Legal
Privacy Policy
Effective Date: June 1, 2025 · Last Updated: June 2025
This Privacy Policy explains how AURUM ("Company," "we," "us," or "our"), a Delaware LLC, collects, uses, stores, and protects your personal information when you use the AURUM platform at tryaurum.store (the "Platform"). Please read this carefully. By using the Platform, you agree to the practices described here.
1. Information We Collect
1.1 Information You Provide Directly
- Account information: Name, email address, username, and password (via Clerk authentication).
- Profile information: Biography, league tier, achievement badges, and Wealth Passport data you choose to share publicly.
- Achievement content: Posts, milestone updates, challenge submissions, and proof materials you submit to The Ledger or Arena.
- Payment information: Billing details submitted for subscriptions and transactions (processed and stored by our payment processors — we do not store full card details).
- Communications: Emails or messages you send to our support team at support@tryaurum.store.
1.2 Information Collected Automatically
- Usage data: Pages visited, features used, time spent on the Platform, and interaction patterns.
- Device and browser information: IP address, browser type, operating system, device identifiers, and referring URLs.
- Transaction data: Tip amounts sent and received, challenge entries, stake amounts, and subscription history.
- Aurum Score activity: Achievement posts, challenge participation, engagement metrics, and streak data used to calculate your score.
1.3 Information from Third Parties
- Authentication providers: Basic profile data from Clerk when you sign in (email, name, profile image if provided).
- Payment processors: Transaction status and confirmation data from Stripe and Paystack. We do not receive full payment card details.
| Data Type |
Source |
Purpose |
| Email address |
You / Clerk |
Account access, notifications |
| Username & profile |
You |
Public leaderboard, platform identity |
| Payment data |
Stripe / Paystack |
Transaction processing only |
| Usage analytics |
Plausible Analytics |
Product improvement (anonymized) |
| Achievement content |
You |
Platform features, leaderboard |
| IP address |
Cloudflare |
Security, fraud prevention |
2. How We Use Your Information
We use your information only for the purposes stated below:
- To create and manage your account.
- To operate the Platform and provide its core features: The Ledger, The Arena, leaderboards, tips, challenges, and the Treasury.
- To calculate and update your Aurum Score.
- To process payments, manage subscriptions, and hold and release Treasury funds.
- To verify achievement claims and administer the Proof of Stake system.
- To send transactional emails: account confirmations, payment receipts, challenge results, and notifications you have opted into.
- To enforce our Terms of Service and detect and prevent fraud, abuse, or violations.
- To analyze anonymized usage patterns to improve Platform performance and features.
- To comply with applicable legal obligations.
We do not sell your personal data to third parties. We do not use your data to serve you third-party advertisements. AURUM products are ad-free.
3. Third-Party Services
The Platform relies on the following third-party services to operate. Each has its own privacy policy.
3.1 Clerk (Authentication)
We use Clerk to manage user authentication, session management, and email verification. Clerk processes your email address and authentication credentials. For details, see clerk.com/privacy.
3.2 Stripe (Payment Processing)
Stripe processes all payment card transactions, including subscriptions and Treasury deposits. Stripe conducts KYC (Know Your Customer) verification for applicable transactions and handles full payment card data on our behalf. AURUM does not store your full card number, CVV, or card expiry date. See stripe.com/privacy.
3.3 Paystack (Regional Payment Processing)
Paystack is available as a regional payment processing option. Paystack's data handling is subject to its own privacy policy at paystack.com/privacy. Payment data submitted through Paystack is governed by Paystack's terms and privacy controls.
3.4 Cloudflare (Infrastructure)
Our Platform is hosted on Cloudflare Pages and Workers. Cloudflare processes network traffic and may collect IP addresses and request logs as part of its standard infrastructure operations. See cloudflare.com/privacypolicy.
3.5 Resend (Email Delivery)
Resend handles transactional email delivery, including account notifications and platform alerts. Resend processes your email address for delivery purposes only.
3.6 Plausible Analytics (Usage Analytics)
We use Plausible Analytics, a privacy-first analytics tool that does not use cookies and does not collect personally identifiable information. Usage statistics are aggregated and anonymous. No cross-site tracking occurs. See plausible.io/privacy.
3.7 Cloudflare R2 (File Storage)
Achievement media, profile images, and other uploaded files are stored securely on Cloudflare R2 object storage. Access to stored files is controlled through the Platform's authentication layer.
4. Public Data
The following information is visible to the public — including non-members — as part of the Platform's core design:
- Leaderboard rankings, usernames, and Aurum Scores.
- League tier and verified achievement badges.
- Achievement posts submitted to The Ledger (unless deleted by the user).
- Total tips given (visible on your Wealth Passport).
