1. Introduction

AURA and its affiliates ("AURA", "we", "us", "our") respect and acknowledge the importance of protecting yourpersonal information. This Privacy Policy explains how we collect, use, share, and protect your data when you use ourservices or interact with our website.

AURA acts as a "Responsible Party" under South Africa’s POPIA, a "Controller" under the EU/UK GDPR, a "DataController" under the Kenya Data Protection Act (KDPA), and a "Business" under the California ConsumerPrivacy Act (CCPA/CPRA).

We do not process personal data relating to children unless we have obtained prior explicit consent from a parent orlegal guardian.

This Privacy Policy should be read together with any other privacy notices we may provide on specific occasions. Itsupplements other notices and is not intended to override them.

‍

2. What Personal Information We Collect

To provide our life-critical services, we must collect the minimum information necessary. Refusing to provide essentialdata may prevent us from delivering the service you have requested, and we may have to cancel your subscription. Wewill notify you if this is the case.The types of personal information we collect include:

• Identity & Contact Data: Your first name, surname, email address, and phone number
• Live Location & Incident Data (Special Personal Information): Your real-time, precise geolocation datawhen you activate an alert, along with recordings of emergency calls and incident details. This is essential fordispatching help to your exact location.
• Health Data (Special Personal Information): Health-related information or medical insurance details thatyou voluntarily provide to assist responders in an emergency.
• Financial Data: Payment card information, such as cardholder name and primary account number, requiredto process payments for our services
• Technical Data: Information about your device, IP address, browser type, and how you interact with ourwebsite and application, collected via cookies and similar technologies.
• Profile & Preference Data: Your account login information, gender, age, country, preferred language, andmarketing preferences.

‍

3. How We Collect Your Personal Information

• Activate an Emergency Alert: We collect your live location and record the call to manage the response.
• Create an Account: You provide identity, contact, and payment information to sign up for our services.
• Communicate With Us: We collect information when we respond to your inquiries or you provide feedback.
• Use Our Website or App: We automatically collect Technical Data about your device and browsing actionsthrough cookies and other technologies.
• Engage with Third Parties: We may receive information from business partners with whom we offer cobranded services or from public databases, where permitted by law.

‍

4. How and Why We Use Your Personal Information

We only use your personal information when the law allows us to. Our purposes for processing your data, and the

• To Provide Emergency Services: To dispatch security and medical responders to your live location.
  • Lawful Basis: Performance of a Contract, Protection of Vital Interests, and your Explicit Consentfor Special Personal Information.
• To Manage Our Business Relationship: To process payments, manage your account, and keep our recordsupdated.
  • Lawful Basis: Performance of a Contract, Legitimate Interest.
• To Communicate With You: To send you critical service-related communications, respond to your requests,and obtain feedback.
  • Lawful Basis: Performance of a Contract, Legitimate Interest
• To Improve Our Services: To develop our products, improve our website, and provide a personalisedexperience.
  • Lawful Basis: Legitimate Interest.
• To Send Marketing Communications: To inform you about our services and solutions, where you haveopted in.
  • Lawful Basis: Consent.
• To Meet Legal Obligations: To comply with legal, regulatory, and contractual requirements.
  • Lawful Basis: Legal Obligation.

We will only use your personal information for the purpose for which it was collected, unless we reasonably considerthat we need to use it for another compatible reason.

‍

5. Sharing Your Personal Information

We may share your personal information with the following parties for the purposes outlined above:

• Emergency Responders: Our network of third-party security and medical response partners receive your livelocation and incident details to provide you with assistance. This is the core function of our service.
• Service Providers and Vendors: Our technology partners who provide essential services, such as our cloudhosting providers and payment processors. These parties are contractually required to protect your data andare not permitted to use it for their own purposes.
• Business Affiliates: Our subsidiaries or parent company, who are bound by this Privacy Policy.
• Legal and Regulatory Authorities: In response to a lawful request for information from a competentauthority, or where necessary to comply with a legal obligation or protect the rights, property, or safety ofAURA or others.
• Parties in a Corporate Transaction: In connection with a merger, sale of company assets, or acquisition ofour business.

‍

6. International Data Transfers

To provide our services, your personal information may be processed and stored in countries outside of your country ofresidence, which may not have the same level of data protection. We implement legal safeguards, such as StandardContractual Clauses (SCCs), International Data Transfer Agreements (IDTAs) for the UK, and compliance withSection 48 of the KDPA for Kenya, to ensure your data remains protected.

‍

7. Security of Your Personal Information

AURA is committed to protecting your personal information from misuse, loss, and unauthorised access. We use acombination of physical, administrative, and technical safeguards, including encryption at rest and in transit, and strictaccess controls. We also contractually require any third parties who handle your data to implement equivalent securitymeasures.

While we make every effort to secure our systems, the internet is not completely secure. When you submit personalinformation online, we cannot guarantee its absolute security.

‍

8. Your Data Protection Rights

You have rights concerning your personal information. Subject to applicable laws (GDPR, POPIA, KDPA, CCPA),you have the right to:

• Request Access: Receive a copy of the personal information we hold about you.
• Request Correction: Have any incomplete or inaccurate information we hold about you corrected.
• Request Erasure: Ask us to delete your personal information where there is no good reason for us tocontinue processing it. You may also submit a deletion request directly through the app under Menu → Aboutyou → Profile → Delete my profile.
• Object to Processing: Object to the processing of your personal information where we are relying on alegitimate interest.
• Request Restriction of Processing: Ask us to suspend the processing of your personal information in certainscenarios.
• Request Data Portability: Request the transfer of your personal information to you or to a third party in astructured, machine-readable format.
• Withdraw Consent: Withdraw your consent at any time where we are relying on consent to process yourdata.

To exercise any of these rights, please contact our Information Officer. We may need to request specific informationfrom you to confirm your identity. We aim to respond to all legitimate requests within 30 days.

‍

9. Cookies and Similar Technologies

When you visit our website, we use cookies and similar technologies to improve your browsing experience,authenticate you, analyse site performance, and measure traffic patterns. You can control or block cookies by changingthe settings on your web browser, but be aware that restricting cookies may impact the functionality of our website.

‍

10. Data Retention

We retain your personal information for up to 10 years, and only for as long as is necessary to fulfil the purposes forwhich it was collected, or to comply with legal, accounting, or reporting requirements. For example, incident data maybe retained to comply with legal obligations or for litigation purposes, while marketing data is kept until you notify usthat you no longer wish to receive such communications.

‍

11. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. Any updates will be posted on our website with a revised "LastUpdated" date.

‍

12. How to Contact Us

We have appointed an Information Officer to oversee questions related to this Privacy Policy. If you have anyquestions, concerns, or complaints about how we handle your personal information, please contact our InformationOfficer at infosec@aura.services.

If you are unsatisfied with our response, you have the right to file a complaint with your local data protection authority.