Privacy Policy

Last updated: June 2, 2026

This Privacy Policy describes how Aura World LLC ("we," "us," or "our") accesses, collects, stores, uses, and shares ("processes") your personal information when you use ChatGRP (the "Services"), including when you visit https://chatgrp.app, register for and use ChatGRP, or contact us.

Questions? If you do not agree with our policies and practices, please do not use the Services. You can reach us at [email protected].

Summary of key points

What we process: the account details you give us, the content you create in your rooms, your usage of the Services, and basic technical/device information. We do not ask for sensitive information (e.g., health, biometric, racial/ethnic, religious data) — please don't include it in your content; if you do, it is processed as room content.
Where your content goes: to generate responses, we send your room content (your messages and any document you mark "Share with agents") to the AI providers active in that room — Anthropic (Claude), OpenAI (GPT), and Google (Gemini).
We do not sell your data, and we do not share it with third parties for their own marketing.
Your content is yours. We claim no ownership of your rooms, messages, notes, or documents.
Your rights: you can access, correct, export, or delete your information — see "Your privacy rights" below.

1. What information do we collect?

Information you provide:

Account: email address, display name, and a selected avatar. If you sign in with Google, we receive basic profile information (name, email, profile picture) from Google.
Room content: the messages you send, room names and purposes, notes, documents/artifacts (we keep a version history, up to the most recent 20 versions), and any document you mark "Share with agents."
Payment: processed by Stripe. We store billing/subscription identifiers; we do not store your full card details (Stripe handles those).
Feedback: any feedback or ratings you submit in the product.
Communications: anything you send us when you contact support.

Information collected automatically: when you use the Services we collect basic technical information such as IP address, browser/device characteristics, and usage/activity information (e.g., room and message activity logs), primarily to keep the Services secure and operational. We do not use any third-party analytics tools. Server and platform logs are short-lived (on the order of an hour to a day).

Sensitive information: we do not request sensitive personal information and ask that you not include it in your messages, notes, or documents. Because room content is free-form, anything you choose to include will be processed as part of your room content.

We do not buy or collect personal information from data brokers, marketing partners, or public databases.

2. How do we process your information?

To provide the Services, including sending your room content to the AI providers to generate responses.
To manage your account and authenticate you.
To process payments and manage subscriptions (via Stripe).
To communicate with you (service/transactional messages; and, if you opt in, product updates — see "Marketing").
For security and fraud prevention.
To comply with legal obligations.
To improve the Services using de-identified/aggregated data only (see "Improving ChatGRP").

We process your information only when we have a valid legal basis to do so (performance of our contract with you, your consent, our legitimate interests, or legal compliance).

Service providers (subprocessors). We share information with vendors who process it on our behalf to run the Services:

Provider	Purpose	What they receive
Supabase	database, authentication, realtime, auth emails	account info + your room content (US-hosted)
Vercel	hosting	requests, technical/log data
Stripe	payments	email, display name, billing/subscription details
Anthropic, OpenAI, Google	AI responses	your room content (see below)
Google	sign-in (OAuth)	your Google profile basics, if you use Google sign-in
Brave Search	web search	your search query
Firecrawl	fetching web pages	the URL and page content requested
Resend	invite emails	recipient email, inviter name, room name, invite link

AI providers and your content. To generate responses, we send your room content — your messages and any document you mark "Share with agents" — to the AI model providers active in that room (Anthropic, OpenAI, Google). They process it to return a response and, under their API/paid-tier terms, do not use it to train their models. (OpenAI and Anthropic do not train on API data by default; we use Google Gemini on its paid tier, which Google does not use to train its models.) Providers may retain content briefly for safety, abuse-monitoring, or legal-compliance purposes (for example, OpenAI may retain API inputs and outputs for up to 30 days for abuse monitoring).

Web search & links. On paid plans, agents may automatically search the web when your request calls for recent or sourced information. Your search query is sent to Brave Search, and selected result URLs — along with any URL you share — may be fetched via Firecrawl to retrieve page content for the agents to read.

Other people in your rooms. Rooms can be shared via invite link. Anything you put in a shared room is visible to the other members of that room.

Business transfers. We may share information in connection with a merger, financing, or sale of our business.

Legal and safety. We may disclose information where required by law or to protect rights and safety.

We do not sell your personal data or your room content. We do not share it with third parties for their own advertising or marketing.

4. Cookies and tracking

We use only essential and functional cookies and browser storage required for the Services to work — for authentication/session, checkout, and remembering basic UI preferences. We do not use advertising, analytics, or marketing cookies or pixels. If that changes, we will update this policy and our Cookie Policy and, where required, request your consent. See our Cookie Policy for the full list.

If you register or log in using Google, we receive basic profile information (name, email address, profile picture) from Google. We use it only as described here. We are not responsible for Google's own use of your information; review Google's privacy policy for details.

6. International data transfers

Our infrastructure and AI providers are based in the United States (e.g., Supabase, us-east-1). If you are in the EEA, UK, or Switzerland, your information will be transferred to and processed in the US. We rely on appropriate safeguards for these transfers, including Standard Contractual Clauses and our providers' Data Processing Agreements where available.

7. How long do we keep your information?

We keep your information for as long as your account is active or as needed to provide the Services, unless a longer period is required by law (e.g., tax/accounting). Room-related data — including messages, document version history (up to 20 versions), orchestration logs, activity logs, and feedback — is retained while the related room or account is active and is deleted when the room or account is deleted. Server/platform logs are short-lived. When you delete your account, we delete or anonymize your personal data and room content from our active systems within 30 days; residual copies in backups are purged on our normal backup rotation.

8. Information from minors

The Services are intended for adults. We do not knowingly collect information from, or market to, anyone under 18. By using the Services you represent that you are at least 18. If we learn we have collected information from someone under 18, we will deactivate the account and delete the data. Contact us at [email protected] if you believe we have such data.

9. Your privacy rights

Depending on where you live, you may have rights to access, correct, export, delete, restrict, or object to the processing of your personal information, and to withdraw consent where we rely on it. EEA/UK residents have rights under the GDPR/UK GDPR, including the right to lodge a complaint with your local data protection authority. California residents have rights under the CCPA/CPRA, including the rights to know, delete, and correct, the right to opt out of the sale or sharing of personal information (we do not sell or share it), the right to limit the use of sensitive personal information (we do not collect it), and the right not to be discriminated against for exercising these rights.

How to exercise your rights: email [email protected]. You can delete your account and its associated data directly from your account settings, or by contacting us. When you do, we delete or anonymize your personal data and room content within 30 days, and backup copies are removed on our normal rotation. We may retain limited information where required to prevent fraud, resolve disputes, or comply with law. We respond to verified requests within the timeframes required by applicable law.

10. Content ownership

You retain ownership of the content you create in ChatGRP. We claim no ownership of your rooms, messages, notes, or documents. You grant us only the limited permission needed to operate the Services — for example, transmitting your content to the AI providers to generate responses.

11. Improving ChatGRP (de-identified only)

We may use de-identified and aggregated information — data that cannot reasonably be used to identify you — to understand usage and improve the Services, including the quality of agent responses. We never sell this information, and we never use your identifiable content to train third-party AI models. (This is a reserved capability; it is not currently active.)

12. Marketing communications

We send service/transactional emails (e.g., verification, billing, security, and important changes such as updates to these terms) — these are part of using the Services. We send marketing emails (e.g., product updates and tips) only if you opt in, and you can unsubscribe at any time.