Aurra is a WhatsApp banking assistant. You link your debit card once, then send money, buy airtime, or purchase data by chatting naturally on WhatsApp. Every transaction requires your 4-digit PIN.

Is Aurra safe to use?

Yes. Aurra never holds your money. Payments are processed by Paystack, a CBN-licensed payment processor. Your PIN is encrypted and your card details are stored by Paystack, not Aurra.

How much does Aurra charge for transfers?

Airtime and data are free. Bank transfers cost ₦30 below ₦5,000, ₦50 for ₦5,000 to ₦9,999, and ₦100 for ₦10,000 and above.

Which banks does Aurra support?

Aurra supports all Nigerian banks including GTBank, Access Bank, Zenith Bank, First Bank, UBA, Fidelity, Kuda, Opay, Palmpay, and more.

Can I buy airtime on Aurra?

Yes. You can buy airtime for MTN, Airtel, Glo, and 9mobile — for yourself or any number — completely free with no fees.

Privacy Policy

Name: Aurra
Rating: 4.8 (120 reviews)
Author: Aurra

Last updated: 31 May 2026

Aurra is committed to protecting your privacy. This policy explains what data we collect, why we collect it, and how we protect it. If you have questions, email us at contact@aurra.online.

1. Who We Are

Aurra is a WhatsApp-based AI banking assistant that enables Nigerian users to send money, buy airtime, and purchase data bundles by chatting naturally. We are not a bank. We are a payment facilitation platform that works with licensed payment processors.

For privacy enquiries, contact: contact@aurra.online

2. Information We Collect

Information you provide:

Full name and WhatsApp phone number (required to create an account)
Email address (optional, for account recovery)
4-digit transaction PIN (stored as a one-way hash — we cannot read it)

Information collected automatically:

Transaction history (amounts, recipients, timestamps, status)
WhatsApp message content — only for processing your requests, never stored permanently
IP addresses — for security and fraud detection only
Device and session information — for account security

Information we do NOT collect:

Your full card number, CVV, or expiry date — these are stored by Paystack, not us
Your bank account password or internet banking credentials
Biometric data of any kind

3. How We Use Your Information

To process your payment instructions sent via WhatsApp
To verify your identity before each transaction using your PIN
To detect and prevent fraud, suspicious activity, and unauthorised access
To maintain your transaction history and spending summaries
To send you transaction confirmations and security alerts via WhatsApp
To comply with legal and regulatory obligations

We do not use your data for advertising, and we do not sell your data to any third party.

4. How We Share Your Information

We share your data only with the following parties, and only as necessary:

Paystack: To charge your linked card and process bank transfers. Paystack is licensed by the Central Bank of Nigeria and is PCI-DSS compliant.
Meta (WhatsApp): Your messages pass through the WhatsApp Business API. Meta's own privacy policy applies to message transmission.
Supabase: Our database provider, hosted in the EU. All data is encrypted at rest and in transit.
Law enforcement: If required by a valid legal order, court order, or Nigerian regulation.

We never sell, rent, or trade your personal information.

5. Card and Payment Data

When you link your debit card, your card details (number, CVV, expiry) are submitted directly to Paystack via their secure hosted page. Aurra never sees or stores your full card details.

Paystack stores your card as a secure authorisation token. Aurra only holds this token — which by itself cannot be used to retrieve your card details or make unauthorised charges.

Every charge on your card requires your 4-digit PIN. No transaction can occur without it.

6. Data Security

Your PIN is hashed with bcrypt (12 rounds) — it cannot be reversed or read by anyone
All data is encrypted in transit (HTTPS/TLS) and at rest
Three incorrect PIN attempts locks your account for 30 minutes
Transaction sessions expire after 10 minutes of inactivity
All sensitive operations are logged in an immutable audit trail
Webhook endpoints verify cryptographic signatures before processing any request
Rate limiting protects all API endpoints from brute-force attacks

7. Data Retention

Transaction records are retained for 7 years to comply with Nigerian financial regulations
Audit logs are retained for 2 years
If you delete your account, your personal details are anonymised within 30 days, but transaction records may be retained as required by law

8. Your Rights

You have the right to:

Request a copy of all personal data we hold about you
Request correction of inaccurate data
Request deletion of your account and personal data (subject to legal retention requirements)
Object to processing of your data for any purpose beyond service delivery

To exercise any of these rights, email contact@aurra.online. We will respond within 14 business days.

9. Children

Aurra is not intended for use by anyone under the age of 18. We do not knowingly collect data from minors. If you believe a minor has created an account, please contact us immediately.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will notify you via WhatsApp and update the "Last updated" date at the top. Continued use of Aurra after changes constitutes your acceptance of the new policy.

11. Contact Us

For any privacy-related questions or concerns:

📧 General: contact@aurra.online
🔒 Privacy & Data: admin@aurra.online

Home Terms of Service Contact