<strong>Effective: September 8, 2020</strong>
<p>Aura is a leading provider of identity, privacy and security products for consumers.
in connection with your use of our products, services, apps, and websites that
link to this policy (we refer to these collectively as our “<strong>services</strong>”).</p>
<p>Information security and privacy are at the heart of what Aura values and promotes as a
As such, we think it’s important to be transparent about how we handle
That level of transparency also makes for a lengthy document,
but we’ve tried to make it more readable by organizing it into a logical
structure and by using plain language.</p>
<p>Aura offers a variety of services, and certain services may process data
differently, or in additional ways, to other services and what’s described in
We note these differences in Product Privacy Notices .
that are specific to such services, in product documentation, or inside products themselves at places where such information is relevant.
Please refer to these Products
Privacy Notices to better understand our privacy practices for each of the
<p>This policy uses the term “personal data” to refer to information that is related to
an identified or identifiable natural person and is protected as personal data
under applicable data protection law.</p>
<strong>Who is Aura?</strong>
<p>In this policy, “Aura”, “we”, “us” and “our” refer to the companies that comprise
Aura that are responsible for your data, which may be any of the following
entities or their affiliates:</p>
<strong>Pango Inc.</strong> (a U.S.
<strong>Pango GmbH</strong> (a Swiss company)<strong>
</strong>if you are a resident outside of the United States.</p>
<p>If you use any of the following products, a different Aura group company is
responsible for handling your data in accordance with this policy:</p>
<strong>Betternet LLC </strong>(a U.S.
company) is responsible for Betternet and Hexatech.</p>
<strong>TouchVPN, Inc.</strong> (a U.S.
company) is responsible for TouchVPN.</p>
<p>See the Contact Us section below for our contact details or you can email us at
<p>Some of Aura’s services are offered to businesses.
For those services, our customer
is a business or other organization who may authorize individual end users to
use the services that it has purchased from us.
Where an organization is our
customer, it may maintain accounts with Aura through which it and its users may
submit information (“<strong>Customer Data</strong>”).
That organization typically controls those accounts and any associated Customer Data.
In this case, Aura is generally a processor of Customer Data and the organization is the controller.</p>
What information do we collect about you?</strong>
<p>This section describes the various types of information we collect from and about
This information is not collected in all situations, but only in specific
For example, our VPN products only collect a limited amount of
To understand the context in which collection occurs, see Section 2
(How do we use your information?) and our Product Privacy Notices.
More information about some of the mechanisms we use to collect this information, such as cookies, is available in Section 4 (Tracking Technologies &.
Information you provide to us</strong>
<strong>Account information.</strong> Some services require or allow you to
create an account before you can access them.
As part of registering for an
account, we may collect information such as your name, username, email address,
password and certain other information from you.
<strong>Billing and payment information.</strong> In order to purchase a service, you may
need to provide us with certain details such as billing name, billing contact
details (street addresses, email addresses), and payment instrument details.</p>
<strong>Identity verification information.</strong> Some services require you to verify your
identity as part of creating an account to access them.
We may collect
information such as email addresses or phone numbers for this purpose.</p>
<strong>Communications and submissions.</strong> You may choose to provide us with
information when you communicate with us (e.g.
via email, phone, or chat for
support or to inquire about our services), including when you fill out an
online form, respond to surveys, provide feedback, post comments to our
website, participate in promotions, or submit information through our services.</p>
Information collected when you use our services</strong>
<strong>Usage information.</strong> We collect information about how you
interact with our services, such as how often you use our services, how much
bandwidth you use, and when and for how long you use our services.</p>
</strong>We collect information from and about the
device you use to access our services, including about the browsers and Aura
apps you use to access our services.
For example, we may collect device
identifiers, browser types, device types and settings, operating system
versions, mobile, wireless, and other network information (such as internet
service provider name, carrier name and signal strength), and application version
<strong>Diagnostic information.</strong> We may collect information about the
nature of the requests that you make to our servers (such as what is being
requested, information about the device and app used to make the request,
timestamps, and referring URLs).
However, our VPN products do not log any
information that associates your identity with your VPN browsing activity.
do not maintain any records that show what you were browsing or accessing
through a VPN connection.
See the VPN Products
Privacy Notice for more information.</p>
<strong>Location information.</strong> Unless otherwise expressly stated, we do
not collect your location information based on your device’s GPS or other
device sensor data.
However, we may collect your approximate location by
calculating an imprecise latitude and longitude based on your IP address to
provide you with better service (e.g.
to connect you to the nearest and fastest
Information provided to us by third parties</strong>
<strong>Referrals.</strong> If you are invited to use an Aura service,
the person who invited you may submit your personal data, such as your email
address or other contact information.</p>
<strong>Third Party Accounts.
