Privacy Policy
Last updated: April 15, 2026
1. Introduction
This Privacy Policy explains how Aurave ("we", "us", "our") collects, uses, and protects your personal data when you use our service at aurave.live. We are committed to protecting your privacy and complying with the EU General Data Protection Regulation (GDPR).
2. Data We Collect
2.1 When you purchase
- Email address (collected by Gumroad, forwarded to us for license delivery)
- License key associated with your purchase
2.2 When you activate your widget
- Last.fm username (provided by you via Last.fm OAuth)
- Last.fm session key (obtained via Last.fm OAuth – used to identify your account)
- License key
2.3 Automatically during widget use
- Widget activity timestamps (last active time)
- IP address (logged for license abuse detection)
- Browser user agent string
3. How We Use Your Data
| Data | Purpose | Legal Basis |
|---|---|---|
| Email address | Delivering your license key | Contract performance |
| Last.fm username | Fetching your Now Playing data | Contract performance |
| Last.fm session key | Authenticating with Last.fm API | Contract performance |
| IP address | Detecting license key sharing/abuse | Legitimate interest |
| Activity timestamps | Service improvement | Legitimate interest |
We do not sell, rent, or share your personal data with third parties for marketing purposes.
4. Third-Party Services
Aurave uses the following third-party services that may process your data:
- Gumroad — payment processing and email delivery
- Supabase — database storage. Data is stored on EU servers (Frankfurt)
- Last.fm / CBS Interactive — music scrobbling and authentication
- Resend — transactional email delivery
- Vercel — website hosting
5. Data Retention
- License and widget configuration data: retained for as long as your license is active
- IP address logs: retained for 90 days
- Email address: retained for 1 year after purchase for support purposes
You may request deletion of your data at any time by contacting support@aurave.live.
6. Your Rights (GDPR)
As an EU resident, you have the following rights:
- Right of access — request a copy of your personal data
- Right to rectification — correct inaccurate data
- Right to erasure — request deletion of your data ("right to be forgotten")
- Right to restriction — limit how we process your data
- Right to data portability — receive your data in a machine-readable format
- Right to object — object to processing based on legitimate interest
To exercise any of these rights, contact us at support@aurave.live. We will respond within 30 days.
7. Cookies
Aurave does not use tracking cookies or advertising cookies. We use localStorage in your browser solely to remember your widget token for convenience (so you can return to your dashboard without re-entering your license key).
8. Data Security
We implement appropriate technical and organizational measures to protect your data, including:
- Encrypted database storage (Supabase with Row Level Security)
- HTTPS-only connections (enforced by Vercel)
- API keys stored as environment secrets, never exposed to clients
9. Children's Privacy
Aurave is not directed at children under 13. We do not knowingly collect personal data from children under 13.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify users of significant changes by updating the "Last updated" date at the top of this page.
11. Contact & Complaints
For privacy-related questions or complaints: support@aurave.live
If you are not satisfied with our response, you have the right to lodge a complaint with the Hungarian National Authority for Data Protection and Freedom of Information (NAIH): naih.hu