PRIVACY POLICY · GDPR

Privacy policy.

This document describes who processes personal data in connection with the use of the aurora-ai.pl website, to what extent, on what legal basis, and what rights the data subjects have. The content is consistent with the GDPR (Regulation (EU) 2016/679 of the European Parliament and of the Council).

Effective date:
28 May 2026
Last updated:
28 May 2026

CONTROLLER

Who is responsible for your data.

The controller of the personal data processed in connection with the aurora-ai.pl website is:

  • Aurora Adam Wszendybył
  • Tax ID (NIP): PL 5732606147
  • Address: Himalajska 17/2, 50-572 Wrocław
  • Data protection contact: [email protected]

For all matters concerning the processing of personal data — including the exercise of the rights described below — you can contact the controller at the email address above.

Write to the controller →

WHAT AND WHY

What data we collect and for what purpose.

The aurora-ai.pl website processes personal data for two narrowly defined purposes — and only to the extent needed to fulfil each of them.

Email contact initiated by the user

Scope of data:
the sender’s email address, and data provided voluntarily in the body of the message (e.g. first and last name, company name, job title, the content of the enquiry).
Source of data:
a message sent directly by the user after using a mailto: link on the website (the “Describe your case” buttons and similar).
Purpose:
replying to enquiries, conducting correspondence, and — where there is interest — a commercial conversation and steps preceding a possible contract.
Legal basis:
Article 6(1)(b) GDPR — processing necessary in order to take steps at the request of the data subject prior to entering into a contract.
Voluntary nature:
providing the data is voluntary but necessary in order to receive a reply.

Website analytics (Cloudflare Web Analytics, cookieless)

Scope of data:
aggregated, anonymous traffic metrics (number of visits, approximate country-level location, device type, referral source, time spent on the site). Cloudflare Web Analytics runs in cookieless mode — without storing cookies and without tracking identifiers.
Purpose:
understanding how the website is used, and improving its content and performance.
Legal basis:
Article 6(1)(f) GDPR — the controller’s legitimate interest in conducting aggregated, anonymous traffic analysis.
Identification of a person:
the analytics data is aggregated and is not used to identify individual users; the controller does not combine it with contact data.

COOKIES

The website does not use tracking cookies.

Aurora AI deliberately chose cookieless analytics (Cloudflare Web Analytics in cookieless mode) so as not to burden users with a consent banner and not to pass identifying data to analytics tools. The website does not use marketing, profiling or analytics cookies — and no cookie banner is shown, because there is nothing to ask consent for. The hosting server may, in exceptional cases, use technical cookies solely to the extent necessary for the website to function correctly; these are not used for analysis or profiling.

RECIPIENTS

Who the data may be entrusted to.

Part of the processing is carried out with the involvement of external service providers. In each case the controller seeks to minimize the scope of data transferred and bases the cooperation on appropriate legal safeguards.

  • Cloudflare, Inc. (USA)provider of traffic analytics (Cloudflare Web Analytics) and CDN/security infrastructure. The analytics data is aggregated and anonymous; the transfer to a third country (the USA) takes place on the basis of standard contractual clauses (SCCs) and appropriate safeguards consistent with the GDPR.
  • Google LLC (USA)provider of the Gmail mailbox used to conduct correspondence with the controller. The transfer outside the EEA takes place on the basis of standard contractual clauses (SCCs) and the Data Privacy Framework mechanism.
  • GitHub, Inc. (USA)provider of the platform hosting the website’s source code. The personal data of website users is not processed in GitHub; the entity is listed for full transparency of the supplier chain.

Data may also be disclosed to entities entitled to obtain it under applicable law (e.g. to state authorities in the course of proceedings).

INTERNATIONAL TRANSFERS

What happens to data outside the European Economic Area.

Some of the providers listed above (Cloudflare, Google, GitHub) are based in the United States. The transfer of data outside the EEA takes place on the basis of the appropriate safeguards set out in Article 46 GDPR — in particular the standard contractual clauses adopted by the European Commission and, where applicable, adequacy decisions (e.g. the Data Privacy Framework for the USA). The controller applies the principle of minimizing the data transferred outside the EEA.

RETENTION

How long data is stored.

  • Email correspondence: for the time necessary to conduct the conversation and any performance of a contract, and then for the limitation period for claims arising under the law (as a rule up to 6 years, in accordance with the Civil Code, or shorter where specific provisions state otherwise).
  • Analytics data: in accordance with the policy of the provider Cloudflare Web Analytics — aggregated, non-identifying data stored for the period necessary to conduct traffic analysis. The controller does not store raw analytics logs outside the provider’s panel.

After the above periods have elapsed, the data is deleted or anonymized.

YOUR RIGHTS

What you can exercise.

In connection with the processing of personal data by Aurora AI, you have the following rights under the GDPR:

  • Right of access to your data (Article 15 GDPR) — to obtain information about what data is processed and for what purpose.
  • Right to rectification of data (Article 16 GDPR) — to correct inaccurate data or complete incomplete data.
  • Right to erasure of data, the so-called “right to be forgotten” (Article 17 GDPR).
  • Right to restriction of processing (Article 18 GDPR).
  • Right to object to processing based on the controller’s legitimate interest (Article 21 GDPR) — this concerns traffic analytics in particular.
  • Right to data portability (Article 20 GDPR) — to the extent that the data is processed on the basis of consent or a contract and in an automated manner.
  • Right to lodge a complaint with a supervisory authority — in Poland: the President of the Personal Data Protection Office (PUODO), ul. Stawki 2, 00-193 Warsaw.

To exercise any of the above rights, simply write to [email protected]. The controller responds to requests without undue delay, and no later than within one month of receiving them.

NO PROFILING

Algorithms do not make decisions here.

Aurora AI does not make decisions about website users based solely on automated processing, including profiling, that would produce legal effects or similarly significantly affect a person. Traffic analytics is aggregated and non-identifying — it is not used to profile individual users.

SECURITY

What we do to keep data protected.

The controller applies technical and organizational measures appropriate to the risk — in particular encryption of connections (HTTPS/TLS), restriction of mailbox access to the controller, use of trusted infrastructure providers (Cloudflare, Google, OVH) and minimization of the scope of data collected. In the event of a personal-data breach that could result in a high risk to the rights or freedoms of individuals, the controller will notify PUODO and the data subjects in accordance with Articles 33–34 GDPR.

CHANGES

What happens if this policy changes.

The policy may be updated — for example when the range of providers changes, when we add new contact methods, or when the law changes. Each change is published on this page together with the date of the last update in the document’s header. Earlier versions are not archived publicly; if needed, a copy of the previous wording can be provided on request addressed to the controller. This English version is provided for convenience only; the Polish version of the privacy policy is the legally binding one.

CONTACT

Questions about privacy.

For all matters related to personal-data protection — from the exercise of rights, through clarifications, to reporting breaches — please get in touch:

  • Email: [email protected]
  • Postal address: Aurora Adam Wszendybył, Himalajska 17/2, 50-572 Wrocław

Write to the controller →