Augur
Sign inStart free
Live demoPlatformHow it worksPricingStatusFAQSupply chainEnergy + infrastructureNewsroom OSINTAll integrationsSign inStart free

Legal

Data processing agreement

When you use Augur, you are the controller and we are the processor for any personal data you submit. This page is our standard DPA. Enterprise customers can request a signed copy via legal@augur.news.

1. Scope

This DPA applies to all personal data processed by Augur on behalf of the customer while providing the Augur service. It supplements our Terms and Privacy Policy.

2. Roles

Customer = data controller. Decides what data to send to Augur (account email, watch-zone definitions, alert destinations).

Augur = data processor. Processes the data only to provide the service. Does not sell, share or use it for advertising.

3. Categories of data + data subjects

  • Categories: account identifiers (email, hashed password), user-defined geographic zones, alert destinations (webhook URLs, Slack tokens, Telegram IDs), billing identifiers (Stripe customer ID, no card data).
  • Data subjects: customer's account holders + any individual whose contact details the customer chooses to add as an alert destination.

4. Security measures

See the dedicated /security page. Headline controls: TLS 1.3 everywhere, AES-256 at rest, Postgres row-level security per tenant, key rotation quarterly, no password-based SSH on production hosts.

5. Sub-processors

Augur uses the following sub-processors to deliver the service. We notify customers 30 days before adding or replacing any sub-processor with material access to customer data. Subscribe to the blog RSS feed for these notices.

Sub-processorPurposeLocation
SupabasePostgres database, authentication, file storageFrankfurt, EU
VercelFrontend + serverless function hostingUS + EU edge
Hetzner CloudIngest workers, AIS bridge, signal engineFalkenstein, EU
StripeSubscription billing + payment processingDublin, EU (data) / global processing
ResendTransactional email (welcome, alerts, digests)US, SOC2 Type II certified
SentryError monitoring (optional, only if SENTRY_DSN is set)US

6. International transfers

Primary data residency is EU (Frankfurt). Where a sub-processor (Stripe, Sentry, Resend) operates infrastructure outside the EU, transfers are covered by the EU Standard Contractual Clauses incorporated by reference.

7. Data subject rights

Augur will assist the customer in responding to data subject requests (access, rectification, erasure, portability) within 30 days. Account holders can self-serve deletion from /settings/danger.

8. Term, termination, return

This DPA lasts as long as the underlying service contract. On termination, Augur deletes customer data within 30 days (subject to legal retention for billing records). A signed certificate of deletion is available on request.