Privacy Policy

Documentation Index

Fetch the complete documentation index at: https://docs.auora.gg/llms.txt

Use this file to discover all available pages before exploring further.

Last updated: April 2026 This Privacy Policy describes how Auora (“we”, “us”, or “the Interface”) handles information in connection with the Auora website, application, and related services. It does not cover the Polygon blockchain itself, which is a public ledger operated by no one and visible to everyone.

​

1. What we do not collect

By design, we do not collect:

• Your name — there are no name fields anywhere in the Interface.
• Email address — unless you voluntarily provide one (e.g. to contact support or subscribe to updates).
• Phone number — never.
• Government ID, passport, or KYC documents — we do not run a KYC funnel.
• Private keys or seed phrases — under no circumstances, ever. We cannot see them, we cannot request them, and any claimed “support agent” asking for them is an impostor.
• Precise location — we do not track GPS or fine-grained location.
• Behavioral profiles sold to advertisers — we do not sell data, period.

​

2. What we do collect

​

a. Public on-chain data

Your wallet address and any transactions you make with the Auora smart contracts are recorded on the Polygon blockchain. This data is public and permanent. It is not “collected” by us — it is recorded by the blockchain itself, visible to anyone, and we cannot delete it. We operate a backend indexer that reads this public data so the Interface can show you things like leaderboards, round history, and referral stats. The indexer stores wallet addresses, transaction hashes, round outcomes, and referral relationships in a database we control.

​

b. Wallet session data

When you connect a wallet via Privy or RainbowKit, those providers handle the connection and authentication flow. We receive your wallet address and a session token. If you authenticate using Sign-In With Ethereum (SIWE), we receive a signed message proving you control the address. We do not receive your private keys. These third parties have their own privacy policies which apply to their portion of the flow.

​

c. Analytics

We use aggregate analytics to understand how the Interface is used — which pages are visited, roughly where visitors come from geographically (country-level, not precise), and which features are used. Analytics assign a pseudonymous client ID; we do not link this ID to your wallet address. If you prefer to opt out, use a browser with tracking protection (Firefox, Brave, Safari) or a privacy extension like uBlock Origin.

​

d. Server logs

Our backend servers keep standard web logs: IP address, request path, timestamp, user-agent string, and HTTP status code. These are used to detect abuse, debug issues, and maintain security. Logs are retained for a short rolling window (30 days maximum) and then deleted.

​

e. Voluntary contact

If you email support, report a bug, or otherwise reach out, we will receive whatever you send us (typically an email address and the content of your message). We use this only to respond to you.

​

3. Cookies

We use a minimal set of cookies: We do not use cookies for cross-site advertising tracking.

​

4. How we use the data

We use the data described above to:

• Operate and maintain the Interface.
• Display leaderboards, round history, and referral stats.
• Detect and prevent abuse, fraud, or sanctions-list activity.
• Understand aggregate usage patterns so we can improve the product.
• Respond to support requests.
• Comply with legal obligations if compelled by a valid legal process.

We do not use your data to:

• Build advertising profiles.
• Sell or rent to data brokers.
• Train machine-learning models.
• Serve targeted ads.

​

5. Who we share data with

We share data only with the following categories of recipients:

• Service providers who help operate the Interface (e.g. hosting, database, wallet-auth providers like Privy, analytics). These providers are contractually bound to use the data only for our purposes.
• Blockchain networks, because every on-chain action is by definition public. This is not a choice — it’s how blockchains work.
• Legal authorities, if we receive a valid subpoena, court order, or other legally binding request. We will challenge overbroad requests where we believe we have grounds.
• Successors in the event of a merger, acquisition, or asset sale, subject to the same obligations as this policy.

We do not sell personal data. We do not share data with advertisers for targeting purposes.

​

6. Your rights

Because we collect so little, your rights are unusually simple:

• Stop using the Interface. Disconnect your wallet. That’s it. There is no account to delete because there is no account.
• Request deletion of off-chain data. You can email support@auora.gg and ask us to delete any off-chain data we hold linked to your wallet address (indexer rows, support correspondence). We will honor reasonable requests. We cannot delete on-chain data because we do not control the blockchain.
• Request a copy of your data. Same email. We will send you whatever we have.
• Opt out of analytics. See Section 2(c).

If you are located in the EU, UK, or California, you may have additional rights under GDPR, UK-GDPR, or CCPA/CPRA respectively — including the rights to access, correct, delete, restrict, and port your personal data, and to object to processing. To exercise these rights, email us. We do not discriminate against users who exercise privacy rights.

​

7. Data retention

• On-chain data: permanent, controlled by the blockchain, not by us.
• Indexer database: retained for as long as the Interface operates, unless you request deletion of your row.
• Server logs: ≤30 days rolling.
• Support correspondence: up to 2 years, then deleted.
• Analytics: aggregated and retained for no longer than our analytics provider’s shortest available window.

​

8. Security

We use standard security practices: HTTPS everywhere, encrypted database connections, secrets stored outside the repository in environment variables, server-side rate limiting, and monitoring for abuse. Despite this, no system is perfectly secure, and you use the Interface at your own risk. If we discover a security incident that affects your personal data, we will notify you promptly where we can reach you and where required by law.

​

9. Children

The Interface is not directed at anyone under 18 years old (or the age of majority in your jurisdiction, whichever is higher). We do not knowingly collect data from minors. If you believe a minor has provided us with personal data, email us and we will delete it.

​

10. International transfers

Our infrastructure may be located in countries outside your own. By using the Interface, you consent to your data being processed in those countries, which may have different data-protection laws than your home country. Where required by law, we put in place appropriate safeguards for international transfers.

​

11. Third-party links

The Interface contains links to third-party sites and services (Polygonscan, Pyth Network, wallet providers, etc.). We are not responsible for the privacy practices of those sites. Check their policies before using them.

​

12. Changes to this policy

We may update this Privacy Policy from time to time. The “Last updated” date at the top reflects the most recent revision. Material changes will be announced via the Interface or our community channels.

​

13. Contact

For privacy questions, data requests, or anything else privacy-related: support@auora.gg

---

Auora is beta software. This Privacy Policy is written in plain language by the project team and will be revised by qualified counsel before any uncapped mainnet launch. If anything in it conflicts with applicable privacy law in your jurisdiction, applicable law wins.