Aurea.gg — Privacy Policy

Effective date: October 29, 2025
Last updated: October 29, 2025

Welcome to aurea.gg (“we”, “us”, “our”). We value your privacy and are committed to protecting your personal information. This Privacy Policy explains how we collect, use, disclose, and protect information about you when you use aurea.gg (the “Service”), a social network for gamers. It also describes your rights and choices.

This policy follows best-practice structures and is tailored to Aurea’s product: cross-platform gaming telemetry ingestion, automatic session detection, highlights and AI-assisted insights generation, and a verified social feed of gaming activities.

1. Who we are & how to contact us

Data Protection Officer (EEA/UK): privacy@aurea.gg.
Privacy email: privacy@aurea.gg
Support email: support@aurea.gg
EU Supervisory Authority: You may lodge a complaint with the AEPD (Spain) or your local authority.

If you reside outside the EEA/UK, Aurea Labs, S.L. remains responsible for your information and can be reached at the contacts above.

2. Our Service in brief

Aurea is the “Strava for gamers”: we unify gamer identity across platforms (e.g., Steam, Riot Games, Battle.net, PlayStation, Xbox, Epic Games, Discord, Twitch) to automatically detect sessions, generate highlights and AI-assisted insights, and publish a social feed of verified gaming activities and stats.

3. Scope

This policy applies to all users of the Service, visitors to our sites, beta programs, creator/partner initiatives, and business contacts (e.g., publishers, studios, esports organizations) who interact with us. It does not apply to third-party sites or services that we do not control—even if they’re accessible via the Service.

4. Information we collect

We collect information in three primary ways: (A) you provide it to us; (B) we receive it from third parties you connect; and (C) we collect it automatically when you use the Service.

A. Information you provide

a. Account information

  • Email address
  • Username and password (stored as a hashed value)
  • Profile information (avatar, bio, linked accounts, country/region, language, privacy settings)

b. Content you create

  • Posts, comments, captions, reactions, messages
  • Highlights/clips and media you upload
  • Metadata you attach (tags, game titles)

c. Support & communications

  • Emails, tickets, beta feedback, surveys, bug reports

d. Payment information

If you make purchases through aurea.gg, we process billing name, email, VAT/tax data, subscription tier, and transaction records. Payment processing is handled by third-party providers (e.g., Stripe, PayPal). We do not store full payment card numbers; we may retain transaction IDs/confirmation data for record-keeping and fraud prevention.

B. Information from platforms you connect (by your choice)

When you connect third-party accounts (e.g., Riot Games, Battle.net, Steam, Epic Games, PlayStation, Xbox, Discord, Twitch), you authorize us to receive:

  • Player identifiers and tags (e.g., SteamID, Riot PUUID, Battle.net tag, PSN/Xbox gamertags, Epic ID, Discord/Twitch IDs) and linkage metadata (OAuth scopes, refresh tokens stored securely)
  • Game statistics and match data (titles/versions, match IDs, mode/queue/region, teams/opponents, in-match events such as kills, deaths, assists, K/D/A, score, objectives, map/level, FPS/ping summaries)
  • Public profile information from those platforms (avatar, display name, friends list where authorized)
  • Achievements or rankings where available
  • Files you upload (e.g., CS2 demo files) to extract lawful telemetry

We use tokens solely to retrieve data to provide the Service. We do not share raw access tokens with other users or customers.

C. Information collected automatically

a. Usage and analytics data

  • Pages/screens visited, time spent, clicks/taps, feature usage, video playback events, settings changes
  • Device information (browser/OS, app version, IP address, coarse location from IP), latency/network type
  • Referral links and clickstream data (UTM)

b. Cookies and tracking technologies

We use cookies, pixels, SDKs, and similar technologies to:

  • Enable core site/app functionality and authentication
  • Remember your preferences
  • Measure traffic, performance, and engagement
  • Support advertising/attribution and analytics (where enabled)

You can manage cookie preferences in your browser/app settings and via our Cookie Preferences controls; see our Cookie Policy.

5. How we use your information (purposes & legal bases)

We use your data to:

  • Operate and improve the Service (create/manage accounts; link platforms; ingest activity; generate highlights/insights; display feeds; search and discovery)
  • Personalize your experience (tailored insights, suggested friends/squads, content ranking)
  • Provide social and gaming features (leaderboards, friends/following, chat/messaging)
  • Process payments and subscriptions (billing, tax, fraud prevention)
  • Analyze usage to improve performance and security (A/B tests, diagnostics)
  • Detect and prevent fraud, cheating, or Terms violations
  • Communicate with you (account updates, support, newsletters/marketing with consent where required)

EEA/UK legal bases (GDPR):

  • Consent: when you link accounts, accept non-essential cookies/SDKs, or opt into marketing
  • Contractual necessity: to provide and maintain your aurea.gg account and core features
  • Legitimate interests: analytics, service improvement, security, de-identified industry insights
  • Legal obligation: when required by applicable law

6. De-identified/aggregated insights and licensing program

We may create de-identified and aggregated datasets and insights derived from your use of the Service (e.g., game trends, session durations, map distributions, engagement patterns). We may license or sell these de-identified/aggregated outputs to third parties (e.g., publishers, studios, esports orgs, brands, research firms) for analytics, industry reporting, or to help improve game experiences, without using information that directly identifies you.

  • We do not sell your personal information.
  • Safeguards: removal of direct identifiers; minimum aggregation thresholds; randomization/noise where appropriate; contractual prohibitions on re-identification; internal access controls.

U.S. state laws (e.g., California): If certain analytics/ads are deemed a “sale”/“sharing,” you can opt out via “Do Not Sell/Share” in our Cookie banner; we honor Global Privacy Control (GPC) signals.
EEA/UK: You may object to processing based on legitimate interests at any time.

7. Sharing and disclosure

We may share data with:

  • Service Providers: hosting and cloud (e.g., Vercel, Cloudflare, Railway, AWS/GCP/Azure as applicable), databases (Postgres/Neon, Prisma ORM), analytics/diagnostics (PostHog, Google Analytics), messaging/notifications (Knock), payments (Stripe/PayPal), email/SMS providers—bound by DPAs and acting under our instructions.
  • Gaming Platforms you link: to retrieve your data and, where you choose, to share back highlights or activities; governed by each platform’s terms.
  • Advertising and analytics partners: to understand usage and measure performance (subject to your consent and preferences).
  • Legal authorities: where required to comply with law or protect rights, safety, and security.
  • Corporate transactions: in the context of mergers, acquisitions, financing, or reorganization with appropriate safeguards.
  • With your direction or consent: when you enable a third-party integration.

We do not provide third parties with raw platform access tokens.

8. International data transfers

Your information may be processed and stored on servers located outside your country of residence. Where required, we use Standard Contractual Clauses (SCCs) and the UK Addendum/IDTA, assess local laws, and implement supplementary measures (encryption, access controls, minimization).

9. Your privacy controls

  • Activity visibility: set default visibility to Everyone / Followers / Only Me; override per activity.
  • Profile visibility: choose what fields are public or follower-only; hide sensitive stats.
  • Discovery and contactability: control who can find or follow you and who can message you.
  • Linked platforms: connect/disconnect; revoke authorizations; manage cross-posting.
  • Personalization: toggle certain personalized features.
  • Cookie Preferences: consent/opt-out of non-essential cookies/SDKs; we honor GPC.
  • Export & deletion: request a copy of your data and/or delete your activities or entire account.

10. Your rights

Depending on your location, you may have the right to access, obtain a copy, correct, delete, withdraw consent, object or restrict processing, and data portability.

  • EEA/UK: rights under GDPR; contact privacy@aurea.gg.
  • U.S. (e.g., California): right to know, delete, correct, opt out of sale/share (cross-context behavioral advertising), and limit sensitive data use.

