Privacy Policy

The processing of personal data is managed by the AURA Team. We operate under the principles of data minimization, purpose limitation, transparency, and "privacy by design". All sensitive data related to your wellbeing is protected and encrypted during transmission and storage.

We collect and process the following categories of data: (a) Basic identifying data: email, display name, avatar. (b) Wellbeing and lifestyle data: tracked habits, daily mood logs, text and audio journal entries (audioUrl). (c) Physical metrics: gender, age, height, weight (used to calculate BMI and calibrate workout/nutrition plans). (d) Wearable device data: step count, heart rate, and training history imported via Google Fit, Health Connect, or Apple Health. (e) Financial and transaction data: details of Premium subscription purchases and in-app transactions processed through Stripe. (f) Location data: approximate geographic coordinates with a ~1km precision for the Aura World feature, only with your explicit consent.

AURA uses advanced artificial intelligence models (specifically Google's Gemini 3.1-flash-lite via Vertex AI) to provide Motivational Coaching, Journal Emotional Analysis, Dr. Diet dietitian, and Personalized Nutrition. Journal notes and nutritional goals are sent to the AI API to generate feedback, but they are not stored by Google to train its commercial models. No personal data is ever sold to third parties or used for advertisement profiling.

We process your data exclusively based on your explicit consent (Art. 6, par. 1, lett. a GDPR), provided when launching the app and activating individual features (such as wearable sync or location sharing), or for the performance of a contract (Art. 6, par. 1, lett. b GDPR) regarding Premium subscription purchases and in-app transactions.

We utilize Google Firebase's secure cloud services (Firestore and Realtime Database) hosted in servers located within the European Union. All data is securely stored with restrictive safety rules to prevent unauthorized access. Sensitive data, including journal notes and audio files, is transmitted via secure encrypted channels (HTTPS).

In accordance with Articles 15-22 of the GDPR, you have the right at any time to: (a) Access your personal data stored on our servers. (b) Request the rectification of incorrect data. (c) Request data portability by exporting your data in a standard JSON format directly from the application settings page. (d) Request the permanent erasure ("Right to be forgotten") of all your personal data and account via the "Delete Account" button in the settings, which instantly purges all records from Firebase databases.