</strong>Some services may allow you to register an
account using a third party account (such as a Google or Microsoft account).
you do so, that third party may send us some information about you that they
You may be able to control what information they send us via your privacy
settings for that third party account.</p>
</strong>We receive information from reputable
members of the security industry who provide information to help us to provide,
develop, test, and improve our services (for example, lists of malicious URLs,
spam blacklists, phone number blacklists, and sample malware).
Some of this
information may contain personal data on an incidental basis.</p>
<strong>Business Customers.</strong> Organizations that use our business and
enterprise products may submit personal data to facilitate account management
and invite individuals to use those products.</p>
<p>You generally do not have a duty to disclose personal data to us unless
you have a contractual obligation to us to do so.
However, we need to collect
and process certain information that is necessary or legally required in order
to provide the services to you or otherwise perform our contractual
relationships with you.</p>
How do we use your information?</strong>
<p>We use the information we collect for various purposes described below.</p>
<strong>To provide, maintain, troubleshoot, and support our services.</strong> We use your information for this purpose on the basis that it is required to fulfill our contractual obligations to you.
Examples: using information about how much bandwidth you use and how long you use our services in order to provide the services in accordance with a plan to which you have subscribed.
using threat and device information to determine whether certain items pose a potential security threat.
and using usage information to
troubleshoot a problem you report with our services and to ensure the proper
functioning of our services.</p>
<strong>For billing and payment purposes.
</strong>We use your information in order to perform
billing administration activities and process payments, which are required to
fulfill our contractual obligations.</p>
<strong>To communicate with users and prospective
</strong>We use your information to communicate with you, including by responding to your requests, and sending you information and updates about our services.
We may do
this in order to fulfill our contract with you, because you consented to the
communication, or because we have a legitimate interest in providing you with
information about our services.</p>
<strong>To improve our services.
</strong>We want to offer you the best services and
user experiences we can, so we have a legitimate interest in continually
improving and optimizing our services.
To do so, we use your information to
understand how users interact with our services.
Examples: we analyze certain
usage, device, and diagnostic information to understand aggregated usage trends
and user engagement with our services (and, for example, invest in technical
infrastructure to better serve regions with increasing user demand).
we may use
device and threat information to conduct spam, threat, and other scientific
research to improve our threat detection capabilities.
we review customer
feedback to understand what we could be doing better.</p>
<strong>To develop new services.</strong> We have a legitimate interest in using
your information to plan for and develop new services.
For example, we may use
customer feedback to understand what new services users may want.</p>
<strong>To market and advertise our services.
</strong>We may use your information to provide,
measure, personalize, and enhance our advertising and marketing based on our
legitimate interest in offering you services that may be of interest.
we may use information such as who or what referred you to our services to
understand how effective our advertising is.
we may use information to
administer promotional activities such as sweepstakes and referral programs.
Note that our VPN products do not use your VPN browsing activity for these
purposes and we do not maintain any records that show what you were browsing or
accessing through a VPN connection.</p>
<strong>To prevent harm or liability.
</strong>We may use information for security
purposes (such as to investigate security issues or to monitor and prevent
fraud) and to prevent abuse.
We may do this to comply with our legal
obligations, to protect an individual’s vital interests, or because we have a
legitimate interest in preventing harm or liability to Aura and our users.
example, we may use account, usage, and device information to determine if an
entity is engaging in abusive or unauthorized activity in connection with our
<strong>For legal compliance.
</strong>We internally use your information as
required by applicable law, legal process, or regulation.
To learn about our
practices regarding <i>sharing</i> your
information with third parties for legal compliance purposes, see Section 3.1
We also use your information to enforce our legal rights and resolve
Who do we share your information with and why?</strong>
We may disclose your information in the following circumstances:</p>
<strong>In accordance with your instructions or consent.</strong>
For example, some services may allow you to register an account using a third
party account (such as a Google or Microsoft account).
If you choose to do so,
we will share information with the third party account provider.</p>
<strong>To your business organization (for our
business services).</strong> If a business customer is providing you with access to our services
through a business account, others in that organization may be able to see and
manage your account and the information associated with it (such as an
<strong>For collaborating with others.
</strong>Some services may provide ways for
different users to interact or collaborate with each other.
will be shared in connection with those activities if you choose to engage in
<strong>Affiliates and third party service providers.
help us provide some aspects of our services, we work with trusted third
parties and partners (including affiliated companies in the Aura group).
protect your data, we enter into appropriate confidentiality and data
processing terms with these third parties, review their security practices, and
limit information sharing to the scope of what they are helping us with.
Examples of activities that third parties help us with include:</p>
<p>processing customer payments</p>
<p>providing analytics about our services</p>
<p>providing sales and customer support</p>
<p>maintaining the infrastructure required to provide our services</p>
<p>delivering our marketing and advertising content</p>
<strong>For security research purposes.</strong> A sanitized subset of our threat
intelligence data may be shared with selected reputable members of the
cybersecurity industry for the purpose of security threat research and
facilitating community efforts to improve online security.</p>
<strong>To a new owner.</strong> If ownership or control of all or part of
our services, assets, or business changes, we may transfer your information to
the new owner.</p>
<strong>Aggregated or de-identified data.</strong> We may use and share aggregated data and
data that is de-identified such that it no longer reveals the identity of an
individual user for regulatory compliance, research and analysis, our own
marketing and advertising activities and other legitimate business purposes.</p>
<strong>To comply with legal process and the law.</strong> We are fiercely protective of the privacy
of our users.
If you use our VPN products, we protect your privacy by ensuring
that we do not log or record online activities that you conduct over a VPN
connection in any way that can be tied back to you, meaning that we do not have
any data to share with law enforcement and government agencies who make
requests for information about what you were doing through a VPN connection.
Subject to the foregoing, we may share your information if we are required to
do so by applicable law.
to comply with our legal obligations.
to comply with
and to respond to valid law enforcement requests relating to a
criminal investigation, or alleged or suspected illegal activity that may
expose Aura, you, or any of our other users to legal liability.
If we share
your information for these purposes, we limit the information shared to what is
legally necessary, and challenge information requests that we believe are
unlawful, overbroad, or otherwise invalid.</p>
<strong>To enforce our rights and prevent fraud and abuse.</strong>
We may share limited amounts of your information to enforce and administer our
agreements with customers and users, and to respond to claims asserted against
We may also share your information in order to protect against fraud and
abuse against Aura, our affiliates, users and others.</p>
Free Products Only</strong>
<strong>Displaying Ads.</strong> We do not display third party ads in our paid products.
With respect to our free mobile apps and other free products, we may serve ads to users in certain regions.
Although the money we make from displaying these ads offsets only part of the costs of making these apps and services available for free, we provide free apps because we believe it’s important that everyone has the opportunity, regardless of their situation, to
have secure and private access to the internet.</p>
<p>The ads we display in our services are supplied either by advertisers
or affiliate networks we have relationships with, or by Google, a third party
advertising network (“<strong>Google Ads</strong>”).
To display these ads in our apps, we may integrate into them a software development kit (SDK), which consists of software code provided by a third party, such as an ad network.</p>
<p>We do not provide Google Ads with any personal data about you, except
for an approximate city-level latitude and longitude which lets them show ads
which are more relevant for your approximate geographic location.
Google Ads may collect information through their SDKs, such as your mobile
advertising identifier, IP address, and device information, for the purpose of
serving you with “personalized” ads (ads that they think are more relevant to
you) and measuring your response to those ads.
If you are using a VPN
connection, your IP address is hidden from ad networks and replaced with the IP
address of our VPN servers.
Because we do not provide ad networks with personal
data about you (apart from city-level location), Google Ads personalizes ads
based on information that they collect from you and that they already have
about you - not based on information we share with them.</p>
<p>Google collects this information according to the Google advertising privacy notice.
Where an AdChoices logo appears on an ad,
you can click it to learn more about the ad network that provided the ad, its
If you opt out from personalized advertising, you may still see
<p>While we request you not to use ad blockers to prevent the display of
ads because that is how we support our free services, our services are able to
continue functioning if you do use ad blockers.</p>
Tracking Technologies &.
About Tracking Technologies</strong>
<p>Aura uses various technologies in our services to help us collect
information, primarily on our websites and in our marketing emails.
convenience, we refer to these as “tracking technologies,” although they are
not always used to track individuals and the information collected is in a
non-identifiable form that does not reference any personal data.
<p>Cookies are small portions of text that are stored on the device you
use to access our services.
Cookies enable us (or third parties that we allow
to set cookies on your device) to recognize repeat users.
