Privacy and Data Protection Policy

Effective Date: April 8, 2026

Article 1: Data Controller

The company AuroraLink, whose administrative headquarters are located at Tour Montparnasse, 33 Avenue du Maine, 75015 Paris, acts as Data Controller within the meaning of the General Data Protection Regulation (GDPR - EU Regulation 2016/679).

Article 2: Categories of Data Collected

As part of operating the platform https://aurora-link-crypto.com, we collect data proportionally to the intended purposes:

  • Identity and contact data: Name, first name, verified email address, phone number, date of birth.
  • Compliance data (KYC): Copy of identity documents, proof of address, and information on the origin of funds (only if required by our legal obligations).
  • Technical and browsing data: IP addresses, device identifiers, approximate geolocation data, connection histories, and cryptocurrency wallet addresses linked to the Platform.

Article 3: Legal Basis for Processing

The processing of your data is strictly governed by Article 6 of the GDPR:

Contract Performance

Necessary for account opening and the provision of analytical tools.

Legal Obligations

Essential for complying with digital asset regulations and anti-money laundering (AML/CFT) laws.

Legitimate Interest

Required to ensure the security of information systems, prevent fraud, and improve our analysis algorithms.

Article 4: Security Protocols and Hosting

All sensitive data transiting through the Platform is encrypted using military-grade AES-256 protocol and transmitted via TLS 1.3 channels. The storage infrastructure is physically and logically compartmentalized. Our main servers are located within the European Economic Area (EEA) to ensure the strict application of European confidentiality standards.

Article 5: Retention Periods

In accordance with minimization principles, data is retained for limited periods:

  • Profile and service data: For the entire lifespan of the user account.
  • KYC data and financial records: Securely archived for a period of five (5) years after account closure, to meet regulatory and statutory requirements of the Monetary and Financial Code.
  • Telemetry and log data: Purged or anonymized after a maximum period of twelve (12) months.

Article 6: Exercise of Your Rights

The European GDPR framework grants you inalienable rights over your personal data:

  • Right of access and portability: Obtain a copy of your data in a structured format.
  • Right to rectification: Correct outdated or erroneous information.
  • Right to erasure: Request the deletion of your data, subject to our legal retention obligations.
  • Right to object and restrict processing: Restrict certain types of processing.

Asserting Your Rights

To assert your rights, please submit your request in writing to our Data Protection Officer (DPO) at the following address: [email protected].

You also have the right to lodge a complaint with the competent supervisory authority in France, the CNIL (National Commission for Information Technology and Civil Liberties).

🇬🇧 English
🇫🇷 French 🇩🇪 German