Aurora Growth Academy

Legal

Privacy Policy

Last updated: 2026-05-29

This Privacy Policy explains how Aurora Growth Academy ("we", "us", "our") collects, uses and protects your personal data. We operate under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Who we are

Aurora Growth Academy is the data controller for personal data collected through auroragrowth.co.uk and app.auroragrowth.co.uk. You can contact us at hello@auroragrowth.co.uk.

2. What we collect

  • Account data: email address, password (hashed), name, country, and authentication metadata.
  • Subscription data: plan, billing status, subscription identifiers. Card details are processed by Stripe and are not stored on our servers.
  • Platform data: watchlist items, signal settings, notes, calculator inputs and other content you create on the Platform.
  • Broker connection data (optional): encrypted API credentials and the broker data returned to the dashboard. Credentials are encrypted at rest using AES-256.
  • Technical data: IP address, browser type, device data, log files and similar diagnostic information.

3. How we use your data

  • To provide and operate the Platform.
  • To authenticate you and keep your account secure.
  • To process payments and manage subscriptions.
  • To respond to support requests.
  • To improve and develop the Platform.
  • To send essential service emails (e.g. billing receipts, security notices).
  • To comply with legal obligations.

4. Legal bases

We rely on the following lawful bases under UK GDPR:

  • Contract — to deliver the services you sign up for.
  • Legitimate interests — to operate and secure the Platform.
  • Consent — for any optional marketing or analytics where required.
  • Legal obligation — to comply with applicable law.

5. Sharing

We share personal data only with processors who help us run the Platform, including:

  • Supabase — authentication and database hosting.
  • Stripe — payment processing.
  • Vercel — application hosting.
  • Trading 212 — only if you opt in to the broker connection.

We do not sell your personal data. We may disclose data where required by law or to protect our rights.

6. International transfers

Some of our processors operate outside the UK. Where personal data is transferred internationally, we rely on appropriate safeguards such as adequacy decisions and standard contractual clauses.

7. Retention

We keep your data for as long as your account is active and for a reasonable period afterwards to meet legal and accounting requirements. You can request deletion at any time (see Rights below).

8. Your rights

Under UK GDPR you have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate or incomplete data.
  • Request deletion of your data.
  • Restrict or object to certain processing.
  • Request a copy of your data in a portable format.
  • Withdraw consent where consent is the legal basis.

To exercise any of these rights, email hello@auroragrowth.co.uk.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

9. Cookies

We use only the cookies necessary to run the Platform — primarily session cookies for authentication. We do not use third-party advertising cookies. If we add analytics in future we will update this policy and request consent where required.

10. Security

We use industry-standard measures to protect your data, including encryption in transit (TLS) and at rest for sensitive fields such as broker credentials. No system is perfectly secure; please notify us immediately if you believe your account has been compromised.

11. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be communicated by email or via the Platform.

12. Contact

Any privacy questions can be sent to hello@auroragrowth.co.uk.