Privacy Policy

1. Overview

Aura ("we," "our," or "us") is a private, permission-gated social application designed for families. This Privacy Policy describes how we collect, use, store, and protect personal information when you use our website at aura.app and our mobile and web applications (collectively, the "Service").

By using the Service, you agree to the collection and use of information as described in this policy. If you do not agree, please do not use the Service.

2. Who We Are

Aura is operated by Aura Technologies, Inc., a Delaware corporation. For the purposes of GDPR, Aura Technologies, Inc. is the data controller of your personal information.

3. What We Collect

We practice data minimisation — we only collect what is strictly necessary to provide the Service. Here is a complete list:

What we do NOT collect: We do not collect your location, contacts, microphone audio, advertising identifiers, or any biometric data. We do not build advertising profiles. We do not use third-party tracking pixels.

4. How We Use Your Data

We use your information solely to:

• ✓Provide, maintain, and improve the Aura Service
• ✓Authenticate your identity and protect your account
• ✓Process subscription payments via our payment processor (Stripe)
• ✓Send transactional emails (account confirmation, password reset, billing receipts)
• ✓Respond to customer support requests
• ✓Detect and prevent fraud, abuse, and security incidents
• ✓Comply with applicable laws and regulations

We will never: sell your data, use it for advertising, share it with data brokers, or use it to train AI models without your explicit consent.

Aura complies with the Children's Online Privacy Protection Act (COPPA). Our Service is designed for adults (13 years of age or older) to share content about their families. Children under 13 may not create an Aura account.

Aura is aware that users may share photos and content featuring children under 13. We treat all such content with the highest level of protection:

• ✓All content is end-to-end encrypted — Aura cannot view photos or posts featuring children
• ✓Content is only visible to adults who have been explicitly approved by the account holder
• ✓We do not use content featuring children for any commercial purpose, including advertising or AI training
• ✓We do not allow public sharing of any content — all profiles are private by default
• ✓Account holders may delete all content, including photos of children, at any time

If you believe a child under 13 has created an account, please contact us immediately at [email protected]. We will delete the account and all associated data within 72 hours.

6. Your Rights (GDPR / CCPA)

Depending on your location, you have the following rights regarding your personal data. To exercise any of these rights, email [email protected] or use the in-app deletion tool.

We will respond to all rights requests within 30 days. EU/UK residents may also lodge a complaint with their local supervisory authority (e.g. the ICO in the UK, or your national DPA in the EU).

7. Data Sharing

We do not sell, rent, or trade your personal data. We share data only with the following trusted sub-processors, under strict data processing agreements:

We may also disclose data if required by law, court order, or to protect the safety of our users or the public. We will notify you of any such disclosure unless prohibited by law.

8. Data Retention

We retain your data only for as long as necessary to provide the Service or as required by law:

• →Active account data: Retained for the lifetime of your account
• →Encrypted content (posts, photos): Retained until you delete it or close your account
• →Billing records: 7 years (required by tax law)
• →Support communications: 2 years from last contact
• →Anonymised analytics: Up to 24 months
• →Deleted account data: Permanently purged within 30 days of deletion request

9. Security & Encryption

Aura is built with a security-first architecture. Key protections include:

• ✓End-to-end encryption (E2EE) for all posts, photos, and comments — Aura cannot decrypt your content
• ✓AES-256 encryption for all data at rest
• ✓TLS 1.3 encryption for all data in transit
• ✓Passwords are hashed using bcrypt with a minimum cost factor of 12
• ✓Session tokens are rotated on each login and expire after 30 days of inactivity
• ✓No third-party advertising SDKs or tracking pixels that could introduce security vulnerabilities
• ✓Regular independent security audits (annual)

In the event of a data breach affecting your personal information, we will notify you and relevant supervisory authorities within 72 hours as required by GDPR Article 33.

10. Account & Data Deletion

You have the right to delete your account and all associated data at any time. Deletion is permanent and cannot be undone.

How to delete your account:

1. 1. Go to My Profile → Settings → Delete Account in the Aura app
2. 2. Confirm your password and type "DELETE" to confirm
3. 3. Your account and all content will be permanently deleted within 30 days

Alternatively, email [email protected] with the subject line "Account Deletion Request." We will process your request within 30 days and send a confirmation email.

11. Cookies & Tracking

Aura uses a minimal set of cookies. We do not use advertising cookies or third-party tracking. See our full Cookie Policy for details.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email (to the address associated with your account) and by displaying a prominent notice in the app at least 30 days before the changes take effect. Your continued use of the Service after the effective date constitutes acceptance of the updated policy. If you do not agree, you may delete your account before the effective date.

13. Contact Us

If you have any questions about this Privacy Policy or how we handle your data, please contact our Privacy Team: