Privacy Policy

Web App Privacy Policy

Effective Date: 21 April 2026

Service: AuraVibe Web App at auravibe.ai

Controller: Forge Labs spolka z ograniczona odpowiedzialnoscia, KRS 0001229384, NIP 6762715752, REGON 544292406, ul. Profesora Wojciecha Marii Bartla 19E, lok. LU46, 30-389 Krakow, Poland (Forge Labs, AuraVibe, we, us, or our).

This Privacy Policy explains how Forge Labs collects, uses, stores, discloses, and otherwise processes personal data in connection with the AuraVibe Web App.

As described in the business plan, AuraVibe operates from Poland, serves users globally, applies age-gating, and provides a web management dashboard tied to the broader AuraVibe service ecosystem.

1. Scope of This Policy

This Privacy Policy applies to personal data processed through auravibe.ai and related web-based account, billing, profile, support, avatar-selection, subscription, Telegram-linking, and technical service features.

The Web App is the account and management environment for AuraVibe and is not the main chat interface used for companion conversations.

This Policy does not override mandatory rights granted under applicable law. Where local law grants stronger privacy rights, those rights apply to the extent required.

2. Categories of Personal Data

Depending on how you use the Web App, AuraVibe may process the following categories of personal data:

Account and profile data

• email address;
• username;
• account identifiers;
• age-gate confirmations and related account status records;
• selected avatars, preferences, and profile settings.

2.1 Telegram-related data

• Telegram ID;
• Telegram username;
• connection and verification status for linked Telegram use.

2.2 Billing and transaction data

AuraVibe uses a third-party PSP for payment processing, and the exact PSP may change over time. AuraVibe does not need to store full payment card details in its own systems in order to offer paid services.

• subscription plan;
• billing status;
• payment-related identifiers;
• transaction metadata;
• country or region information;
• invoices, tax-relevant data, and anti-fraud records.

2.3 Support and communications data

• messages sent to support;
• verification details used to handle support tickets;
• complaint, refund, and dispute records;
• account deletion requests and outcomes.

2.4 Technical and device data

• IP address;
• device and browser information;
• log data;
• timestamps;
• session data;
• network and security event data;
• limited cookie data necessary for site operation.

2.5 Service usage data

• account activity records;
• dashboard actions;
• companion browsing activity;
• avatar selection activity;
• checkout initiation data;
• plan change and cancellation-related records.

2.6 AI-related and moderation data

AuraVibe's governance framework uses model-level, workflow-level, and user-level controls.

• prompts, requests, outputs, metadata, and other activity logs to the extent necessary for moderation, safety, enforcement, fraud prevention, legal compliance, or operation of the broader AuraVibe service;
• flags, enforcement records, and platform safety signals.

3. Sources of Personal Data

AuraVibe collects personal data directly from you when you create an account, pass the age gate, contact support, link Telegram, start checkout, manage a subscription, or otherwise interact with the Web App.

AuraVibe also collects technical data automatically through standard web technologies required for operation and security.

AuraVibe may receive limited billing or payment status information from its PSP and limited infrastructure or delivery data from service providers such as hosting, cloud, and workflow vendors used to operate the service.

4. Purposes of Processing

AuraVibe processes personal data for the following purposes:

• providing and operating the Web App;
• creating and maintaining accounts;
• enforcing age-gating and adult-only access;
• linking and managing Telegram-related account features;
• enabling checkout, billing, subscription management, refunds, and support;
• maintaining security, fraud prevention, logging, and abuse detection;
• enforcing Terms, moderation rules, and prohibited-content controls;
• handling deletion requests, disputes, and legal compliance obligations;
• improving service reliability, infrastructure, and operational quality; and
• communicating with users about service, billing, and support matters.

5. Legal Bases for Processing

Where the GDPR or similar laws apply, AuraVibe relies on one or more of the following legal bases:

• performance of a contract, where processing is necessary to provide the Web App, maintain accounts, manage subscriptions, and deliver requested services;
• legitimate interests, including service security, fraud prevention, moderation, system integrity, support handling, internal administration, and enforcement of platform rules;
• legal obligation, where processing is necessary to comply with tax, accounting, consumer, regulatory, law-enforcement, or other legal requirements; and
• consent, where required by law for a specific processing activity.

6. Cookies and Similar Technologies

AuraVibe uses technical cookies and similar technologies necessary to operate the Web App, maintain sessions, protect security, support login flows, preserve basic functionality, and ensure reliable delivery.

The current setup does not rely on marketing cookies according to the service instructions provided for this draft.

If AuraVibe later introduces non-essential cookies, the cookie disclosures and consent approach should be updated before those tools go live.

7. Sharing of Personal Data

AuraVibe may share personal data with categories of recipients that are reasonably necessary to operate the service, including:

• payment service providers and related financial service partners;
• hosting, server, infrastructure, and cloud providers;
• Cloudflare-related infrastructure and delivery services;
• self-hosted workflow and automation systems operated by AuraVibe;
• Telegram-related integrations where a user chooses to link or use Telegram functionality;
• professional advisers, accountants, auditors, legal advisers, and compliance support providers;
• dispute, fraud, payment, and chargeback service providers; and
• competent authorities or third parties where required by law or necessary to protect rights, safety, or legal compliance.

8. International Data Transfers

AuraVibe operates globally from Poland and may process or make personal data accessible in multiple countries depending on user location, infrastructure configuration, support operations, hosting arrangements, payment partners, or Telegram-related integrations.

As a Polish company operating in the EU, Forge Labs states that it operates under GDPR obligations.

Where required by law, AuraVibe will use an appropriate transfer mechanism for international data transfers, such as adequacy decisions, contractual safeguards, or another lawful mechanism.

9. Data Retention

AuraVibe aims to delete account data promptly when a verified account deletion request is completed through support.

However, AuraVibe may retain limited data for longer where necessary to comply with legal obligations, resolve disputes, enforce Terms, maintain tax and accounting records, prevent fraud, document moderation decisions, preserve security logs, or protect the service and its users.

10. Security

AuraVibe describes a security-focused architecture that includes a production VPS backend, self-hosted n8n orchestration, PostgreSQL memory infrastructure, Cloudflare R2 storage, SSH-tunneled backend access restrictions, and a proprietary locally deployed AI model with moderation controls.

No system can be guaranteed perfectly secure. Users should also protect their credentials, devices, and linked third-party services such as Telegram.

11. User Rights

Depending on your location and applicable law, you may have the right to request access to personal data, correction of inaccurate data, deletion of data, restriction of processing, objection to certain processing, portability of data, or withdrawal of consent where consent is the legal basis.

Users in the European Economic Area also generally have the right to lodge a complaint with a competent supervisory authority.

To exercise privacy rights or submit a deletion request, contact support@auravibe.ai or info@auravibe.ai. AuraVibe may request reasonable verification before acting on a request.

12. Adult Service and Sensitive Conduct Enforcement

AuraVibe is an adult-only service with strict prohibited-content controls. The Company may process account activity, prompts, outputs, flags, and related metadata where reasonably necessary to detect, investigate, block, document, or report prohibited activity.

Users remain personally responsible for their requests, prompts, generated outputs, and platform conduct. The use of an AI system does not shift responsibility for unlawful or prohibited content from the user to AuraVibe.

AuraVibe may permanently ban users and terminate access where violations are detected.

13. Children

AuraVibe is not directed to children and does not permit use by anyone under 18.

If AuraVibe learns that personal data has been collected from a person under 18, it may take steps to delete the data and terminate the associated account.

14. Changes to This Policy

AuraVibe may update this Privacy Policy from time to time to reflect changes in the law, infrastructure, data practices, payment integrations, service features, or operational needs.

The updated version becomes effective when posted unless another date is stated.