Aurora Beauty Connect - Privacy Policy

We collect information you provide directly including name, email, phone number, payment details (M-Pesa), business information for service providers, profile photos, service preferences, and review content. We also automatically collect location data (with permission), device information, app usage analytics, booking history, and transaction records for service delivery and platform improvement.

Your information is used to: facilitate service bookings and payments; process M-Pesa transactions and payouts; provide GPS location services for mobile appointments; send booking confirmations and reminders; calculate travel fees and distances; maintain loyalty point balances; provide customer support; improve platform functionality; ensure user safety and verification; and comply with legal and regulatory requirements.

We share your booking information with selected service providers to facilitate appointments. Payment data is securely processed through licensed M-Pesa payment partners. Business location information is shared only as necessary for service delivery. We never sell personal information to third parties. We may disclose information when required by law, to protect safety, or to prevent fraud. All third-party integrations are vetted for security and privacy compliance.

We implement bank-level security measures including data encryption at rest and in transit, secure API connections for M-Pesa integration, regular security audits and penetration testing, access controls and authentication systems, and secure data centers with backup systems. All team members undergo security training and sign confidentiality agreements. We maintain incident response procedures for potential security events.

With your permission, we collect precise location data for: finding nearby service providers; facilitating mobile beauty services; calculating accurate travel times and fees; providing directions to appointment locations; and ensuring user safety during appointments. Location sharing is always optional and can be disabled in settings. We use privacy-friendly OpenStreetMap instead of tracking-enabled mapping services. Location history is retained only as long as necessary for service delivery.

Our M-Pesa integration collects: phone numbers for payment processing; transaction IDs and status information; payment amounts and timestamps; and payout preferences for service providers. All financial data is encrypted and processed through licensed payment partners. We never store complete M-Pesa PINs or sensitive payment credentials. Transaction history is maintained for tax and business purposes as required by Kenyan law.

For beauty professionals, we collect: business registration documents; professional certifications and licenses; business addresses and service areas; service pricing and availability; customer reviews and ratings; earnings and transaction history; and verification photos. This information is used for platform safety, service quality, and regulatory compliance. Business data may be shared with clients for booking decisions.

We use your contact information to send: appointment confirmations and reminders; payment notifications and receipts; service updates and cancellations; loyalty program communications; platform security alerts; and customer support responses. Push notifications can be controlled through device settings. We comply with anti-spam regulations and provide easy unsubscribe options for marketing communications.

We collect anonymized usage analytics to: improve platform performance and user experience; identify popular services and features; optimize booking and payment processes; enhance security and fraud detection; and develop new features based on user needs. Analytics data is aggregated and cannot be used to identify individual users. We use privacy-respecting analytics tools that comply with data protection standards.

We retain personal information only as long as necessary for: providing ongoing services; complying with legal obligations (typically 7 years for financial records); resolving disputes and enforcing agreements; and maintaining platform security. Deleted accounts have personal information removed within 30 days, except for transaction records required by law. All data is stored in secure, encrypted databases with regular backups.

You have the right to: access your personal information and download a copy; update or correct inaccurate information; delete your account and associated data; opt out of marketing communications; control location sharing permissions; manage notification preferences; and request information about data sharing. These rights can be exercised through app settings or by contacting our support team.

Aurora is designed for adults (18+) seeking and providing professional beauty services. We do not knowingly collect information from children under 18. If we discover that a child's information has been collected, we will immediately delete it and terminate the account. Parents who believe their child's information may have been collected should contact us immediately for prompt resolution.

While Aurora operates primarily in Kenya, some service providers may operate across borders or use international technology systems. Any international data transfers comply with applicable data protection laws and include appropriate safeguards. Users are notified when their data may be processed in other jurisdictions, and consent is obtained when required by law.

Aurora integrates with trusted third-party services including: M-Pesa and other payment processors; mapping and location services (OpenStreetMap); cloud storage and computing services; communication and notification systems; and analytics and security tools. All third-party partners undergo security and privacy assessments. We maintain data processing agreements with all partners to ensure your privacy protection.

With permission, we may collect device fingerprinting information for security purposes, including device type, operating system, and unique device identifiers. Biometric authentication (fingerprint, facial recognition) is processed locally on your device and never transmitted to our servers. This information helps prevent fraud and unauthorized account access.

We may use your information to send promotional offers, loyalty program updates, new feature announcements, and relevant beauty service recommendations. Marketing communications are based on your service history and preferences. You can opt out at any time through app settings or unsubscribe links. We respect your communication preferences and comply with anti-spam laws.

In the event of a security incident affecting personal information, we will: immediately investigate and contain the incident; assess the risk to users and take protective measures; notify affected users within 72 hours when required; provide clear information about what happened and recommended actions; work with authorities and security experts as needed; and implement additional safeguards to prevent similar incidents.

We may disclose personal information when required by Kenyan law, court orders, or regulatory requirements. We cooperate with law enforcement for legitimate investigations involving platform safety or illegal activities. When legally permitted, we will notify users of such requests unless prohibited by law or when immediate safety concerns exist.

In the event of a merger, acquisition, or sale of Aurora, user data may be transferred as part of business assets. Users will be notified of any such transfer with at least 30 days advance notice. The acquiring entity will be required to honor existing privacy commitments and provide users with choices about their data use under new ownership.

This privacy policy may be updated to reflect service changes, legal requirements, or enhanced privacy protections. Users will be notified of significant changes through the app, email, and website posting. Continued use after notification constitutes acceptance of updates. For privacy questions, concerns, or requests to exercise your rights, contact our Data Protection Officer at privacy@aurora.co.ke or through the in-app support system.