Privacy Policy

Note for site administrators: This document has been reviewed for accuracy against the current codebase. It should be reviewed by a qualified legal professional before being treated as a binding policy, particularly with respect to applicable data protection laws in your jurisdiction (e.g. the Privacy Act 1988 (Cth), GDPR, CCPA).

1. Introduction

Aurexum (“we,” “our,” or “us”) is committed to protecting your personal information. This Privacy Policy explains what data we collect, how we use it, and the choices available to you when you use our fragrance price comparison platform (the “Service”).

By using the Service, you consent to the collection and use of information in accordance with this Privacy Policy. If you do not agree with this Policy, please discontinue use of the Service.

This Policy should be read together with our Terms of Service and Cookie Policy, both of which are incorporated by reference.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

• Email address
• Display name or username (if provided)
• Encrypted password hash — we never store passwords in plain text

2.2 Account Activity & Preferences

When you use account features, we store:

• Watchlist items — products you have saved to track
• Price alert configurations — target prices and the products you are tracking
• Display currency and country preference
• Any other preferences you set in your account settings

2.3 Usage & Interaction Data

We automatically collect certain information when you interact with the Service, including:

• Pages viewed and features accessed
• Search queries and filters applied
• Retailer links clicked (used for affiliate tracking and Service improvement)
• Browser type, operating system, and device type
• IP address (used for initial country/currency detection via Cloudflare geo-detection; not stored long-term)
• Referring URLs and session duration

Where you have consented, this data is also collected via Google Analytics and is used to improve the Service. Analytics data is aggregated and anonymised and is not linked to your personal identity.

2.4 Data Stored Locally in Your Browser

Some features store data directly in your browser rather than on our servers:

• Fragrance Finder state — your note profile selections and match preferences are saved in localStorage under the key aurexum_ff_v1 so the tool remembers your choices between visits.
• Watchlist session cache — a short-lived copy of your watchlist is stored in sessionStorage during your browser session to reduce API requests. This is cleared when you close your browser tab.

See our Cookie Policy for a full description of cookies and local storage we use.

3. How We Use Your Information

We use the information we collect for the following purposes:

• To create and manage your account and authenticate your identity.
• To provide, operate, and maintain the Service.
• To personalise your experience and remember your preferences (e.g. currency, country).
• To deliver price alert notifications when a tracked product meets your target price.
• To analyse usage patterns and improve the performance and features of the Service.
• To track outbound clicks to retailers for affiliate commission attribution and Service analytics.
• To send transactional emails related to your account (e.g. password resets, price alerts).
• To send newsletters or product updates, where you have opted in.
• To detect and prevent fraudulent or abusive activity.
• To comply with applicable legal obligations.

4. Third-Party Services

We engage the following third-party service providers, each of which may process certain data in connection with the Service:

Supabase (Authentication & Database)

We use Supabase as our authentication provider and database platform. When you create an account or log in, your credentials and account data are processed and stored by Supabase. Authentication sessions are managed via secure HTTPOnly cookies. Supabase operates in accordance with its own privacy policy and is SOC 2 Type 2 certified.

Google Analytics

Where you have consented to analytics cookies, we use Google Analytics (GA4) to collect anonymised usage data. Google may use this data in accordance with its own privacy policy. You can opt out of Google Analytics tracking by installing the Google Analytics Opt-Out Browser Add-on or by selecting “Essential Only” in our cookie consent banner. Google Analytics cookies are not loaded until you provide consent.

Cloudflare

Our Service is delivered through Cloudflare's content delivery network. Cloudflare processes request data (including IP addresses) to provide routing, DDoS protection, and performance optimisation. We also use Cloudflare's geo-detection feature to suggest an appropriate display currency when you first visit — this does not require an account.

Stripe (Payment Processing)

If you subscribe to a paid plan, payment processing is handled by Stripe. We do not store your full payment card details on our servers. Stripe receives your payment information directly and processes it in accordance with its own privacy policy and PCI-DSS requirements. We receive limited subscription status data from Stripe (e.g. whether your subscription is active) via a secure webhook.

Email Service Provider

We use a third-party email provider to deliver transactional and marketing communications, including price alert emails. Your email address is shared with this provider solely for the purpose of sending emails on our behalf.

Affiliate & Retailer Links

When you click a retailer link on the Service, we may log that click for affiliate commission tracking and Service analytics (e.g. which retailers are most used). The retailer you visit will also receive standard referral data from your browser. We do not share personally identifiable information with retailers when you click a link.

5. Data Retention & Security

Retention

We retain your account information for as long as your account remains active. Account preferences, watchlist items, and price alert configurations are retained as long as your account exists.

If you close your account or request deletion, we will delete your personal information within a reasonable period (typically 30 days), except where we are required to retain it for legal, tax, or legitimate business purposes (such as fraud prevention or resolving disputes).

Anonymised and aggregated analytics data (e.g. aggregate page-view counts) may be retained indefinitely as it cannot be linked to any individual.

Security

We implement reasonable technical and organisational measures to protect your information against unauthorised access, loss, or disclosure. These include HTTPS-only delivery, HTTPOnly and Secure cookie flags for authentication sessions, and role-level access controls in our database. However, no method of transmission over the internet is completely secure, and we cannot guarantee absolute security.

6. Your Rights & Choices

You have the following choices regarding your personal information:

• Access & correction: You may view and update your account information by logging into your account settings.
• Price alerts: You may disable or delete individual price alerts from your account dashboard, or unsubscribe from all alert emails via the unsubscribe link in any alert email we send.
• Marketing emails: You may unsubscribe from marketing communications at any time by using the unsubscribe link in any email we send.
• Analytics cookies: You may withdraw or limit consent for analytics cookies at any time via the cookie preference controls on our Cookie Policy page, or by using the Google Analytics Opt-Out Browser Add-on.
• Local storage: You can clear Fragrance Finder data at any time by clearing your browser's localStorage for this site.
• Account deletion: To request deletion of your account and all associated personal data, please contact us via our contact page. We will process your request and confirm deletion within 30 days.

Depending on your jurisdiction, you may have additional rights under applicable data protection law, including rights of access, rectification, erasure, restriction, or portability. Contact us to exercise these rights.

7. Children's Privacy

The Service is not directed to individuals under the age of 18. Use of the Service requires you to be at least 18 years of age, as set out in our Terms of Service. We do not knowingly collect personal information from individuals under 18. If you believe we have inadvertently collected such information, please contact us and we will take steps to delete it promptly.

8. Changes to This Policy

We may update this Privacy Policy from time to time. When we make changes, we will update the “Last reviewed” date at the top of this page. We encourage you to review this Policy periodically to stay informed about how we protect your information.

9. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, please reach out via our contact page.