Privacy Policy
Last Updated: April 22, 2026
Aura Bionics Inc. ("Aura Bionics", "we", "our", "us") is a technology company based in Ontario, Canada. We respect your privacy and are committed to protecting your personal information. This Privacy Policy explains what information we collect, how we use it, and your rights regarding your data.
By using Aura ("the Service"), you agree to the practices described in this Privacy Policy.
1. Information We Collect
We collect only the information necessary to provide the Service:
You provide directly:
- Account information: When you use Aura, we create an anonymous account linked to your device. If you choose to share additional information (such as your name, preferred persona, or relationship context for Inner Circle features), we store that information securely.
- Communication content: Messages you send to your AI companion, voice recordings (processed in real-time), and any feedback or support requests.
- Contact information: If you contact us for support or sign up for updates, we collect your email address.
Collected automatically:
- Device and usage data: Device model, operating system, app version, crash logs, and anonymized usage patterns (which features are used, frequency of use).
- Biometric analysis data: Facial scans captured through the camera for wellness analysis (see Section 4 for details).
Not collected:
- We do not collect government-issued IDs, full name, home address, phone number, or financial information (payment is handled by Apple/Google app stores and RevenueCat, not by us).
2. Use of Information
We use collected information solely to:
- Provide and maintain the Service (scan analysis, AI companion conversations, wellness insights)
- Personalize your experience (remember your name, preferences, persona)
- Communicate important updates about the Service
- Respond to support requests
- Improve app performance through anonymized analytics
- Detect and prevent fraud, abuse, or violations of our Terms
- Comply with legal obligations
We do not use your personal data for third-party advertising or sell it to data brokers.
3. Biometric Information (Facial Scans)
Aura uses facial scans to provide wellness insights. This section describes how we handle biometric data specifically.
What we collect:
- Facial images captured when you initiate a scan
- Derived analysis results (wellness scores, pattern observations)
How we process it:
- Images are processed by OpenAI's GPT-4o Vision API for analysis
- Before analysis, images are pre-screened by OpenAI's Content Moderation API to ensure appropriateness
- Analysis results are used to generate insights displayed to you
- Images may be stored securely in your private account if you enable the Photo Journey feature
What we do NOT do:
- We do not use facial scans to identify you or link to other records
- We do not sell, rent, or share facial scans with advertisers or third parties
- We do not retain raw scan images longer than necessary (images used only for Photo Journey are kept at your request; others are discarded after analysis)
Your control:
- You can delete your Photo Journey history at any time within the app
- You can request complete deletion of all biometric data by contacting info@aurabionics.com
- Deletion requests are completed within 30 days
Note for Illinois residents (BIPA): If you are a resident of Illinois, USA, you have specific rights under the Biometric Information Privacy Act. You consent to our collection and processing of biometric data when you initiate a scan. You can withdraw consent at any time by deleting your account. We retain biometric data only as necessary to provide the Service and delete it within 30 days of account deletion or your explicit request.
4. Camera, Microphone, and Device Permissions
Camera: Requested solely to enable scan features. Camera data is accessed only when you explicitly initiate a scan. We do not access your camera in the background or without your action.
Microphone: Requested to enable voice-based conversations with your AI companion. Audio is transcribed via OpenAI's Whisper API and processed in real time. Raw audio is not stored by Aura. Wake word detection (if enabled) runs locally on your device and does not transmit audio to our servers.
Notifications: Used to send wellness reminders and app updates, only if you grant permission.
You can revoke any of these permissions at any time through your device settings. Revoking permissions may disable some features but will not prevent you from using the app.
5. AI Processing and Third-Party Services
Aura uses AI technology to provide its companion, wellness analysis, and communication features. We partner with the following service providers:
| Service | Purpose | Data Shared |
|---|---|---|
| Firebase (Google) | Authentication, data storage, analytics, messaging | Anonymous user ID, app usage data, chat history, profile data |
| Anthropic (Claude API) | AI companion conversations | Your messages, conversation context, persona preference |
| OpenAI (GPT-4o, Whisper, Moderation) | Facial scan analysis, voice transcription, content moderation | Facial images, voice recordings (transcribed in real-time), scan results |
| ElevenLabs | AI voice generation for Eva/Atlas | Response text to be spoken |
| fal.ai | Hair style analysis (optional feature) | Facial images (only when feature is used) |
| RevenueCat | Subscription management | Anonymous user ID, purchase history |
Important regarding AI training:
- OpenAI API (paid tier) does not use your data to train their models by default (as per OpenAI's API policy)
- Anthropic Claude API does not use your data to train their models by default (as per Anthropic's API policy)
- Your conversations and scans are not added to public training datasets
Each third-party service is subject to its own privacy policy. We recommend reviewing their policies to understand their practices:
- Firebase: https://firebase.google.com/support/privacy
- Anthropic: https://www.anthropic.com/privacy
- OpenAI: https://openai.com/policies/privacy-policy
- ElevenLabs: https://elevenlabs.io/privacy
- fal.ai: https://fal.ai/privacy
- RevenueCat: https://www.revenuecat.com/privacy
6. Content Moderation
To ensure a safe experience for all users, Aura uses automated content moderation:
- All facial scans are pre-screened by OpenAI's Content Moderation API before analysis
- If inappropriate content is detected, the scan is not processed further
- No moderation data is retained; the system only returns a pass/fail signal
- We do not review or manually inspect scan images
Moderation is applied equally to all users without discrimination.
