Privacy Policy

1. Introduction

Auctra Inc. ("Auctra," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our authorization infrastructure service (the "Service").

By using our Service, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, do not use our Service.

2. Information We Collect

2.1 Information You Provide

• Account Information: Name, email address, company name, and contact details
• Payment Information: Billing address and payment method details (processed by third-party payment providers)
• API Credentials: API keys and secrets you generate for authentication
• Configuration Data: Policy settings, spending limits, and authorization rules

2.2 Transaction Data

• Authorization requests and decisions
• Transaction amounts and merchant categories
• Instrument identifiers (tokenized, not full card numbers)
• Timestamps and IP addresses of API requests

2.3 Automatically Collected Information

• Log data including IP addresses, browser type, and operating system
• Usage data including API endpoint usage and performance metrics
• Cookies and similar tracking technologies for authentication and analytics

3. How We Use Your Information

We use the collected information for:

• Service Delivery: Process authorization requests and enforce spending policies
• Account Management: Create and manage your account, provide customer support
• Security: Detect fraud, prevent abuse, and maintain system security
• Analytics: Analyze usage patterns to improve service performance
• Communications: Send service updates, security alerts, and marketing (with consent)
• Compliance: Meet legal obligations including AML/BSA requirements

4. Information Sharing and Disclosure

4.1 Service Providers

We share information with third-party service providers who perform services on our behalf:

• Cloud infrastructure providers (AWS)
• Payment processors
• Analytics and monitoring services
• Customer support tools

4.2 Legal Requirements

We may disclose information to comply with legal obligations, respond to subpoenas, protect our rights, or investigate fraud.

4.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity.

4.4 With Your Consent

We may share information for other purposes with your explicit consent.

5. Data Security

We implement appropriate technical and organizational measures to protect your information:

• Encryption in transit (TLS 1.3) and at rest (AES-256)
• Access controls and multi-factor authentication
• Regular security audits and penetration testing
• SOC 2 Type II certified infrastructure
• Incident response procedures and breach notification

6. Data Retention

We retain your information for as long as necessary to provide services and comply with legal obligations. Transaction logs are retained for 7 years to meet financial services record-keeping requirements. You may request deletion of your account data, subject to legal retention requirements.

7. Your Rights

Depending on your location, you may have rights including:

• Access: Request a copy of your personal information
• Correction: Update inaccurate or incomplete information
• Deletion: Request deletion of your personal information
• Portability: Receive your data in a machine-readable format
• Opt-out: Unsubscribe from marketing communications
• Object: Object to processing based on legitimate interests

To exercise these rights, contact us at privacy@auctra.io

8. International Transfers

Your information may be transferred to and processed in countries other than your own. We use Standard Contractual Clauses approved by the European Commission for transfers from the EU/EEA.

9. Children's Privacy

Our Service is not directed to individuals under 18. We do not knowingly collect personal information from children. If you believe we have collected information from a child, contact us immediately.

10. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes by email or through the Service. Continued use after changes constitutes acceptance of the updated policy.

11. Contact Us

For questions about this Privacy Policy or our privacy practices: