models (LLMs)

To provide relevant and contextual HR-related assistance, Aura HR uses self-hosted enterprise-grade large language models (LLMs) within our secure cloud infrastructure. These models help power chatbot responses to user queries within your organization.

In some cases, we may include limited personal data in the form of:

  • Your name
  • Your role or department
  • The context of your query (e.g., "What's the leave policy for engineers?")

This data is used solely to generate a more accurate and personalized response.

Safeguards:

  • No model training: Your data is never used to train AI models
  • No retention: Queries are processed statelessly — data is not stored beyond the processing cycle
  • Infrastructure controls: LLM processing occurs within our controlled EU-based cloud infrastructure
  • Minimal data sent: We only process the minimum data necessary to generate a useful response

Document Processing

When HR documents are uploaded to Aura HR, they are:

  • Divided into smaller chunks within EU infrastructure
  • Processed through our self-hosted LLM infrastructure for vectorization and entity extraction
  • Processed statelessly with no data retention beyond the processing cycle
  • Stored as vector embeddings (Pinecone, EU) and derived knowledge structures (Neo4j, EU)
  • The original document files are permanently deleted after processing

Data Sharing & Subprocessors

We may share data with trusted subprocessors under strict contractual and technical safeguards:

Vendor Purpose Location
AWS Hosting & infrastructure EU (multiple regions)
Pinecone Vector database EU (AWS eu-west-1)
Neo4j Graph database for relationship mapping European Union (AuraDB EU instances)

A full list is available upon request.

Data Retention

We retain data only as long as necessary to fulfill the purposes above or as legally required:

Data Type Retention Period
Account Data Until deletion by user/admin
Uploaded documents (original files) Deleted immediately after processing
Vector embeddings (Pinecone) Duration of client contract
Graph data - entities & relationships (Neo4j) Duration of client contract
Interaction Logs 12 months
Access & audit logs 12 months

You may request deletion at any time.

Your Rights

You have the right to:

  • Access your data
  • Request correction or deletion
  • Object to processing
  • Request data export (portability)
  • Withdraw consent (where applicable)

Note: If you are an employee of an organization using Aura HR, your employer acts as the data controller. To exercise your rights, please contact your HR department or data protection officer first. They can use Aura's platform tools or contact us on your behalf.

If you are a client administrator, you can manage user rights directly through the platform or contact us at ask@aurelium.tech

Security Measures

We use:

  • Encryption (at rest and in transit)
  • Role-based access control and 2FA
  • Logging and monitoring
  • Regular testing and resilience planning

Cookies & Analytics

Our platform uses essential cookies for:

  • User authentication and session management
  • Basic functionality and security

We do not use advertising, tracking, or profiling cookies. You can manage cookie preferences in your browser settings, though disabling essential cookies may affect platform functionality.

Changes to This Policy

We may update this policy periodically. Material changes will be communicated at the next login or via email.

Contact

For questions or concerns, contact:
Email: ask@aurelium.tech

Download: Full Privacy Policy (PDF)

Questions About Privacy?

We're committed to transparency and protecting your data.

Contact Us