Privacy Policy

Last updated: June 14, 2026

1. Who We Are

AuraWatcher ("we", "us", "our") is an AI-powered comment monitoring service for social media creators and PR agencies. We are established in Poland, EU. Please note that our service infrastructure is hosted in the United States (see Section 10, International Data Transfers). If you have any questions about this policy, contact us at privacy@aurawatcher.com.

2. What Data We Collect

We process two distinct categories of data:

  • Client Data: Your email address, billing information, push notification tokens, and usage data (anonymized page views, feature usage) when you join the waitlist, contact us, or use the dashboard.
  • Public Social Media Data: From the public profiles you add to our platform, we collect publicly visible data. This currently covers TikTok, and may be extended to other platforms in the future. Specifically, we collect:
    • Profile data: public handle/username, profile picture URL, follower count, and the platform's internal user identifier.
    • Post data: post URL, caption/description, like count, comment count, and timestamps.
    • Comment data: comment text, the comment author's public handle/username, the comment's like count, and timestamps.
    We never request, access, or store passwords or private account data.

3. How We Use AI and Process Your Data

  • Service Provision: To provide and operate the AuraWatcher sentiment-analysis radar.
  • AI Processing & Data Minimization: We use OpenAI's Large Language Models, accessed via OpenAI's secure API, to analyze the sentiment and risk of public comments. To minimize the personal data shared with this AI sub-processor, we exclude commenter usernames, user identifiers, and profile identifiers from the analysis request — only the comment text and the associated post description are sent. Please note that comment text may itself contain personal data (for example, where a comment mentions another user by handle). OpenAI acts as our data processor under a Data Processing Agreement, processes this data via its API only, and does not use it to train its models.
  • Automated Risk Scoring: We compute aggregate, account-level engagement statistics (such as typical comment like counts and the rate at which comments accumulate likes) to establish a baseline for each monitored profile. We use these baselines to automatically score and prioritize comments by risk. This profiling operates on account-level aggregates and is used to surface alerts to our clients; it does not produce legal or similarly significant effects on individual commenters.
  • Communication: To send you waitlist updates, alerts, and product announcements. You may unsubscribe at any time.

4. Legal Basis (GDPR)

If you are located in the EU/EEA, we process personal data under the following legal bases:

  • Consent: For marketing emails (which you can withdraw at any time).
  • Contractual Necessity: To provide the AuraWatcher service to our registered clients.
  • Legitimate Interest: For processing public social media data, including the public handles and comments of social media users. It is in the legitimate interest of our clients to monitor public brand sentiment and protect their online reputation. We have conducted a balancing assessment to ensure this processing does not override the rights and freedoms of the individuals concerned, and we limit processing to publicly available data.

5. Data Sharing

We do not sell your personal data. We may share it strictly with trusted third-party service providers who act as our Data Processors, all of whom operate under Data Processing Agreements. These include:

  • Cloud hosting and infrastructure: Google Cloud Platform / Firebase (database, serverless functions, push messaging).
  • AI processing: OpenAI (comment sentiment and risk analysis).
  • Email delivery: Mailjet.
  • Messaging notifications: Telegram (where you connect a Telegram account for alerts).
  • Public data aggregation: trusted third-party data enrichment services and API providers (including Apify, TokAPI, TikFly, and TikwmAPI) that assist us in retrieving strictly publicly available information on the internet

We may also disclose data when required by law.

6. Data Retention

  • Client Data: We retain your account data for as long as you use the service.
  • Public Social Media Data: Raw public comments are processed for sentiment analysis and retained for up to 12 months to power historical trend reports for our clients, after which they are securely aggregated or deleted.

7. Your Rights (and Rights of Public Users)

Under GDPR, you have the right to access, correct, delete, or export your personal data, and to object to or restrict certain processing.

Right to be Forgotten: If you are a social media user and believe your public handle or comment has been processed by our platform, you have the right to request its removal from our database.

To exercise any of these rights, email us at privacy@aurawatcher.com.

8. Cookies

We use essential cookies to keep you logged in and anonymous analytics cookies to understand how users navigate the product. You can disable non-essential cookies in your browser settings at any time.

9. Changes to This Policy

We may update this policy occasionally. We'll notify waitlist subscribers and active users by email of any material changes. Continued use of the service after changes constitutes acceptance.

10. International Data Transfers

Our infrastructure and certain of our sub-processors (including Google Cloud and OpenAI) are located in the United States. Where we transfer personal data outside the EU/EEA, we rely on appropriate safeguards, such as the European Commission's Standard Contractual Clauses and, where applicable, the EU-US Data Privacy Framework, to ensure your data receives an adequate level of protection.