7. Data Retention and Storage
- Active accounts: We retain your data as long as your account is active and for as long as necessary to provide the Service.
- Inactive accounts: Accounts inactive for more than 24 months may be archived or deleted after notice.
- Deletion requests: Upon verified request, we delete your personal data within 30 days. Some data may be retained longer if required by law (e.g., financial records).
- Anonymized data: Aggregated, anonymized usage data may be retained indefinitely for analytics.
Your data is stored on servers operated by Google Firebase (primarily in the United States, with regional failover). Data is encrypted in transit (HTTPS/TLS) and at rest.
8. Age Requirements
Aura Bionics is designed for users aged 18 and over.
While Aura itself contains no graphic, violent, or sexually explicit content, the app is built around adult wellness themes (including romantic relationship support in the Inner Circle feature, subscription payments, and emotionally nuanced AI companion interactions) that are best suited for adults.
For these reasons, we require users to confirm they are 18 or older during onboarding. We do not knowingly collect personal information from anyone under 18. If we become aware that a minor has provided personal information, we will delete it promptly and suspend the account.
Parents or guardians who believe a child has used Aura may contact info@aurabionics.com to request immediate deletion of associated data.
9. No Medical or Diagnostic Use
Aura Bionics is a wellness and lifestyle technology product intended for informational purposes only.
- It does not provide medical advice, diagnosis, treatment, or health assessments.
- Wellness insights generated by the app are reflections based on visual and behavioral patterns, not clinical evaluations.
- You should consult a qualified healthcare professional for any medical concerns.
- Aura is not a substitute for mental health support. If you are experiencing a crisis, please contact local emergency services or a crisis helpline.
10. Legal Compliance
We operate in accordance with applicable privacy laws, including:
- PIPEDA (Personal Information Protection and Electronic Documents Act, Canada)
- Ontario privacy legislation
- GDPR (General Data Protection Regulation, European Union)
- UK GDPR (United Kingdom)
- LGPD (Lei Geral de Proteção de Dados, Brazil)
- CCPA/CPRA (California Consumer Privacy Act, where applicable)
- BIPA (Biometric Information Privacy Act, Illinois)
Where applicable laws provide greater protection than this policy, those laws apply.
11. Your Rights
Depending on your location, you may have the following rights regarding your personal data:
All users:
- Access: Request a copy of your personal data
- Correction: Request correction of inaccurate data
- Deletion: Request deletion of your account and associated data
- Withdrawal of consent: Revoke consent for data processing (may limit functionality)
Additional rights for EU/UK/EEA residents (GDPR):
- Data portability: Receive your data in a machine-readable format
- Restriction of processing: Limit how we process your data
- Objection: Object to certain processing activities
- Right to lodge a complaint with your local data protection authority
Additional rights for Brazilian residents (LGPD):
- Information about data processing: Details on how your data is handled
- Anonymization or blocking of unnecessary data
- Right to review automated decisions that affect you
Additional rights for California residents (CCPA/CPRA):
- Right to know what personal information we collect and how it's used
- Right to opt out of the sale or sharing of personal information (we do not sell data)
- Right to non-discrimination for exercising your rights
To exercise any of these rights, contact info@aurabionics.com. We will respond within 30 days (or sooner where required by law). We may need to verify your identity before processing certain requests.
12. Data Security and Breach Notification
We implement reasonable technical and organizational safeguards to protect personal data, including:
- Encryption in transit (HTTPS/TLS) and at rest
- Firebase authentication and access controls
- Regular security reviews of our code and infrastructure
- Limited employee access on a need-to-know basis
No security system is impenetrable. In the event of a data breach affecting personal information:
- We will notify affected users without undue delay
- We will notify relevant supervisory authorities as required (within 72 hours for GDPR)
- We will provide information on steps taken and actions you can take to protect yourself
13. International Data Transfers
Your data may be processed in countries other than your country of residence, including the United States (where our AI and cloud partners are based). We ensure appropriate safeguards are in place:
- EU/UK data: Transferred under Standard Contractual Clauses (SCCs) with our service providers
- Encryption: All international data transfers occur over encrypted channels
- Third-party compliance: Our partners (Google, OpenAI, Anthropic) are committed to GDPR compliance
14. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. Material changes will be communicated through:
- In-app notification
- Email to registered users (where we have an email address on file)
- Updated "Last Updated" date at the top of this policy
Continued use of the Service after an update constitutes acceptance of the revised policy. If you disagree with changes, you may delete your account.
15. Contact
For privacy-related questions, data requests, or concerns, please contact:
Aura Bionics Inc.
Ontario, Canada
Email: info@aurabionics.com
For GDPR-related requests, please include "GDPR Request" in the subject line.
For CCPA-related requests, please include "CCPA Request" in the subject line.
We aim to respond to all privacy inquiries within 30 days.
Version: 2.0
Effective Date: April 22, 2026