Effective Date: March 23, 2026 | Last Updated: March 23, 2026
This Privacy Policy explains how GoShapers L.L.C-FZ ("we," "us," or "our") collect, use, disclose, and protect your personal information when you use the Auralyo application and related services (the "Service"). It describes your rights under the EU General Data Protection Regulation ("GDPR"), UK GDPR, and the California Consumer Privacy Act ("CCPA").
GoShapers L.L.C-FZ is the sole data controller for all users of the Service worldwide.
GoShapers L.L.C-FZ is the sole data controller for all users of the Service worldwide.
3.1 Directly from you
We collect data you provide when you: (a) register an account; (b) complete the focus quiz; (c) make a purchase; (d) contact our support team; or (e) subscribe to marketing communications.
3.2 Automatically
When you use the Service, we automatically collect: IP address, device and browser information, operating system, app version, session events, and in-app behaviour via analytics tools.
3.3 From third parties
We may receive information from payment processors (transaction confirmation), advertising platforms (ad attribution), and app stores (purchase validation).
We share your data only with trusted service providers who process it on our behalf under written data processing agreements compliant with GDPR Article 28. We do not sell your personal information. Our current processors include:
We may also disclose your data: (a) to comply with a legal obligation or court order; (b) to protect the rights, property, or safety of Auralyo, our users, or the public; or (c) in connection with a merger, acquisition, or sale of assets.
GoShapers L.L.C-FZ is based in Dubai, UAE. Your data may be transferred to and processed in countries outside your home jurisdiction. We rely on the following safeguards:
• EU-US Data Privacy Framework (DPF): Processors certified under the EU-US DPF (approved by the European Commission in July 2023) provide adequate protection under GDPR.
• Standard Contractual Clauses (SCCs): Where DPF certification is unavailable, we use EU Commission-approved SCCs (2021 edition).
• UK IDTA: For transfers from the UK, we use the UK International Data Transfer Agreement or UK Addendum to SCCs.
• UAE transfers: Transfers to or from the UAE are governed by the UAE Federal Decree-Law No. 45 of 2021 on Personal Data Protection. GoShapers L.L.C-FZ complies with all applicable requirements of this law.
You may request a copy of the relevant safeguards by contacting privacy@auralyo.com.
6.1 EEA / UK Users — GDPR Rights
If you are located in the EEA or UK, you have the following rights:
• Right of access — to obtain a copy of the personal data we hold about you
• Right to rectification — to correct inaccurate or incomplete data
• Right to erasure — to request deletion of your data, subject to legal retention obligations
• Right to restriction — to limit how we process your data in certain circumstances
• Right to data portability — to receive your data in a structured, machine-readable format
• Right to object — to object to processing based on legitimate interests or for direct marketing
• Right to withdraw consent — where processing is based on consent, withdraw at any time
• Right to lodge a complaint — with your local supervisory authority (e.g., ICO in the UK)
To exercise these rights, email privacy@auralyo.com. We will respond within 30 days.
6.2 California Residents — CCPA / CPRA Rights
If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):
• Right to know — categories and specific pieces of personal information collected in the prior 12 months
• Right to delete — request deletion of personal information, subject to certain exceptions
• Right to correct — request correction of inaccurate personal information
• Right to opt-out of sale or sharing — Auralyo does not sell personal information. Pseudonymised advertising data sharing may be opted out via Cookie Policy settings
• Right to limit use of sensitive personal information
• Right to non-discrimination — we will not discriminate against you for exercising CCPA rights
To exercise CCPA rights, email privacy@auralyo.com with "California Privacy Rights Request" in the subject line. We will respond within 45 days. You may designate an authorised agent by providing written authorisation.
6.3 All Users
Regardless of location, you may contact us to: (a) access your data; (b) correct inaccurate data; (c) delete your account; or (d) opt out of marketing communications at any time.
We retain personal data for as long as necessary to fulfil the purposes described in this Policy, unless a longer retention period is required by law. Specific retention periods are set out in the GDPR Article 6 table in Section II. When data is no longer needed, it is securely deleted or anonymised.
We use cookies and similar tracking technologies on our website and web quiz funnel. For full details, please see our Cookie Policy at auralyo.com/cookie-policy. We use a Consent Management Platform (CMP) that requires your explicit consent before placing non-essential cookies. You can update your cookie preferences at any time via "Cookie Settings" in the footer.
The Service is intended for users aged 18 and older. We do not knowingly collect personal data from individuals under 18. If you believe a minor has submitted personal data to us, please contact privacy@auralyo.com immediately and we will promptly delete it.
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, alteration, or disclosure, including encryption in transit (TLS), encrypted storage, and access controls. No transmission over the internet is 100% secure.
In the event of a security breach reasonably likely to result in harm to users, we will notify affected users and relevant supervisory authorities as required by applicable law. Under GDPR, we will notify the relevant supervisory authority within 72 hours of becoming aware of a qualifying breach. We will notify affected users without undue delay via email and/or prominent in-app notice.
Auralyo does not make decisions that produce significant legal effects concerning you based solely on automated processing, including profiling, within the meaning of GDPR Article 22.
We may update this Privacy Policy from time to time. Material changes will be communicated via email or in-app notice at least 30 days before taking effect. Continued use of the Service after changes take effect constitutes acceptance.
• Email: privacy@auralyo.com
• Response time: 30 days (EEA/UK users); 45 days (California users)
• For UAE data protection enquiries: GoShapers L.L.C-FZ, Meydan Grandstand, 6th floor, Meydan Road, Nad Al Sheba, Dubai, U.A.E.