Privacy Policy
Last updated: June 2026 · UK GDPR aligned
1. Data controller
Shyam Prasad trading as AuraFX Elite is the data controller. Contact: privacy@aurafxelite.com · Website: aurafxelite.com
2. What we collect
- Registration: name, email, phone, country, city, address (optional), broker name (optional), experience, plan, payment status.
- Payment: PayPal transaction IDs and payer email (we do not store full card numbers).
- Technical: IP address, browser type, timestamps (server logs, typically 30–90 days).
- Local storage: cookie consent choice, journal entries (stored on your device only).
3. Lawful bases
- Contract — to provide Services you registered for.
- Legal obligation — fraud prevention, accounting/tax records.
- Legitimate interests — security, service improvement, support.
- Consent — optional marketing emails where offered and ticked.
4. Processors & sharing
| Processor | Purpose |
|---|---|
| Render.com | Website hosting |
| PayPal | Payment processing (when enabled) |
| Resend | Transactional email (when enabled) |
| Neon (optional) | Encrypted registration database |
| Google Fonts (optional) | Typography if you accept all cookies |
We do not sell personal data. We may disclose data to authorities if required by law.
5. International transfers
Processors may be in the US or EU. We use appropriate safeguards (UK IDTA / EU SCCs) where required.
6. Retention
- Registration & payment records: up to 6 years for tax and dispute purposes.
- Server logs: typically 90 days.
- Marketing consent records: until withdrawn plus 6 years evidence.
- Earlier deletion where no legal duty to retain — see below.
7. Your rights (UK/EEA)
Access, rectification, erasure, restrict processing, portability, object, withdraw consent. Email privacy@aurafxelite.com. We respond within one month.
8. Deletion requests
Email privacy@aurafxelite.com from your registration address. We delete or anonymise data unless we must retain it for legal, tax, or fraud-prevention reasons.
9. Complaints
Contact us first at complaints@aurafxelite.com. You may complain to the ICO (UK): ico.org.uk, or your local supervisory authority.
10. Security
- HTTPS in production (HSTS on aurafxelite.com)
- Admin areas protected by password and optional 2FA
- Rate limiting on admin login
- Encrypted fields for sensitive registration data when configured
- Audit logging for admin access
11. Children
Services are not for under-18s. We delete data if we learn a minor registered.
12. Changes
Updates posted here with a new date.