Privacy Policy | Aurelyn AI

Section 01

Overview — Who We Are and What This Covers

Aurelyn AI LLC ("Aurelyn AI," "we," "us," or "our"), located in Philadelphia, Pennsylvania, operates the website aurelynai.com and provides AI literacy education services including online courses, webinars, community programs, and related products (collectively, the "Services").

This Privacy Policy applies to all personal information we collect through our website, email communications, webinar registrations, course enrollments, community membership, and any other interaction with our Services. It does not apply to third-party websites we may link to.

By using our Services, you acknowledge that you have read and understand this Privacy Policy. If you do not agree with our practices, please discontinue use of our Services and contact us at [email protected] to request deletion of any data we hold.

Section 02

What Personal Information We Collect

We collect only the minimum information necessary to provide our Services. The table below lists every category of personal information we collect, why we collect it, and the legal basis for doing so.


Category	Examples	Purpose	Collected
Identifiers	Name, email address	Account creation, service delivery, communications	Yes
Commercial Information	Products purchased, subscription tier, payment method type (not full card numbers)	Transaction processing, subscription management	Yes
Internet Activity	Pages visited, modules completed, time on page, browser type, IP address	Platform performance, course completion tracking, security	Yes
Professional Information	Job title, industry (if voluntarily provided)	Personalizing course recommendations	If provided
Communications Content	Emails sent to us, webinar Q&A submissions, support requests	Responding to inquiries, service improvement	Yes
Education/Learning Data	Quiz responses, module completion, assessment scores	Tracking learning progress, issuing completion records	Yes
Geolocation (approximate)	Country, state (derived from IP address — city-level only)	Legal compliance (state privacy laws), currency display	Yes
Sensitive Personal Information	Race, ethnicity, health, financial data, social security numbers, precise geolocation, biometric data	None	Never
Minors' Data	Any information from individuals under 16	None — our services are for adults only	Never

Information We Collect Automatically

When you use our website or course platform, we automatically receive certain technical information including your IP address, browser type, operating system, referring URLs, pages viewed, and time stamps. This information is used to ensure the platform functions correctly, detect security incidents, and improve the learning experience. It is not used for advertising profiling.

Information You Provide Directly

We collect information you give us when you create an account, enroll in a course, register for a webinar, make a purchase, contact our support team, or participate in community programs. You can always choose not to provide optional information — this may limit some features but will not prevent you from accessing core services.

Payment Processing

We use Wix Payments and third-party payment processors to handle all financial transactions. We do not store full payment card numbers on our systems. Payment data is handled according to the privacy policies and PCI-DSS compliance standards of our payment processors. We receive only a transaction confirmation and the last four digits of your payment method for reference.

Section 03

How We Use Your Information

We use personal information only for the following purposes. We do not use your information for purposes beyond those listed here without providing notice and, where required by law, obtaining your consent.

Providing and improving our Services: Delivering courses, processing enrollments, tracking learning progress, and issuing completion certificates
Communications: Sending you course updates, webinar confirmations, receipts, and information you have subscribed to receive. You may unsubscribe from marketing communications at any time.
Customer support: Responding to your questions, troubleshooting issues, and resolving complaints
Security and fraud prevention: Detecting and preventing unauthorized access, abuse, or fraudulent transactions
Legal compliance: Meeting our obligations under applicable law, including state privacy laws and tax regulations
Platform analytics: Understanding how the platform is used so we can improve content quality, course structure, and user experience. This analysis is conducted in aggregate — we do not profile individuals for commercial purposes.
Corporate communications for B2B clients: If your employer or organization has purchased a team subscription or pilot program, we communicate with designated contacts about program delivery, usage reports, and renewal

We process your personal information on the legal basis of contract performance (to deliver the Services you purchased), legitimate interests (to improve our platform and prevent fraud), and legal obligation (to comply with applicable law). Where we rely on consent, you may withdraw it at any time.

Section 04

We Never Sell Your Data

Our Formal Commitment

Aurelyn AI does not sell, rent, lease, license, or otherwise make available your personal information to any third party for monetary consideration or any other valuable consideration. This applies to all data we hold — identifiers, learning data, professional information, behavioral data, and communications content.

This commitment applies permanently. If Aurelyn AI ever changes its business model in a way that contemplates monetizing user data, we will provide explicit advance notice and obtain opt-in consent before any such change takes effect. California residents have the right to opt out regardless — this commitment means there is currently nothing to opt out of.

We Also Do Not:

Share your personal information with advertisers or advertising networks for targeting purposes
Allow third-party behavioral tracking on our platform for commercial advertising
Use your learning data, quiz responses, or course performance for any purpose other than delivering your education and improving our curriculum
Sell or share aggregated data in ways that could reasonably be used to identify individual users
Use your email address or contact information for any purpose other than communications you have consented to receive or that are necessary for service delivery

Why We State This So Explicitly

Many privacy policies include data-selling prohibitions buried in legal boilerplate. We state ours prominently because it reflects a core product value: Aurelyn AI was built to empower professionals with AI literacy, not to monetize their attention or data. Our community trusts us with their learning journey. We protect that trust unconditionally.

Section 05

When We Share Your Information

We share personal information only in the limited circumstances described below. We do not share more than necessary for each purpose, and we require all third-party recipients to handle information consistently with this policy.

Service Providers

We use third-party companies to help operate our Services. These providers are permitted to use your information only to perform services on our behalf and may not use it for their own commercial purposes. Current categories of service providers include:

Website and course platform hosting: Wix.com — for platform infrastructure
Payment processing: Wix Payments and Stripe — for transaction handling
Email delivery: Email service providers for transactional and marketing communications
Video conferencing: Zoom — for webinar delivery (subject to Zoom's privacy policy)
Analytics: Aggregate analytics tools for platform performance monitoring

Business Transfers

If Aurelyn AI is involved in a merger, acquisition, or sale of assets, your personal information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on our website before your information is transferred and becomes subject to a different privacy policy. You will have the right to request deletion of your data before any such transfer if you do not wish your information to be transferred.

Legal Requirements

We may disclose your personal information if required to do so by law, court order, or governmental authority, or if we believe in good faith that such action is necessary to comply with legal obligations, protect and defend our rights or property, or protect the personal safety of our users or the public.

With Your Consent

We may share your information in other ways if we have your explicit consent to do so. We will always be clear about what we are sharing, with whom, and why before requesting your consent.

Section 06

Cookies & Tracking Technologies

We use cookies and similar technologies to operate our platform, remember your preferences, and understand how our content is used. We do not use third-party advertising cookies or cross-site tracking.


Cookie Type	Purpose	Duration	Can Opt Out
Strictly Necessary	Login sessions, security tokens, shopping cart — platform cannot function without these	Session / 30 days	No (essential)
Functional	Language preference, display settings, last module viewed	Up to 1 year	Yes (some features limited)
Analytics	Pages visited, time on site, course completion rates — helps us improve the platform	Up to 2 years	Yes
Marketing / Advertising	Cross-site behavioral tracking for advertising	N/A	Not used

Cookie Consent

When you first visit aurelynai.com, you will be presented with a cookie consent banner allowing you to accept all cookies, decline non-essential cookies, or manage your preferences. A representative example of our consent banner is shown below.

You may also control cookies through your browser settings. Note that disabling strictly necessary cookies will impair your ability to use course features that require a login session.

Section 07

California Residents — CCPA / CPRA Rights

If you are a California resident, the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA) grants you specific rights regarding your personal information. This section supplements the rest of this policy and applies specifically to California residents.

Categories of Personal Information Collected in the Past 12 Months

Consistent with Section 2 of this policy, in the past 12 months Aurelyn AI has collected the following categories as defined by the CCPA: Identifiers (A); Commercial Information (D); Internet or Electronic Network Activity Information (F); Professional or Employment-Related Information (I, if provided); Education Information (J). We have not collected sensitive personal information as defined by CPRA.

Your California Rights

Right to Know

Request disclosure of the categories and specific pieces of personal information we have collected about you, the sources, our business purposes, and the categories of third parties with whom we share it.

Submit via email to: [email protected]

Right to Delete

Request deletion of your personal information. We will delete and direct our service providers to delete your information, subject to limited exceptions required by law (e.g., completing a transaction, security, legal obligations).

Submit via: [email protected] or deletion form below

Right to Correct

Request correction of inaccurate personal information we maintain about you. We will use commercially reasonable efforts to correct it.

Account settings or: [email protected]

Right to Opt-Out of Sale

We do not sell personal information. There is currently nothing to opt out of. This right is documented here for completeness and legal compliance. If this ever changes, we will provide a prominent opt-out mechanism.

Not applicable — we do not sell data

Right to Limit Sensitive Information

We do not collect sensitive personal information as defined by CPRA (including precise geolocation, race/ethnicity, health data, biometrics, etc.). This right is not currently applicable.

Not applicable — not collected

Right Against Discrimination

We will not discriminate against you for exercising your privacy rights — including by denying services, charging different prices, or providing a different quality of service.

Guaranteed — no retaliation for rights requests

Exercising Your California Rights

To submit a rights request, email [email protected] with the subject line "California Privacy Rights Request" or use the data deletion form described in Section 11. We will acknowledge receipt within 10 business days and respond within 45 calendar days. If we need additional time (up to an additional 45 days), we will notify you.

We may need to verify your identity before processing your request. Verification will be accomplished by confirming the email address associated with your account. We will not require you to create an account solely to submit a rights request.

Authorized Agents: California residents may designate an authorized agent to submit requests on their behalf. We will require written authorization from you confirming the agent's authority, or a power of attorney consistent with California Probate Code sections 4121–4130.

Notice at Collection

CCPA requires us to provide notice at the point of data collection. We collect personal information at the following touchpoints, and this policy constitutes the required notice at collection: account registration, webinar registration, course enrollment, contact forms, and purchase checkout. The categories collected at each touchpoint are limited to those listed in Section 2 of this policy.

Section 08

Virginia, Colorado & Texas — State Privacy Rights

Several additional US states have enacted comprehensive consumer privacy laws. If you reside in any of the following states, you have rights similar to those described for California residents above. We honor these rights for all covered residents.

Virginia

VCDPA — Virginia Consumer Data Protection Act

Effective January 1, 2023. Virginia residents have rights to access, correct, delete, and obtain a copy of their personal data. You may also opt out of targeted advertising and profiling. We do not engage in targeted advertising or sell personal data.

Compliant

Colorado

CPA — Colorado Privacy Act

Effective July 1, 2023. Colorado residents have rights to access, correct, delete, and obtain a portable copy of personal data. Right to opt out of targeted advertising, sale of data, and profiling. We do not engage in any of these activities.

Compliant

Texas

TDPSA — Texas Data Privacy and Security Act

Effective July 1, 2024. Texas residents have rights to access, correct, delete, and obtain a portable copy of personal data. Right to opt out of targeted advertising, sale of data, and certain profiling. We do not engage in these activities.

Compliant

Other States

Connecticut, Utah, Oregon, Montana, and others

Additional state privacy laws are in effect or taking effect in 2024–2025. We apply CCPA-equivalent standards to all US residents regardless of state, meaning all users benefit from the full set of rights described in Section 7.

Universal Standard Applied

How to Submit a State Rights Request

Residents of all states listed above may submit rights requests by emailing [email protected] with the subject line "[State] Privacy Rights Request" (e.g., "Virginia Privacy Rights Request"). We will respond within 45 days, or as required by applicable law.

If you are not satisfied with our response to a rights request, you may appeal by emailing [email protected] with the subject line "Privacy Rights Appeal." We will respond to appeals within 60 days. Virginia, Colorado, and Texas residents who are not satisfied with our appeal response may contact their state attorney general.

Section 09

Rights for All Users

Regardless of your state or country of residence, all Aurelyn AI users have the following rights with respect to their personal information.

Access: You may request a copy of the personal information we hold about you
Correction: You may request correction of inaccurate information — many fields can be updated directly in your account settings
Deletion: You may request deletion of your personal information. See Section 11 for the deletion request process.
Data portability: You may request your personal information in a structured, commonly used, machine-readable format
Withdrawal of consent: Where we process your information based on consent (such as marketing emails), you may withdraw that consent at any time by clicking "Unsubscribe" in any email or contacting us directly
Objection to processing: You may object to processing of your personal information for direct marketing purposes at any time
Complaint: You may lodge a complaint with us directly at [email protected]. If you are not satisfied with our response, you may contact your relevant state or national data protection authority.

Section 10

Data Deletion — How to Request It

You have the right to request deletion of your personal information at any time. We take deletion requests seriously and will process them within the timeframes required by applicable law (45 days for most requests).

Data Deletion Request Process

How to Delete Your Data

Submit a deletion request using any of the methods below. We will confirm receipt within 2 business days and complete the deletion within 45 days.

