Privacy Policy

Privacy Policy

Effective Date: 11.05.2026 | Last Updated: 11.05.2026

Welcome to AUREX (“AUREX”, “we”, “our”, or “us”), a subscription-based intelligence, forecasting, reporting, and analytics platform operated by Hybrid Core BV. This Privacy Policy explains how we collect, use, process, disclose, and protect your personal data when you use the AUREX platform, website, dashboard, reports, APIs, chatbot, subscriptions, and related services.

By using AUREX, you acknowledge that you have read and understood this Privacy Policy.

1. Data Controller

Hybrid Core BV

Belgium

Email: info@hybridcore.eu

Website: hybridcore.eu

Hybrid Core BV acts as the data controller for personal data processed through AUREX unless otherwise specified in enterprise agreements.

2. Scope of This Policy

This Privacy Policy applies to:

• AUREX subscriptions and payment services
• User registration and authentication
• Dashboard and analytics services
• AI-powered reports and forecasting
• Chat and scenario tools
• WhatsApp and email delivery services
• APIs and enterprise integrations
• Customer support and operational monitoring

The platform includes multiple subscription tiers, dashboards, reporting, chatbot functionality, credits/top-ups, and enterprise integrations.

3. Information We Collect

3.1 Account & Identity Information

When you register or use AUREX, we may collect:

• Full name
• Email address
• Password or federated identity credentials
• Organization/company name
• Time zone preferences
• Authentication identifiers
• User roles and permissions

Authentication may be provided through Microsoft Entra External ID / Azure AD B2C or enterprise SSO providers.

3.2 Subscription & Billing Information

When purchasing subscriptions or add-ons, we may process:

• Subscription tier
• Billing address
• Payment status
• Stripe customer identifiers
• Invoice and transaction metadata
• Credit balances and usage
• Purchase history

Payments are securely processed via Stripe. AUREX does not store complete credit card details on its systems.

3.3 Communication & Delivery Information

If you enable email or WhatsApp delivery, we may process:

• Email address
• Phone number
• Delivery preferences
• WhatsApp consent status
• OTP verification status
• Message delivery receipts
• Opt-out records

WhatsApp delivery requires explicit consent and phone verification.

3.4 Usage & Analytics Data

We may collect operational and usage data including:

• Login timestamps
• IP addresses
• Device/browser metadata
• Session information
• Dashboard usage
• API requests
• Chat interactions
• Report generation history
• Forecast and scenario requests
• Credit consumption

The system also logs operational metrics and delivery success/failure events.

3.5 AI, Forecasting & Audit Data

When you use forecasting, reports, or scenario tools, AUREX may store:

• Snapshot IDs
• Forecast outputs
• Evidence references
• Model versions
• User-triggered scenarios
• Audit records
• Confidence indicators
• Timestamps

Certain tiers include immutable audit logging for compliance and traceability.

4. How We Use Your Data

We process personal data for the following purposes:

Service Delivery

• Creating and managing accounts
• Delivering subscriptions and entitlements
• Operating dashboards and reports
• Providing AI-powered forecasting and analytics
• Enabling enterprise integrations

Billing & Payments

• Processing subscription payments
• Managing renewals, upgrades, downgrades, and refunds
• Detecting payment failures and fraud

Communications

• Sending reports via email and WhatsApp
• Delivering account notifications
• Sending transactional and support communications

Security & Compliance

• Preventing fraud and abuse
• Enforcing access controls and RBAC
• Maintaining audit logs
• Monitoring platform integrity
• Meeting legal obligations

Product Improvement

• Improving forecasting quality
• Monitoring performance and reliability
• Enhancing user experience
• Conducting analytics and troubleshooting

5. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), we process personal data under the following legal bases:

6. AI & Forecasting Disclaimer

AUREX provides AI-assisted forecasts, market insights, reasoning systems, and scenario simulations. Certain outputs may be generated using machine learning and large language model technologies.

• All forecasts, recommendations, and reports are provided for informational purposes only.
• AUREX does not provide financial, investment, legal, or tax advice.
• The platform includes “Not financial advice” disclaimers within applicable reports and dashboards.
• Users remain solely responsible for their financial and business decisions.

7. Third-Party Service Providers

We may share limited personal data with trusted service providers necessary to operate AUREX, including:

We may also use infrastructure, analytics, monitoring, and support vendors under appropriate contractual safeguards.

8. Data Retention

We retain personal data only as long as necessary for:

• Providing services
• Fulfilling contractual obligations
• Maintaining audit and compliance records
• Resolving disputes
• Meeting legal obligations

Retention periods may vary depending on:

• Subscription status
• Enterprise agreements
• Financial regulations
• Security and audit requirements

Audit records related to enterprise forecasting and scenarios may be retained longer for governance and compliance purposes.

9. Security Measures

We implement technical and organizational safeguards including:

• Encrypted communications (HTTPS/TLS)
• Secure authentication
• RBAC and enterprise access controls
• Audit logging
• Monitoring and observability
• Rate limiting
• Session expiration controls
• Webhook signature verification
• Tenant isolation for enterprise APIs

The platform includes enterprise-grade SSO, RBAC, audit, and SLA features for Tier 5 customers.

10. International Data Transfers

Your data may be processed in countries outside your jurisdiction, including countries outside the EEA. Where required, we implement safeguards such as:

• Standard Contractual Clauses (SCCs)
• Contractual data protection agreements
• Security and access controls

11. Your Rights

Depending on your jurisdiction, you may have the right to:

• Access your personal data
• Correct inaccurate information
• Delete your data
• Restrict processing
• Object to processing
• Withdraw consent
• Request portability
• Lodge complaints with supervisory authorities

To exercise your rights, contact: info@hybridcore.eu

12. WhatsApp Consent & Opt-Out

Users enabling WhatsApp delivery must provide explicit consent and complete OTP verification.

You may opt out at any time by:

• Sending “STOP”
• Changing delivery preferences in-app
• Contacting support

When a STOP request is received, AUREX disables WhatsApp delivery immediately while keeping email delivery active.

13. Children's Privacy

AUREX is not intended for individuals under the age of 18. We do not knowingly collect personal data from children.

14. Enterprise Customers

Enterprise customers using Tier 5 integrations may operate under separate:

• Data Processing Agreements (DPAs)
• Enterprise SLAs
• Security agreements
• Compliance requirements

Enterprise administrators may control:

• RBAC policies
• SSO integrations
• API access
• Tenant-level governance settings

15. Changes to This Privacy Policy

We may update this Privacy Policy periodically. If material changes occur, we will notify users through:

• Email notifications
• Dashboard notices
• Website announcements

The “Last Updated” date at the top of this policy reflects the latest revision.

16. Contact Us

For privacy-related inquiries, requests, or complaints:

Hybrid Core BV

Belgium

Email: info@hybridcore.eu

Website: hybridcore.eu