To exercise rights, use the in-app Privacy Center or email support@aurea.gg or privacy@aurea.gg. We will verify your request as required by law.

11. Cookies and tracking technologies

We use cookies, pixels, SDKs, and similar technologies to operate the Service, remember preferences, measure performance, and—in some regions—support advertising/attribution and analytics. Manage preferences through your browser/app settings and our Cookie Preferences. Details are provided in our Cookie Policy.

12. Legal bases for processing (EEA/UK)

We rely on Contract, Legitimate interests, Consent, and Legal obligation. Where we rely on legitimate interests, we balance our interests (e.g., product reliability, safety, de-identified analytics) against your rights and expectations and implement controls (privacy settings, opt-outs, and aggregation).

13. Data retention

We retain your data for as long as your account is active or as needed to provide the Service, comply with legal obligations, or resolve disputes. Typical periods include:

  • Account/profile: life of account + up to 24 months post-deletion (fraud prevention, legal claims)
  • Activities/highlights: until you delete them or your account; backups roll off per schedule
  • Logs/diagnostics: 12–24 months
  • Payment records: 6–10 years (tax/accounting laws)
  • Aggregated/de-identified analytics: retained without a set limit

You may request account deletion at any time (see Section 10).

14. Security

We employ administrative, technical, and physical safeguards appropriate to the risk, including encryption in transit, key management, least-privilege access, MFA for internal admin, audit logging, code reviews, and vendor due diligence. No method is 100% secure; protect your credentials and report suspected incidents promptly.

15. Children’s privacy

aurea.gg is not intended for children under 13 (or the age required by local law). In the EEA, the minimum age is 16 unless local law requires a higher age. We do not knowingly collect personal data from minors. If we learn we have done so, we will delete it promptly. Parents/guardians may contact privacy@aurea.gg.

16. Third-party services and links

Integrations, links, and embedded content are governed by those third parties’ privacy policies. Your use of connected platforms remains subject to their terms. Where you authorize sharing back to a third party, that third party may process information as a separate controller.

17. Changes to this policy

We may update this policy from time to time. We will post the updated version and update the “Last updated” date. If changes materially affect your rights, we will provide additional notice (e.g., email or in-app) and, where required, seek your consent.

18. Regional disclosures

EEA/UK

  • DPO: privacy@aurea.gg
  • Transfers: SCCs/UK Addendum; supplementary measures
  • Rights: access, rectification, erasure, restriction, portability, objection; lodge complaints with AEPD or your local authority

United States (including California)

  • Notice at collection: We collect the categories in Section 4 for the purposes in Section 5 and disclose as in Section 7.
  • Sale/share: We do not sell personal information for monetary value. Certain analytics/ads may be deemed a “sale”/“share”; opt out via Do Not Sell/Share in our banner or GPC.
  • Sensitive information: we do not use sensitive categories (e.g., precise geolocation) for additional purposes without required notices/consents.
  • Appeals: you may appeal decisions on your privacy requests via privacy@aurea.gg.

Brazil (LGPD)

  • Legal bases: performance of contract, legitimate interests, consent, legal obligations.
  • Rights: confirmation, access, correction, anonymization, portability, deletion, and information about sharing.
  • Contact: privacy@aurea.gg

Appendix A — Examples of data elements

  • Telemetry: match IDs; queue/mode; map; K/D/A; objectives; damage; assists; FPS/ping summaries; session length; presence status transitions.
  • Insights: trend lines (aiming accuracy, win rate, map performance), session intensity, suggested drills (non-medical, entertainment only).
  • Anti-abuse signals: bot/automation flags, spam patterns, compromised-account heuristics.
  • Diagnostics: crash stack traces, API error codes, rate-limit events.

Appendix B — De-identification techniques (illustrative)

  • Hashing/removing direct identifiers; generalizing timestamps and locations; aggregation with minimum group sizes; randomized response/noise; suppression of outliers; internal access review.
  • Contractual controls: no re-identification; no targeting; security commitments; audit rights.