Cookies may expire
after a period of time, depending on what they are used for.</p>
<strong>Pixel Tags / Page Tags / Web Beacons / Tracking Links</strong>
<p>These are small, hidden images and blocks of code placed in web pages,
ads, and our emails that allow us to determine if you perform a specific
When you access a page, ad, or email, or click a link, these items let us
know that you have accessed that page, opened an email, or clicked a link.</p>
<p>SDKs or software development kits are software code provided by our
business partners that let our software interact with the services those
For example, in our free mobile apps, we may use an SDK to
enable our app to serve ads from an advertising network.
interactions will involve that business partner collecting some information
from the device on which the software is run.</p>
Why we use Tracking Technologies</strong>
<p>We use tracking technologies:</p>
<strong>To provide our services.</strong> Some cookies are essential for the proper
operation of our services.
For example, cookies allow us to authenticate who
you are and whether you’re authorized to access a resource.</p>
<strong>To store your preferences.</strong> Cookies can store your preferences, such
as language preferences or whether to pre-fill your username on sign in forms.
We may also use them to optimize the content that we show to you.</p>
<strong>For analytics.</strong> Cookies are used to inform us how users
interact with our services so we can, as a legitimate interest, improve how
they work (such as what screens or webpages you access, and whether our
advertising is effective).</p>
<strong>For security.</strong> Cookies can enable us and our payment
processors to detect certain kinds of fraud.</p>
<strong>For advertising-related purposes.
</strong>We advertise our services online with the
help of third parties who show ads and marketing about us on sites around the
<p>We may allow our business partners to place certain tracking technologies in our
These partners use these technologies for the following purposes:</p>
<strong>To provide our services.</strong> Some business partners who help us to
provide our services may use these technologies to support those efforts.</p>
<strong>For Analytics.</strong> To help us understand how you use our
<strong>For Marketing.</strong> To help us market and advertise our
services to you, including on third party websites.
Cookies are used in
connection with this to measure the performance of our advertising, attribute
actions you take with our ads with actions you take on our services, deliver ad
retargeting (serving ads based on your past interactions with our services),
and target ads at similar audiences.</p>
<strong>To Serve Ads.</strong> This is relevant to users of our free
Ad networks and affiliate networks may use these technologies to
display ads which they think will be more relevant to you.
information, please see the “Displaying Ads” section above.</p>
<strong>Our Cookies:</strong> Most web browsers and some mobile devices
give you the ability to manage your cookie preferences, including deleting
cookies and blocking cookies from being set on those browsers or devices.
the “help” section of your browser to understand what controls it gives you
Note that deleting or blocking certain cookies could adversely
impact the proper operation of our services.</p>
<strong>Third Party Advertising Cookies:</strong> For information on how to opt out of
personalized or interest-based advertising, you can visit the following pages:</p>
<p>Network Advertising Initiative opt out page</p>
<p>Digital Advertising Alliance opt out page</p>
<p>Your Online Choices (for Australian residents)</p>
<p>Your Online Choices (for EU residents)
To opt out from Google ad personalization, visit the Google Ads
These opt out mechanisms are not provided by Aura and we are not
responsible for the availability or operation of them.
Note that after opting
out of personalized advertising you may still see non-personalized ads.</p>
<strong>Google Analytics: </strong>We use Google Analytics to help us
understand how users use our services.
Google makes available a Google Analytics Opt Out Browser Add-On if you do not want to participate in
<p>Securing personal data is an important aspect of protecting privacy.
Aura employs a
range of administrative, organizational, technical, and physical safeguards
designed to protect your data against unauthorized access, loss, or
We endeavor to use reasonably available state-of-the-art network
and information security standards, protocols and technologies, including
encryption, intrusion detection and data loss prevention, and we monitor our
systems to ensure that they comply with our security policies.</p>
<p>We implement rigorous physical, technical and organizational safeguards to protect
your personal data in our custody, both at rest and in transit, and should
these measures fail to prevent a data breach, we will promptly take the
necessary remedial measures, and we will notify you as well as applicable
regulators of any such breach, as required by applicable law.</p>
<p>If you have any questions about the security of your personal data or the security
of our products, or wish to report a potential security issue, please contact
When reporting a potential security issue, please describe
the matter in as much detail as possible and include any information that might
International Data Transfers</strong>
Transfers to Other Countries</strong>
<p>Aura may transfer your personal data to countries other than the one in which you
We do this to facilitate our operations, and transferees include other
Aura group companies, service providers, and partners.
Laws in other countries
may be different to those that apply where you reside.
For example, personal
data collected within Switzerland or the European Economic Area (EEA) may be
transferred and processed outside Switzerland or the EEA for purposes described
in this policy.
However, we put in place appropriate safeguards that help to
ensure that such data receives an adequate level of protection.
implementing the European Commission’s Standard Contractual Clauses for
transfers of personal information between us and our business affiliates and
associates to which we choose to transfer the information that requires these
companies to protect personal information they process from the EEA in
accordance with European Union data protection law. .
