How We Protect You

Privacy is how we built the system.

Most platforms treat privacy as a settings page. At Aura, privacy is a technical constraint we designed around from day one. Your photos are never stored with publicly accessible URLs. Your media is never directly downloadable. Your profile is never indexed by search engines. Your notification previews never reveal what app sent them.

These aren't features you turn on. They're properties of the architecture itself.

What we collect.

We collect the minimum necessary to operate the platform:

• Waitlist signups (Step 1): Email address and city. That's it.
• Waitlist profile (Step 2, optional): Account type, partner name(s), experience level, and lifestyle priorities. Clearly labeled as optional and stored in the same waitlist record.
• Usage data: Privacy-friendly, cookieless analytics via Plausible (EU-hosted). Aggregated page views only — no personal profiling, no behavioral tracking, no ad targeting.
• Cookies: A Cloudflare bot-prevention cookie (functional, session-duration) and an age-gate cookie (functional, 30 days) when implemented. See our Cookie Policy for full details.

We do not collect payment information on the marketing site. We do not collect names, phone numbers, or physical addresses. We do not use analytics services that build profiles of your behavior. We do not use advertising networks. We do not enrich waitlist data with any external data source.

How your media is protected.

Photos and videos on Aura are delivered through signed, time-limited URLs. This means:

• Every request for a photo generates a unique URL that expires after a short window. It cannot be bookmarked, shared, or reused.
• There is no "direct link" to your photos. Even if someone tries to share a URL, it will have expired before the recipient can open it.
• If you revoke access, all existing signed URLs for your content are invalidated immediately. Anyone who had a link will find it broken within seconds.
• Every access to your media is logged. You can see who accessed what and when.

What we never do.

• We never sell your personal information.
• We never share your data with advertisers.
• We never index your profile in public search engines.
• We never share your information with third parties without your explicit consent — except for the services required to operate the platform (listed below).
• We never send marketing from companies other than Aura to your email address.

Your controls.

• Privacy mode: Control who can discover your profile. Visible to all, matches only, or hidden.
• Photo access revocation: Remove access for any specific person or account at any time. Takes effect immediately.
• Account deletion: Permanently delete your account and all associated data. Processed within 30 days.
• Waitlist removal: Email privacy@auraconnect.io to be removed from the waitlist at any time.

Third-party services we use.

• Firebase / Google Cloud — infrastructure, database, cloud storage, authentication, and push notifications (Firebase Cloud Messaging / FCM). Data is stored in the United States.
• Cloudflare — CDN, DDoS protection, and Turnstile CAPTCHA for bot prevention on the waitlist form. Cloudflare may set a functional session cookie (cf_clearance) as part of its bot-prevention challenge. Your email address is not shared with Cloudflare.
• Plausible Analytics — privacy-friendly, cookieless web analytics hosted in the EU. Plausible does not collect personal information, does not set cookies, and does not track you across sites. See Plausible's data policy .
• SendGrid — transactional email delivery (account invitations, notifications, platform communications). Your email address is shared with SendGrid solely for the purpose of delivering these messages.
• Segpay — payment processing for web subscriptions (in-app only, not on the marketing site). Segpay is a PCI-DSS compliant payment processor. Your payment information is handled directly by Segpay and is never stored on Aura's servers.
• RevenueCat — mobile subscription management for iOS and Android. RevenueCat processes purchases through the Apple App Store and Google Play Store on our behalf. Your payment information is handled by the respective app store and is never stored on Aura's servers.
• Twilio — backup SMS verification for account authentication (in-app only, fallback when Firebase Auth SMS is unavailable). Your phone number is shared with Twilio solely for delivering verification codes.
• Google Cloud Vision — automated content moderation for uploaded photos (in-app only). Uploaded images are analyzed for policy compliance. No images are shared with third parties or used for training.

No advertising networks. No social media pixels. No data brokers.

Contact us.

Privacy questions: privacy@auraconnect.io
General: hello@auraconnect.io
Aura Digital, LLC
502 W 7th St, STE 100, Erie, PA 16502

CCPA / GDPR compliance.

California residents: Under the California Consumer Privacy Act (CCPA), you have the right to know what personal information we collect, request deletion, and opt out of the sale of your data. We do not sell personal information. To exercise your rights, contact privacy@auraconnect.io.

EU/EEA residents: Under GDPR, the legal basis for processing your information is consent (waitlist form submission). You have the right to access, correct, and delete your data. We process data in the United States. Contact us at privacy@auraconnect.io to exercise your rights.

Children's privacy: We do not knowingly collect personal information from anyone under 18 years of age. If you believe we have inadvertently collected such information, contact us immediately.

Data retention.

Waitlist data is retained until app launch + 90 days, then permanently deleted if not converted to an account. Server logs are automatically purged per Firebase Hosting's default retention policy. Plausible analytics data is aggregated and contains no personal information.

Email communications.

If we send you email in the future (platform updates, launch announcements), every message will identify "Aura" as the sender, include our physical mailing address, and contain a one-click unsubscribe link. We will honor unsubscribe requests promptly. We will never disguise promotional emails as transactional messages.