AureonCorp

AureonCorp Privacy Policy

Last updated: March 2026

This Privacy Policy explains how AureonCorp ("AureonCorp", "we", "our", "us") collects, uses, and protects personal data when you:

  • visit the website https://aureoncorp.com
  • contact us or request a partnership
  • use services related to AureonLead or other custom AureonCorp infrastructure

This document is designed to comply with the General Data Protection Regulation (GDPR) and other applicable data protection laws, including the Swiss Federal Act on Data Protection (nFADP).

1. Data Controller

Data Controller:
Rafael Iosef
Operating under the commercial brand AureonCorp
Location: Bucharest, Romania
Contact email: rafael@aureoncorp.com

2. Categories of Data We Process

2.1 Information you provide voluntarily

Contact & Partnership Requests: When you submit a contact request or interact with our team, we may process the following:

  • Name and Email address
  • Company/Agency name and Website
  • Business sector or niche
  • Country or location
  • Message content and project requirements

This information is used exclusively to respond to inquiries, evaluate potential collaborations, and scope technical projects.

AureonLead & Custom Infrastructure Accounts: If you access our platforms or participate in private engineering partnerships, we may process the following:

  • Professional contact details
  • Account credentials (stored securely using industry-standard hashing)
  • Platform usage data and technical logs

These data are strictly necessary to provide and secure the service.

2.2 Automatically Collected Data

When visiting the website, certain technical information is collected automatically to ensure security and performance.

  • IP address (partially anonymized when possible)
  • Browser and operating system information
  • HTTP events, error logs, and security monitoring data
  • Aggregated analytics (if consent is provided)

Cookies and similar technologies may be used to support essential website functionality and analytics. Additional information regarding cookie usage is available in the Cookie Policy.

3. Business Intelligence Data Processing (OSINT Methodology)

AureonCorp develops market intelligence systems that process business-related information derived strictly from publicly accessible sources. These may include:

  • Company name, business address, and location
  • Website URL and industry category
  • Public contact information made available by the business itself
  • Public technology signals detected on corporate websites (e.g., DNS records, web frameworks, tracking pixels)

Data is obtained exclusively using OSINT (Open Source Intelligence) methodologies. These methods analyze publicly accessible corporate websites, open business directories, and observable digital infrastructure signals. AureonCorp analyzes these signals to produce structured business intelligence insights regarding local market conditions. We do not rely on private datasets, credential leaks, or unauthorized databases.

AureonLead is designed exclusively for B2B market intelligence between companies and is not intended for the processing of personal data related to private individuals acting outside of a professional or commercial context.

4. Role of AureonCorp in Relation to Lead Data

Customers using AureonLead or our custom data pipelines may utilize the provided business intelligence to identify potential B2B opportunities. In such cases:

  • The Customer acts as the independent Data Controller for any outreach, marketing, or communication they perform.
  • AureonCorp acts either as an independent Data Controller (for standard intelligence datasets) or as a Data Processor (for custom infrastructure), providing data derived from public sources.

Customers are responsible for ensuring that their outreach activities comply with applicable regulations, including GDPR, ePrivacy rules, and applicable B2B marketing laws.

5. Purposes and Legal Basis of Processing

We process your data for the following purposes.

  • Responding to inquiries & Scoping projects: Pre-contractual measures (GDPR Art. 6(1)(b)) and Legitimate Interest (GDPR Art. 6(1)(f)).
  • Providing SaaS & Custom Services: Contract performance (GDPR Art. 6(1)(b)) and Legitimate Interest (GDPR Art. 6(1)(f)) for system security.
  • Service Updates & Communications: Consent (GDPR Art. 6(1)(a)) or Legitimate Interest for existing customers.
  • Security and Fraud Prevention: Legitimate Interest (GDPR Art. 6(1)(f)) to protect our infrastructure from abuse.

6. Service Providers and Data Sharing

To operate our services securely and efficiently, we rely on vetted infrastructure providers acting as Data Processors. For security and operational reasons, we disclose provider categories rather than individual vendor names in this public policy.

  • European Cloud Infrastructure Providers (for core database and backend hosting)
  • Content Delivery Networks (CDN) & Edge Security (for traffic protection and performance)
  • Transactional Email Infrastructure (for system notifications and account management)
  • Data Verification APIs (for business intelligence data cleansing)

Where required, we execute strict Data Processing Agreements (DPAs) with all sub-processors to ensure compliance with EU and Swiss standards. A detailed list of specific sub-processors is available to active enterprise clients upon request.

7. International Data Transfers

Our primary infrastructure and data processing environments are located within the European Economic Area (EEA). If technical requirements necessitate the use of providers operating outside the EEA, data transfers are protected through Standard Contractual Clauses (SCC) approved by the European Commission and additional technical safeguards (such as encryption at rest and in transit).

8. Data Retention

Personal data are retained only for the time necessary to fulfill the purposes described in this policy.

  • Contact requests: Up to 24 months after the last communication.
  • Client Accounts: Duration of the contractual relationship plus mandatory legal retention obligations.
  • Technical & Security logs: Up to 12 months, unless required for active security investigations.

9. Data Subject Rights

Under the GDPR and nFADP, you have the right to:

  • Access your personal data
  • Correct inaccurate data or request deletion
  • Request restriction of processing or obtain data portability
  • Object to processing based on legitimate interest
  • Withdraw consent at any time

Requests regarding personal data can be sent to: rafael@aureoncorp.com

You also have the right to lodge a complaint with a competent supervisory authority.

10. Updates to this Policy

This Privacy Policy may be updated periodically to reflect regulatory changes, updates to our services, or improvements to our security infrastructure. The latest version will always be available on this page.