GDPR Notice

EU/EEA data protection notice. Last updated: March 8, 2026

This notice explains how AuraQuill processes personal data for users in the EU and EEA. Read it together with the Privacy Policy.

Data controller: AuraQuill · support@auraquill.app

Lawful bases for processing

We process personal data under the following legal bases:

Contract

Providing core note-taking, transcription, and account services.

Legitimate interests

Service security, performance monitoring, and product improvement.

Consent

Where required for optional analytics or marketing-related processing.

Legal obligation

Where processing is required to comply with applicable law.

Third-party data processors

Processors currently used in the AuraQuill product stack. Each is bound by a Data Processing Agreement (DPA) or equivalent contractual commitment.

Processor	Purpose	Data types	Region
Supabase	Authentication, managed PostgreSQL database, and object storage	Account data, notes, audio files	AWS ap-south-1
Google OAuth	Federated sign-in and identity verification	Email, Google account ID, profile metadata	Global (Google infrastructure)
AssemblyAI	Audio transcription processing	Audio files (when transcription is enabled)	US (primary)
Groq	Transcription (Whisper) and AI feature processing	Audio files, note content (when AI features are used)	US
PostHog	Product analytics and behavioural event tracking	Usage events, device/browser metadata, IP-derived data	EU or US (deployment-dependent)
OpenAI / Anthropic / Google Gemini	Optional AI model routing when configured	Note content submitted to AI features (when enabled)	US / Global

Optional AI providers (OpenAI, Anthropic, Google Gemini) are only active when the AI router is configured in the backend deployment.

Your data subject rights

Under GDPR Art. 15-22, you have the following rights:

Right to access: Request a copy of personal data we hold about you.
Right to rectification: Request correction of inaccurate data.
Right to erasure: Request deletion of your account and associated data ("right to be forgotten").
Right to restriction: Request that we limit processing of your data in certain circumstances.
Right to portability: Request export of your data in a structured, machine-readable format.
Right to object: Object to processing based on legitimate interests.
Right to withdraw consent: Where processing relies on consent, withdraw it at any time.

International transfers

Some processors listed above may handle data outside your country of residence. Where required, AuraQuill uses appropriate safeguards for international data transfers - including Standard Contractual Clauses (SCCs) and vendor security commitments.

How to submit a GDPR request

Send your request to support@auraquill.app from the email address linked to your AuraQuill account. Include the request type (access, deletion, export, objection) and any relevant context so we can process it accurately. We will respond within 30 days as required.

This notice is provided for transparency and is not legal advice. For organisation-specific legal requirements, consult qualified counsel.

support@auraquill.app Privacy Policy →