Privacy Policy

Effective Date: April 24, 2026 · Last Updated: April 24, 2026

Auric is a mobile marketing and loyalty platform operated by Alive Labs ("Alive Labs," "we," "us," or "our"), a product company based in Dallas–Fort Worth, Texas.

This Privacy Policy explains what information we collect through auricmobile.app and the Auric service (together, the "Service"), how we use and share it, and the choices you have.

Questions? Contact privacy@auricmobile.app.

1. The Two Sides of Auric

Two very different groups of people have information processed through the Service, and our role is different for each.

Merchants (our customers) — we are the controller

Merchants are the businesses that sign up for an Auric account to create wallet passes, run SMS and push campaigns, build loyalty programs, and manage multi-location marketing. Alive Labs is the data controller for Merchant account information.

Consumers (end users who receive Merchant messages and hold Merchant passes) — we are the processor

Consumers are individuals who download a wallet pass from a Merchant, opt in to receive SMS or push notifications, participate in a loyalty program, or otherwise interact with a Merchant's Auric-powered marketing. The Merchant is the data controller for Consumer information. Alive Labs acts as a processor, handling Consumer information on the Merchant's instructions under our contract with the Merchant.

If you are a Consumer and want to exercise privacy rights over information a Merchant holds about you, contact the Merchant first. Their privacy policy governs. If you cannot reach them, email privacy@auricmobile.app and we will route your request appropriately.

2. Scope

This Policy applies to:

Visitors to auricmobile.app.
Merchants who create trial or paid Auric accounts.
Merchants' authorized users, billing contacts, and support contacts.
Consumer information only in our capacity as a processor for Merchants — described in Section 6.

This Policy does not govern:

A Merchant's independent collection and use of Consumer information outside the Service.
Third-party services linked from the Service (such as Apple Wallet, Google Wallet, or a Merchant's own site).
Deployments of other Alive Labs products — each has its own terms.

3. Information We Collect From Merchants

3.1 Account and Profile

When you sign up for Auric, we collect:

Name, email, phone, job title, business name, business type, business address.
Account credentials.
Billing information (handled by our payment processor; Alive Labs does not store card numbers).
Locations you operate, brand assets you upload, pass templates, campaign content, and other business configuration.
Communications with us (support, chat, meeting recordings you consent to).

3.2 Usage and Device Data

Log and device data — IP address, browser, operating system, time zone.
Feature usage — what you view, click, create, send; campaign performance data; error logs.
Cookies and similar technologies (see Section 11).

3.3 AI-Assisted Features

Auric includes three AI-assisted tools — AI Pass Builder, AI Campaign Builder, and AI Marketing Advisor. When you use these, we process your prompts, the content you generate, and (for the Advisor) your campaign data. We do not send Merchant campaign content or Consumer data to AI model providers for training general-purpose models.

3.4 Integrations

If you connect Auric to a third-party service, we process information you authorize us to exchange with that service.

4. How We Use Merchant Information

We use Merchant information to:

Provide the Service — maintain accounts, build and deliver passes and campaigns, run loyalty mechanics, and support multi-location management.
Operate AI features — generate pass designs, campaign content, and recommendations you request.
Bill and support — process subscriptions, deliver receipts, answer questions.
Communicate — respond to inquiries, send transactional messages, and (where you have opted in) send product updates and marketing.
Improve the Service — analyze usage, evaluate feature performance, tune AI outputs using Merchant-consented or de-identified data.
Secure the Service — detect fraud, enforce our terms, respond to abuse.
Meet legal obligations.

Legal Bases (EU/UK)

Where GDPR applies:

Contract — to provide the Service you subscribed to.
Legitimate interests — to secure, operate, and improve the Service and conduct B2B marketing to Merchants.
Consent — for non-essential cookies and optional marketing to Merchants.
Legal obligation — for tax, accounting, and legal response.

5. How We Share Merchant Information

We share Merchant information with:

Service providers / processors acting on our instructions under written agreements: hosting and infrastructure, email delivery, CRM, observability, payment processor, analytics, AI model providers (including Anthropic), and — for SMS features — a licensed telecommunications aggregator (such as Twilio). We minimize what is sent to AI providers and use providers that commit to not training general-purpose models on our customer data.
Apple and Google for wallet pass delivery, to the extent required to provision, update, and revoke passes on their platforms.
Within our portfolio (Alive Labs) where needed for operations.
At your direction — when you connect integrations or authorize a third party to act on your account.
Legal and safety disclosures as required.
Business transfers in connection with a merger, acquisition, financing, or asset sale.
With consent, in any other case.

We do not sell Merchant personal information for money.

6. Consumer Information — Our Role as Processor

6.1 What We Process

Depending on what a Merchant configures, Consumer information may include:

Contact identifiers: mobile phone number, email address, wallet pass identifier, push notification token.
Opt-in records: the date, time, method, and language of the Consumer's opt-in; the Merchant program opted into; unsubscribe events and timestamps.
Pass content: the Merchant's pass template plus personalized fields (name, loyalty tier, punch count, points balance, barcode/redemption code).
Engagement data: message delivery receipts, opens/clicks where measurable, pass updates, redemption events, and similar interaction data.
Location data if the Merchant's pass configuration uses location triggers and the Consumer has granted the necessary device permissions.

6.2 Our Role

Alive Labs acts as a data processor (or "service provider" under US state laws) for Consumer information. The Merchant is the controller. We process Consumer information only as instructed by the Merchant, as described in this Policy, or as required by law.

We enter data processing addendums with Merchants where required, including EU/UK Standard Contractual Clauses for international transfers.

6.3 What We Don't Do With Consumer Information

We do not sell Consumer personal information for money.
We do not use Consumer personal information for our own marketing purposes.
We do not combine Consumer information across unrelated Merchants to build cross-Merchant profiles.
We do not send Consumer personal information to AI model providers for training general-purpose models.

6.4 Consumer Rights Requests

If you are a Consumer and want to exercise rights (access, correction, deletion, portability, opt-out of sale/sharing, etc.):

First, contact the Merchant who holds the relationship with you — they are the controller.
Or text STOP to the short code or number the Merchant uses, to stop SMS from that program.
Or remove the pass from your wallet to stop pass updates.
Or email us at privacy@auricmobile.app — we will route the request to the responsible Merchant.

7. SMS and TCPA Compliance

SMS messages are sent only to Consumers who have provided prior express written consent to the Merchant in compliance with the Telephone Consumer Protection Act (TCPA), CTIA guidelines, and carrier requirements. Merchants are contractually required to obtain and maintain proof of Consumer opt-in, include required disclosures, support STOP and HELP keywords, and not send messages to numbers that have opted out.

See the Auric SMS Terms for more detail.

8. Wallet Pass Platform Rules

Auric integrates with Apple Wallet and Google Wallet. Those platforms have their own privacy policies and rules. Apple and Google may collect additional information about Consumer device usage according to their own policies.

9. Data Retention

Active account data: for the life of the Merchant account plus a post-termination period for backup, audit, and dispute resolution.
Consumer opt-in records: retained per Merchant instruction and applicable law, which often requires retention for at least 4 years from the date of the opt-in or last message.
SMS logs: retained per Merchant instruction and carrier/CTIA requirements.
Billing and tax records: as required by applicable law.
Unsubscribed contacts: we retain a suppression record to honor the opt-out.
Deleted data: when an account or Consumer is removed, we initiate deletion or anonymization; some data may persist in backups for a limited period before expiring.

10. Security

We maintain administrative, technical, and physical safeguards designed to protect information in the Service, including access controls, encryption in transit and at rest where practicable, segmented infrastructure, least-privilege access, logging and monitoring, vendor diligence, and an incident response process.

No system is perfectly secure. If we experience a breach of personal information, we will notify affected Merchants and Consumers and regulators as required by applicable law.

11. Cookies and Tracking Technologies

The Service uses cookies and similar technologies on the auricmobile.app marketing and account pages to operate the site, keep Merchants signed in, remember preferences, measure performance, and (with consent) support marketing. Where required by law, our cookie banner lets you accept, reject, or customize non-essential cookies.

We honor the Global Privacy Control (GPC) signal as a valid opt-out of "sale" and "sharing" where applicable law requires.

12. Your Rights and Choices (Merchants)

Depending on where you live, you may have rights including:

Access, correction, deletion, portability.
Objection and restriction of certain processing.
Opt out of targeted advertising, "sale," or "sharing" where state law provides it.
Withdraw consent where processing is based on consent.
Non-discrimination.

How to exercise: email privacy@auricmobile.app. We respond within the time required by applicable law.

California (CCPA/CPRA): California Merchants can opt out of "sale"/"sharing" via the footer link or GPC. California Consumers should contact the Merchant first (see Section 6.4).

EU, UK, Switzerland (GDPR): You have GDPR rights and may lodge a complaint with your supervisory authority.

Virginia, Colorado, Connecticut, Utah, Texas, and other US states: You have the rights provided by those laws and may appeal a denial at privacy@auricmobile.app with subject "Appeal."

13. International Data Transfers

Auric is operated from the United States. For transfers out of the EEA, UK, or Switzerland, we rely on the European Commission's Standard Contractual Clauses and the UK International Data Transfer Addendum. Request a copy at privacy@auricmobile.app.

14. Children

Auric is directed to businesses and adult end users. We do not knowingly collect personal information from children under 16. Merchants are contractually required not to send SMS or collect data from individuals below the minimum age for the specific program. If you believe a child's information is in our Service, contact privacy@auricmobile.app.

15. Changes to This Policy

We may update this Policy from time to time. We will update the "Last Updated" date. For material changes, we will provide additional notice (a banner, email to Merchants, or in-product notice). Continued use of the Service after changes take effect means you accept the updated Policy.

16. Contact

Auric (a product of Alive Labs)
Dallas–Fort Worth, Texas, United States

This Privacy Policy is provided for informational purposes and does not constitute legal advice.