1

Email [email protected] with subject line: "Data Deletion Request"

2

Include the email address associated with your account so we can locate your data accurately

3

We will verify your identity (by confirming your account email) and confirm receipt within 2 business days

4

Your data will be deleted from our systems and we will direct our service providers to delete it within 45 calendar days

5

We will send a written confirmation when deletion is complete, including a list of any categories of information we were required to retain by law and the legal basis for retention

What Happens After Deletion

Your account will be deactivated and all personal information removed from active systems
Course progress, quiz responses, and learning history will be permanently deleted
Backups containing your data will be purged on our standard backup rotation schedule (within 90 days)
We will retain information we are legally required to keep, such as transaction records for tax compliance. We will disclose what we have retained and why in our deletion confirmation.
Anonymized, aggregate data that cannot identify you may be retained for analytics

B2B / Corporate Accounts

If your account was created by or is associated with an employer or organization that purchased a team subscription, deletion requests may be subject to your organization's data processing agreement. Please also notify your organization's designated account administrator. We will process your individual data deletion regardless, but completion records held by your employer may be subject to their data retention policies.

Section 11

How Long We Keep Your Data

We retain personal information only as long as necessary to fulfill the purposes for which it was collected, to comply with our legal obligations, and to resolve disputes.


Data Type	Retention Period	Reason
Account information (name, email)	Duration of account + 30 days after deletion request	Service delivery; deletion completion window
Transaction records	7 years	US tax law, IRS requirements
Course completion records	Duration of account; deleted with account	Credential verification; deleted on request
Support communications	3 years	Quality assurance, legal compliance
Marketing email logs	3 years	Consent verification, compliance
Website analytics (aggregate)	26 months	Platform improvement; anonymized after 90 days
Security/access logs	90 days	Security incident investigation

Section 12

How We Protect Your Information

We implement and maintain reasonable technical, administrative, and physical security measures designed to protect your personal information from unauthorized access, disclosure, alteration, or destruction.

Encryption in transit: All data transmitted between your browser and our servers is encrypted using TLS 1.2 or higher (HTTPS)
Access controls: Access to personal information is limited to employees and contractors who need it to perform their job functions
Payment security: We use PCI-DSS compliant payment processors and do not store full payment card data on our servers
Vendor oversight: We require our service providers to maintain appropriate security standards through contractual obligations

No security system is impenetrable. In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify you and applicable regulatory authorities as required by law — within 72 hours of discovery for regulatory notification and without undue delay for individual notification.

Section 13

Children's Privacy

Our Services are designed for professionals and adults. We do not knowingly collect personal information from individuals under the age of 16. Our terms of service require users to be at least 16 years of age to create an account.

If you are a parent or guardian and believe that a child under 16 has provided us with personal information, please contact us immediately at [email protected]. We will take prompt steps to delete the information.

Section 14

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. When we make material changes, we will:

Update the "Effective Date" and "Last Updated" date at the top of this policy
Send an email notification to registered users at least 30 days before material changes take effect
Post a notice on our website homepage for at least 30 days

Your continued use of our Services after the effective date of the revised policy constitutes your acceptance of the changes. If you do not agree with a material change, you may request deletion of your account and data before the change takes effect.

Previous versions of this policy are available upon request by emailing [email protected].

Section 15

Contact Us — Privacy Questions & Requests

For any questions about this Privacy Policy, to exercise your privacy rights, or to submit a data deletion or access request, please contact us using the information below. We respond to all privacy inquiries within 2 business days.

Privacy Contact

Aurelyn AI LLC — Privacy Office

We do not have a dedicated Data Protection Officer (DPO) at this time — all privacy matters are handled directly by the founding team. This ensures your request is reviewed by someone with full context and authority.

Email (Primary)

[email protected]

Subject Line

Privacy Request / [Your Topic]

Phone

+1 754-333-1170

Location

Philadelphia, Pennsylvania, USA

Response Time

2 business days acknowledgment
45 days for rights requests

Website

aurelynai.com

Legal Disclaimer

This Privacy Policy is provided for informational purposes and reflects Aurelyn AI's goo

This Privacy Policy is provided for informational purposes and reflects Aurelyn AI's good-faith interpretation of applicable privacy law as of the effective date. It does not constitute legal advice. Aurelyn AI recommends that businesses with substantial personal data processing consult qualified legal counsel to review privacy practices. State privacy laws change frequently and this document will be updated to reflect material legal developments.