You may contact us if you would like more information about such safeguards.
We implement similar appropriate safeguards
with our third-party service providers and further details can be provided upon
<p>If you change your country of residence, the Aura group company responsible for
your data may change accordingly, and your data may be transferred to that
<p>One of our subsidiaries, Pango Inc.
has certified its compliance to the U.S.
Department of Commerce with the EU-U.S.
Privacy Shield Framework
and the Swiss-U.S.
Privacy Shield Framework regarding the collection, use, and
retention of personal data transferred from the European Union, the United
Kingdom, and Switzerland to the United States.</p>
<p>Under such frameworks, Pango Inc.
is subject to the authority of the U.S.
If you have any questions relating to our Privacy Shield
certification, you can contact us using the contact details for Pango Inc.
the <u>Contact Us</u> section below.
If we are not able to resolve your
question, you may also contact your European Data Protection Authority or
Commission, or contact our designated Privacy Shield independent recourse
In some circumstances, you may have the
right to invoke binding arbitration through the Privacy Shield Framework.</p>
<p>Where we receive your personal data under a Privacy Shield Framework and subsequently
transfer it to a third party for processing, we will be responsible if such
third parties process your personal data in a manner inconsistent with the
Privacy Shield Principles, except where we can establish that Aura was not
responsible for the violation.</p>
<p>Aura generally retains your personal data for as long as is needed to provide the
services to you, or for as long as you have an account with us.
We may also
retain personal data if required by law, or for our legitimate interests, such
as abuse detection and prevention, and defending ourselves from legal claims.
Residual copies of personal data may be stored in backup systems for a limited
period as a security measure to protect against data loss.</p>
<p>Depending on your country of residence, you may have certain legal rights in relation to
your personal data that we maintain.
Subject to exceptions and limitations
provided by applicable law, these may include the right to:</p>
<p>access and receive a copy of your personal data;</p>
<p>correct your personal data;</p>
<p>restrict the processing of your personal data;</p>
<p>object at any time to the processing of your personal data;</p>
<p>have your personal data erased;</p>
<p>withdraw any consent you previously gave to the processing of your data
(such as opting out to marketing communications);</p>
<p>lodge a complaint with a data protection authority;</p>
<p>request that we provide you with the categories of personal data we
collect, disclose or sell about you.
the categories of sources of such
the business or commercial purpose for collecting or selling your
and the categories of third parties with whom we share personal
<p>Please note your rights and choices vary depending upon your location, and some
information may be exempt from certain requests under applicable law.</p>
<p>You may be able to exercise some of these rights by using the settings and tools
provided in our services.
For example, you may be able to update your user
account details via the relevant account settings screen of our apps.
also be able to opt out from receiving marketing communications from us by
clicking an “opt out” or “unsubscribe” link in such communications.</p>
<p>Otherwise, if you wish to exercise any of these rights, you may contact us using the
details in the “Contact Us” section below.
As permitted by law, we may ask you
to verify your identity before taking further action on your request.</p>
Your California Privacy Rights</strong>
<p>For additional information and rights available to California consumers, see the California
Supplemental Privacy Notice.</p>
<p>Aura occasionally licenses its technology to third party partners who may integrate
it with applications developed and offered by those partners.
Our partners, and
not Aura, are responsible for those applications and for determining what data
is collected by those applications and how it is processed.
Please contact the
those applications process your personal data.</p>
<p>Our services are not intended for and may not be used by minors.
In this context,
minors are individuals under the age of 16.
Aura does not knowingly collect
personal data from minors or allow them to use our services except in certain
cases, minors over the age of 13 may use certain of our services but only with
the consent of their parent or legal guardian.
If we discover that we have
collected personal data from a minor without appropriate consents, we may
delete such data without notice.
Please note that the legal terms under which
we make certain services available may require users to be older than 16 years
section for reasons such as changes in laws, industry standards, and business
Aura will post updates to this page and update the “Last updated”
If we make updates that materially alter your privacy rights, we
will also provide you with advance notice, such as via email or through the
If you disagree with such an update to this policy, you may cancel
your services account.
If you do not cancel your account before the date the
update becomes effective, your continued use of our services will be subject to
users about our privacy practices.
If you have any questions or complaints
about our privacy practices, you can contact us at email@example.com or at the following address:</p>
dba Aura/Pango Inc./Betternet LLC/TouchVPN Inc.
<p>15 Network Drive, Burlington, MA 01803</p>
<p>Hansmatt 32, 6370 Stans, Switzerland</p>
</p>Archived Versions<p>Pango Holdings Inc.
was acquired by Aura effective July 1, 2020.