1. Information We Collect

We collect information that you provide directly to us, including:

• Account information (name, email address, organization details)
• Microsoft 365 authentication credentials and access tokens
• Compliance and reporting data from your Microsoft 365 environment
• Usage data and analytics about how you interact with our platform

2. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve our compliance reporting services
• Generate compliance reports and analytics for your organization
• Communicate with you about service updates, security alerts, and support matters
• Detect, prevent, and address technical issues and security threats
• Comply with legal obligations and enforce our terms of service

3. Data Storage and Security

Aura is a self-hosted solution. All data remains within the customer's Azure environment. The provider has no access to reports or tenant data.

We implement appropriate technical and organizational measures to protect your information against unauthorized access, alteration, disclosure, or destruction. Your data is encrypted in transit and at rest using industry-standard protocols.

4. Data Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share your information only:

• With your consent or at your direction
• With service providers who assist us in operating our platform
• To comply with legal obligations or respond to lawful requests
• To protect our rights, property, or safety, or that of our users

5. Microsoft 365 Integration

Our platform integrates with Microsoft 365 services using official Microsoft APIs. We access only the data necessary to provide our compliance reporting services. Your Microsoft 365 credentials are never stored by our platform; we use secure OAuth 2.0 authentication.

6. Data Retention

We retain your information for as long as your account is active or as needed to provide you services. You may request deletion of your data at any time, subject to our legal obligations to retain certain information.

7. Your Rights and Choices

Depending on your location, you may have certain rights regarding your personal information, including:

• The right to access and receive a copy of your personal information
• The right to correct inaccurate or incomplete information
• The right to delete your personal information
• The right to restrict or object to our processing of your information
• The right to data portability

8. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience, analyze usage patterns, and improve our services. You can control cookies through your browser settings.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place to protect your information in accordance with this Privacy Policy.

10. Children's Privacy

Our services are not directed to individuals under the age of 16. We do not knowingly collect personal information from children.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last Updated" date.

12. Contact Us

If you have any questions about this Privacy Policy or our privacy practices, please contact us through the official AURA Compliance support channels.