Privacy Policy
Effective Date: May 2026 · Last updated: June 2026
Auric Movement LLC ("we," "us," or "our") operates Auric OS (the "Platform") at app.auricmovement.com. We are committed to protecting your personal information in accordance with the New York SHIELD Act, the federal CAN-SPAM Act, the California Consumer Privacy Act (CCPA), and other applicable laws.
1. Information We Collect
The Platform collects information in three categories:
- Information you give us directly — (a) your email address when you tap "Join free" on the homepage (which opens your email client so you can send us a note manually); (b) the contents of any message you send to Auric Concierge (passed through to our AI provider for the response, not stored on our servers); (c) the fields you fill in when you submit a venue through Suggest a Venue: venue name and details, your name, your email, and your relationship to the venue; (d) your email address when you choose to sign in for cross-device sync of your saved venues (we send you a one-time "magic link" — no password is ever collected).
- Information our hosting partners may log — the Platform is hosted on GitHub Pages and uses Cloudflare to proxy the Auric Concierge AI assistant. Like every web host, those services keep their own infrastructure logs that can include your IP address, browser type, and request paths. We do not have access to those logs, do not aggregate or analyze them, and do not connect them to your submissions. If we add our own analytics in the future (Plausible, Google Analytics, or similar), this policy will be updated to describe exactly what we collect.
- Information from payment processors — the Platform does not currently process payments. If we introduce paid features in the future, we will receive transaction confirmations from a third-party payment processor, but never your full card number, CVV, or banking credentials.
2. How We Use Your Information
We use the information you give us solely to:
- Operate the Platform (display venues, respond to your Concierge messages by passing them to Anthropic and returning the response);
- Review the venues you submit through Suggest a Venue and decide whether to add them to the directory;
- Reply to you by email if you've contacted us or sent us a submission that needs follow-up.
We do not currently run analytics, marketing email campaigns, or usage tracking. If that changes, this policy will be updated.
3. Auric Concierge Conversations
Messages you send to Auric Concierge are processed via a Cloudflare Worker proxy and sent to Anthropic (the AI provider) for response generation. Anthropic's data handling is governed by their privacy policy. We do not store the contents of your Concierge conversations on our own servers — they exist only in your browser tab while the chat is open and disappear when you close it.
4. How Your Data Is Stored
The Platform itself is a static website hosted on GitHub Pages. Sign-in is optional. Specifically:
- Emails from the "Join free" form arrive in our inbox at auricmovement@outlook.com (the form opens your email client; you click send manually).
- Venue suggestions submitted through Suggest a Venue are stored in Supabase, a secure cloud database service hosted in the United States. Stored fields are exactly what you saw on the form: venue info, your name, your email, your relationship to the venue. We read these submissions to decide whether to add the venue to the directory. We do not share them.
- Sign-in (magic link). When you choose to sign in, your email address is stored by Supabase Auth as a user record. Authentication is handled by sending a one-time link to your inbox; we never collect, store, or see a password. A session token (a signed JWT issued by Supabase) is stored in your browser's
localStorageso you stay signed in across visits. Signing out clears the token from your browser. - Saved venues (bookmarks). If you are not signed in, your bookmarks live only in your browser's
localStorageand we never see them. If you are signed in, your list of saved venue names is also stored in Supabase, linked to your user record, so it can sync across the devices you sign in on. The stored data is just the venue names — nothing else about your browsing or behavior. Supabase Row Level Security ensures that no other user can read your saved-venue list. - Future Phase 2 features — creator profiles, venue reviews, and success stories — will also use Supabase. The schema is set up but the user-facing forms aren't live yet. When they launch, this policy will be updated.
Sign-in and sync are provided "as is." We do not guarantee any specific level of durability — bookmarks could be lost from third-party outages, account termination, software bugs, or your own browser clearing storage. See our Terms § 5 for the full no-liability statement. If a specific list of venues matters to you, save a copy outside the Platform.
5. Payment Processing (Forthcoming)
The Platform does not currently collect payments. If we introduce paid features in the future, payments will be processed by a reputable third-party processor and this section will be updated with the processor's name, link to their privacy policy, and details of what financial data they handle. We will not collect, store, or have access to your full payment card details.
6. Venue Listings
Venues displayed on the Platform are sourced from publicly available information — the venues' own websites, public Instagram profiles, listed business phone numbers, and creator submissions. Where contact info appears on a venue card, it is information the venue itself publishes publicly. If you operate a venue and want to be listed, edited, or removed, email auricmovement@outlook.com.
7. We Do Not Sell Your Data
We do not sell, rent, trade, or share your personal information with third parties for marketing purposes. We share information with service providers strictly as needed to operate the Platform:
- Anthropic — receives your Auric Concierge messages to generate AI responses.
- Cloudflare — proxies the AI requests securely (holds the API key server-side so it never reaches your browser).
- Supabase — stores your venue suggestion submissions, and (if you sign in) your account email and saved-venue list. Supabase is also the email sender for the magic-link sign-in emails.
- GitHub Pages — hosts the static website you're reading right now.
If we add a payment processor for future paid features, it will be named here.
8. Cookies & Local Storage
The Platform uses your browser's localStorage for three things only:
- Saved venues — the venues you've tapped the heart icon on, plus the count badge in the nav. If you are signed in, this list is also kept in sync with our database; if you are signed out, it lives only here.
- Sign-in session token — if you choose to sign in, a signed Supabase JWT is kept in
localStorageso you stay signed in across visits. Signing out clears it. This is the only piece of stored data that is tied to your identity. - Beta access flag (legacy) — a flag from the closed-beta era; harmless if present.
We do not use third-party tracking cookies. We do not use cookies for advertising or analytics. You can clear localStorage at any time through your browser settings — doing so will sign you out and forget your locally-cached saved-venue list (signed-in users will get the cloud copy back on next sign-in).
9. Email Communications
The Platform does not currently operate a marketing mailing list, transactional email system, or account-based email flow. We only email you directly if (a) you've emailed us first via the "Join free" form, the suggest-a-venue submission, or any other route, AND (b) you need a reply (for example, a follow-up about your venue suggestion). When we do, those emails come from a person at auricmovement@outlook.com — not an automated system. If we add a real mailing list in the future, opt-in will be explicit and unsubscribe will be one click per CAN-SPAM.
10. Your Rights (NY SHIELD, CCPA, GDPR-aligned)
You have the right to: (a) request a copy of the personal data we hold about you; (b) request correction of inaccurate data; (c) request deletion of your data; (d) opt out of future marketing communications; (e) ask which third parties we share data with. Email auricmovement@outlook.com — we will respond within 30 days.
11. Data Security
We implement reasonable administrative and technical safeguards consistent with the New York SHIELD Act, including encryption in transit (HTTPS), access controls on backend services, and limited data retention.
12. Minors
The Platform is not directed at individuals under the age of 18. We do not knowingly collect information from minors. If you believe we have collected information from a minor, contact auricmovement@outlook.com and we will delete it.
13. Changes to This Policy
We may update this Privacy Policy as the Platform evolves (especially when Phase 2 backend features and Phase 4 monetization launch). Material changes will be announced on the Platform homepage and via email to active users.
14. Contact
Auric Movement LLC
auricmovement@outlook.com