Aureoncorp Privacy Policy

Last updated: January 31, 2026 Version: 1.0

Important: this document describes how we handle data based on current information about aureoncorp.com and AureonLead operations. It does not constitute legal advice and should be reviewed by a professional.

1. Who we are

This policy describes how Aureoncorp (hereinafter "Aureoncorp", "we", "our") processes the personal data of users who:

  • visit the website https://www.aureoncorp.com (the "Site")
  • fill out the contact form
  • subscribe to the newsletter
  • use services related to the AureonLead product (e.g., customer dashboard, pilot program)

Data Controller

  • Legal name: Mihai-Rafael Iosef
  • Address: Bucharest, Romania
  • Privacy contact email: rafael@aureoncorp.com

2. Types of data processed

2.1 Data provided voluntarily (forms and registrations)

Contact Form ("Contact" page)

When you fill out the contact form we may process:

  • Name and surname
  • Email address
  • Company name / website
  • Country / city / niche (if requested)
  • Message content
  • Other information you choose to include in free text

Aureoncorp Newsletter

When you subscribe to the newsletter we process:

  • Email address
  • Language / communication preferences (if configured on MailerLite side)
  • Technical metadata related to subscription (date, time, IP, possible double opt-in)

AureonLead Account / Pilot Program

If you participate in the pilot program or use the AureonLead dashboard, we may process:

  • Account data: name, surname, email, password (only in encrypted/hash form), language
  • Business data: agency name, website, niche, country/city
  • Service usage data: login, main actions in dashboard, preferences

2.2 Automatically collected data (logs and analytics)

During Site navigation, the following are automatically collected:

  • IP address (possibly anonymized)
  • User agent (browser, operating system)
  • Pages visited and time spent
  • Technical events (errors, HTTP responses)
  • Language preferences

This data is collected through:

  • Google Analytics 4 (GA4)
  • Hosting infrastructure (Vercel)
  • Security and CDN services (Cloudflare)

2.3 B2B lead data (AureonLead)

For the AureonLead product we process B2B data collected from publicly accessible sources, such as:

  • Google Maps, business websites and public directories

Types of data:

  • Business / company name
  • Address, city, country
  • Category / niche
  • Phone number
  • Professional email address (if made public)
  • Website URL
  • Any contact names and roles, if public on the company website

This data is used to provide lists of potential customers (leads) to our agency clients.

Important: the customer using AureonLead is the data controller towards their outreach recipients (leads). We generally act as data processor / service provider with respect to lead data.

3. Processing purposes and legal bases

We process personal data for the following purposes:

3.1 Response to contact requests

  • Purpose: respond to information requests about Aureoncorp and AureonLead, schedule calls, provide quotes.
  • Data: data entered in contact form + technical metadata.
  • Legal basis:
    • Art. 6(1)(b) GDPR – performance of pre-contractual measures at the data subject's request
    • Art. 6(1)(f) GDPR – legitimate interest (efficient management of requests and abuse prevention)

3.2 Newsletter delivery

  • Purpose: send updates on products, educational content, offers and Aureoncorp news.
  • Data: email, language, subscription logs, email interactions (opens, clicks).
  • Legal basis:
    • Art. 6(1)(a) GDPR – explicit consent (opt-in)
  • You can withdraw consent at any time via the "unsubscribe" link in every email.

3.3 Provision of AureonLead and pilot program

  • Purpose:
    • Creation and management of agency accounts
    • Provision of B2B leads and technical audits
    • Lead visualization through dashboard
    • Customer support and technical maintenance
  • Data: customer account data, business data, lead data extracted from public sources.
  • Legal basis:
    • Art. 6(1)(b) GDPR – contract performance
    • Art. 6(1)(f) GDPR – legitimate interest (service improvement, abuse prevention)

For B2B leads, the customer using AureonLead must ensure data is used in compliance with applicable regulations (e.g., GDPR, ePrivacy, local email marketing rules). Aureoncorp is not responsible for how customers use the leads.

3.4 Site usage analysis and improvement

  • Purpose: analyze how the Site is used to improve content, structure and performance.
  • Data: navigation data, anonymous or pseudonymized events.
  • Legal basis:
    • Art. 6(1)(a) GDPR – consent (for non-strictly necessary analytics cookies/tools)
    • Possibly Art. 6(1)(f) GDPR – legitimate interest (for strictly anonymous analytics)

3.5 Security, technical logs and abuse prevention

  • Purpose: prevent fraud, abuse and unauthorized access, protect technical infrastructure.
  • Data: IP address, access logs, user agent, suspicious traffic patterns.
  • Legal basis:
    • Art. 6(1)(f) GDPR – legitimate interest (Site and service security)

4. Processing methods

Data is processed primarily with electronic tools, adopting reasonable technical and organizational measures to:

  • limit access to authorized subjects only
  • protect data from loss, misuse, unauthorized access
  • minimize data processed relative to purposes

We do not use automated decision-making processes or profiling with significant legal effects under Art. 22 GDPR.

5. Data recipients and third-party providers

To provide the Site and services we use third-party providers ("data processors"), including:

  • Vercel Inc. – Site and API hosting
  • Cloudflare Inc. – CDN, security and DDoS protection
  • MailerLite – Newsletter and mailing list management
  • Resend Inc. – Transactional email delivery (contact form notifications)
  • Supabase – Database and backend (for AureonLead)
  • Upstash – Managed Redis for API rate limiting
  • Google LLC – Google Analytics 4, only with prior consent (if activated)
  • Neverbounce LLC – Email address verification for leads extracted by AureonLead (not used for aureoncorp.com marketing site)
  • Any other technical providers we may add in the future, always respecting the minimization principle.

With all providers we sign, where necessary, Data Processing Agreements (DPA) and/or use Standard Contractual Clauses (SCC) for extra-EU transfers.

6. Data transfers to non-EU countries

Some providers (e.g., Google, Vercel, Cloudflare, Resend, Neverbounce, Supabase) may be located in countries outside the European Economic Area (EEA), such as the United States.

In these cases:

  • The transfer occurs, where required, based on Standard Contractual Clauses (SCC) adopted by the European Commission.
  • We adopt additional security measures where technically and contractually possible.

However, we cannot completely exclude residual risks related to the local legislation of third countries.

7. Data retention periods

We retain data only for the time necessary for the indicated purposes:

  • Contact form data: up to 24 months from last useful interaction, except ongoing contractual relationships.
  • Newsletter data: until consent withdrawal (unsubscribe) or prolonged inactivity; afterwards may be retained only in aggregated/anonymous form.
  • AureonLead account data: for the entire duration of the contractual relationship and for a subsequent maximum period of 5 years for tax and legal protection purposes.
  • Technical and security logs: generally up to 12 months, except extension needed for security incident investigations.
  • Analytics data: according to GA4 settings (e.g., 14 months), or different period indicated in Cookie Policy.

8. Data subject rights

As a data subject you have the right to:

  • obtain confirmation of the existence or not of data concerning you (Art. 15 GDPR)
  • request rectification of inaccurate data or completion of incomplete data (Art. 16)
  • request erasure of data in the cases provided (Art. 17)
  • request restriction of processing (Art. 18)
  • receive data in structured, commonly used and machine-readable format (Art. 20)
  • object at any time to processing based on legitimate interest (Art. 21)
  • withdraw consent at any time (for newsletter or other consent-based processing)

To exercise your rights you can write to us at: rafael@aureoncorp.com

You also have the right to lodge a complaint with a competent supervisory authority (e.g., Privacy Authority of your country of residence).

9. Minors

Our services are designed for professionals and businesses (B2B). We do not knowingly process data of minors under 16 years of age. If you believe a minor has provided us with personal data, contact us to request removal.

10. Changes to this policy

We may periodically update this Privacy Policy, for example in case of:

  • changes to services offered
  • regulatory changes
  • introduction of new providers or functionalities

The always updated version is published on this page, with indication of the last update date.

11. Contact

For any questions regarding this Privacy Policy you can contact us at: