Privacy notice
This page explains, in plain language, what Aurolabs collects, why, how long we keep it, and your rights under the GDPR.
Last updated · 2026-06-22
Email you send us. When you contact us at roberto@aurolabs.ai we receive your email address, your name (if your mail client includes it), and whatever you write. We need these to reply.
Server logs. Standard nginx access logs: IP address, timestamp, requested URL, user-agent. Used for security, debugging, and rate-limiting. Rotated and deleted every 14 days.
Nothing else. No third-party analytics, no advertising pixels, no fingerprinting, no behavioural tracking, no cookies that persist beyond your session for our purposes.
The only client-side storage we use is a single localStorage key (lang) that remembers your language choice (en or sv). Nothing else is stored on your device by us.
We don't set tracking or analytics cookies. We don't load Google Analytics, Hotjar, Facebook Pixel, Segment, or any equivalent. The site is static HTML; the only external resources it loads are the GSAP animation library (cdnjs) and the Jost webfont (Google Fonts) — neither sets cookies nor tracks you.
Email you send us: processed on the basis of legitimate interest (replying to a message you sent us) and, where applicable, your consent (you chose to email us).
Server logs: processed on the basis of legitimate interest for security, abuse prevention, and operating the service.
Email you send us: kept in our mailbox until the matter is resolved. No separate customer database is in use yet. When one comes online (with a Stripe-backed product) we'll keep it for the active relationship plus 12 months, then delete unless there's a legal reason to retain.
Server logs: 14 days, then rotated out (verified — daily rotation, 14 generations).
localStorage notice key: stays on your device until you clear it. Cosmetic only — it just remembers you've dismissed the notice.
The site runs on DigitalOcean in Amsterdam (AMS3) — EU. Inbound mail to roberto@aurolabs.ai is handled by Namecheap PrivateEmail. Outbound transactional email via Resend when a feature requires it. Payments (when relevant) via Stripe. None of these are loaded on the public site itself — they only run server-side or for specific authenticated flows.
Under the GDPR you have the right to access, rectify, erase, restrict, or port your personal data, and to object to processing. You can also lodge a complaint with the Swedish Data Protection Authority (Integritetsskyddsmyndigheten, IMY).
To exercise any of these rights, email roberto@aurolabs.ai with the subject "Data request". We aim to reply within 7 days, and resolve within 30.
Aurolabs AB · Stockholm, Sweden · roberto@aurolabs.ai