- Challenge participation history.
Sovereign tier members who activate Stealth Mode compete under a verified pseudonym. Their real identity is not exposed on public leaderboards while Stealth Mode is active.
By joining AURUM, you acknowledge that achievement posts and leaderboard data are public by design. Do not post information you wish to keep private.
5. Payment Data Handling
AURUM takes the following approach to payment data:
- All payment card processing is handled entirely by Stripe and/or Paystack. AURUM never receives or stores full card numbers, CVV codes, or card expiry dates.
- Transaction amounts, dates, and statuses are stored in our database to operate the Treasury, maintain challenge records, and generate your transaction history.
- AML (Anti-Money Laundering) compliance obligations are delegated to our payment processor partners, who conduct the required due diligence.
- We may retain transaction records for up to seven (7) years to comply with financial recordkeeping obligations.
6. Data Retention
- Active accounts: Data is retained for as long as your account is active.
- Deleted accounts: Upon account deletion, your profile and public content are removed within 30 days. Transaction records, Treasury logs, and challenge records may be retained for up to 7 years for legal and financial compliance purposes.
- Anonymized analytics: Aggregated, anonymized usage data may be retained indefinitely for product development purposes.
7. Your Rights
Depending on your jurisdiction, you may have the following rights regarding your personal data:
- Access: Request a copy of the personal data we hold about you.
- Correction: Request correction of inaccurate or incomplete data.
- Deletion: Request deletion of your personal data, subject to legal retention requirements.
- Portability: Request your personal data in a structured, commonly used format.
- Objection: Object to processing of your personal data for certain purposes.
- Restriction: Request restriction of processing in certain circumstances.
To exercise any of these rights, email us at support@tryaurum.store with the subject line "Data Request." We will respond within 30 days. We may require identity verification before processing your request.
8. Data Deletion Requests
To request deletion of your account and personal data:
- Email support@tryaurum.store with subject: "Account Deletion Request."
- Include your registered email address and username.
- We will confirm deletion within 30 days.
- Note: deletion cannot be reversed. Any Treasury-held funds or active challenge entries must be resolved before account deletion is finalized.
9. GDPR — Information for EEA and UK Users
If you are located in the European Economic Area (EEA) or the United Kingdom, the following additional information applies:
9.1 Legal Basis for Processing
- Contract performance: Processing necessary to provide you with the Platform services you have subscribed to.
- Legitimate interests: Fraud detection, security, platform integrity, and product improvement.
- Legal obligation: Compliance with applicable financial and legal recordkeeping requirements.
- Consent: For optional communications, where we have obtained your express consent.
9.2 Data Transfers
AURUM is operated from the United States. If you access the Platform from the EEA or UK, your data is transferred to the United States. We rely on Standard Contractual Clauses (SCCs) and the data transfer mechanisms provided by our third-party service providers (Clerk, Stripe, Cloudflare) to ensure adequate protection of your data during such transfers.
9.3 Right to Lodge a Complaint
If you believe our processing of your personal data infringes applicable data protection law, you have the right to lodge a complaint with your local data protection authority.
10. Cookie Policy
AURUM uses a minimal set of cookies and similar technologies:
- Session cookies (essential): Set by Clerk to maintain your authenticated session. These are strictly necessary and cannot be disabled without breaking login functionality.
- Security cookies (essential): Used by Cloudflare to identify trusted traffic and protect against DDoS and bot attacks.
- Analytics: We use Plausible Analytics, which is cookieless. No tracking cookies are set for analytics purposes.
We do not use advertising cookies, third-party tracking pixels, or social media tracking technologies.
11. Children's Privacy
AURUM is not intended for users under the age of 18. We do not knowingly collect personal data from minors. If we become aware that a user under 18 has created an account, we will delete it promptly. If you believe a minor is using the Platform, please contact us at support@tryaurum.store.
12. Security
We implement industry-standard security measures to protect your data, including:
- TLS/SSL encryption for all data in transit (Full Strict mode via Cloudflare).
- Encrypted storage for sensitive credentials.
- HMAC-verified webhook signatures for payment events.
- CORS restrictions limiting API access to authorized domains only.
- Role-based access controls for Platform administration.
Despite these measures, no system is fully secure. You use the Platform at your own risk. Report suspected security vulnerabilities to support@tryaurum.store.
13. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. When we do, we will update the "Last Updated" date at the top of this page and, where appropriate, notify registered users by email. Your continued use of the Platform after changes are posted constitutes your acceptance of the updated policy.
Contact Us
For any privacy-related questions, data requests, or concerns, contact us at:
AURUM — Privacy Inquiries
Email: support@tryaurum.store
Subject line: "Privacy Request" or "Data Request"
A Delaware Limited Liability Company, United States