Privacy

Amino Industries LLC (dba Auri) (“Auri,” “we,” “us”) runs the Service described below.

Two audiences:

• Visitors who take a quiz on a medspa's site.
• Operators (medspa businesses) who use the Auri dashboard.

From Visitors:

• Name and email.
• The answers you give in the quiz.
• A small amount of technical data: IP address, browser type, referring page, and a short-lived session cookie for the quiz itself.

From Operators:

• Email and account activity.
• Merchant profile, quiz and treatment configuration.
• Billing contact, if applicable.

We don't collect payment card numbers ourselves. We don't collect Social Security numbers, driver's license numbers, government IDs, biometric data, or precise geolocation.

• Route Visitor submissions to the Operator they came from.
• Run and improve the Service (fix bugs, measure basic usage).
• Send transactional emails (one-time sign-in codes, service updates).

Nothing else. We don't profile Visitors for advertising and we don't sell or rent data.

• The operating medspa sees Visitor submissions that came from their quiz.
• Our subprocessors (listed below) process data on our behalf under contract.
• Law enforcement, only with valid legal process.

• Amazon Web Services (AWS): hosting and encrypted backups, US region.
• Amazon Simple Email Service (SES): transactional email delivery.
• Google Fonts: typefaces for the widget display.

This list is current as of the date at the top. If we add a subprocessor that handles Visitor or Operator data, we'll update this page and email Operators on file.

The quiz widget sets a short-lived browser session cookie to remember your answers while you're taking the quiz. We don't use advertising cookies, ad pixels, or cross-site trackers. We don't sell data to ad networks.

• Visitor data: kept until the Operator deletes it or the Visitor asks us to delete it.
• Operator data: kept while the account is active and for 90 days after closure, then deleted, except for records we're required to keep for tax or legal reasons.
• Backups roll off within 30 days.

You can ask us what data we have on you, correct it, or delete it at any time. Email [email protected] from the address on file. If you're in the EU, UK, or California, you have additional rights under GDPR, UK-GDPR, and CCPA/CPRA respectively. We honor those requests the same way.

Auri isn't designed to handle protected health information (PHI) under HIPAA. We are not a covered entity or a business associate, and the Service isn't built for medical records. Please don't paste diagnoses, prescriptions, or chart notes into quiz fields or the dashboard. If we receive anything that looks like PHI, we'll delete it.

The Service is intended for adults 18 and older. We do not knowingly collect information from anyone under 18. If you believe a minor submitted information, email [email protected] and we'll delete it.

We may update this policy. The date at the top reflects the last change. For material changes affecting Operators, we'll email the address on file.

[email protected]