Privacy Policy

How We Protect You

Privacy at Aura is architecture, not afterthought. This page explains what we collect, how we protect it, and the controls you have — in plain language, not legalese.

Last updated: March 11, 2026  ·  Aura Digital, LLC — Commonwealth of Pennsylvania

Privacy is how we built the system.

Most platforms treat privacy as a settings page. At Aura, privacy is a technical constraint we designed around from day one. Your photos are never stored with publicly accessible URLs. Your media is never directly downloadable. Your profile is never indexed by search engines. Your notification previews never reveal what app sent them.

These aren't features you turn on. They're properties of the architecture itself.

What we collect.

We collect the minimum necessary to operate the platform:

  • Waitlist signups (Step 1): Email address and city. That's it.
  • Waitlist profile (Step 2, optional): Account type, partner name(s), experience level, and lifestyle priorities. Clearly labeled as optional and stored in the same waitlist record.
  • Usage data: Privacy-friendly, cookieless analytics via Plausible (EU-hosted). Aggregated page views only — no personal profiling, no behavioral tracking, no ad targeting.
  • Cookies: A Cloudflare bot-prevention cookie (functional, session-duration) and an age-gate cookie (functional, 30 days) when implemented. See our Cookie Policy for full details.

We do not collect payment information on the marketing site. We do not collect names, phone numbers, or physical addresses. We do not use analytics services that build profiles of your behavior. We do not use advertising networks. We do not enrich waitlist data with any external data source.

How your media is protected.

Photos and videos on Aura are delivered through signed, time-limited URLs. This means:

  • Every request for a photo generates a unique URL that expires after a short window. It cannot be bookmarked, shared, or reused.
  • There is no "direct link" to your photos. Even if someone tries to share a URL, it will have expired before the recipient can open it.
  • If you revoke access, all existing signed URLs for your content are invalidated immediately. Anyone who had a link will find it broken within seconds.
  • Every access to your media is logged. You can see who accessed what and when.

What we never do.

  • We never sell your personal information.
  • We never share your data with advertisers.
  • We never index your profile in public search engines.
  • We never share your information with third parties without your explicit consent — except for the services required to operate the platform (listed below).
  • We never send marketing from companies other than Aura to your email address.

Your controls.

  • Block: Your strongest visibility control. Block any account and the two of you disappear from each other completely — discovery, search, who's-viewed-me, and chat all go dark in both directions, and the blocked account is never notified.
  • Photo access revocation: Remove access for any specific person or account at any time. Takes effect immediately.
  • Account deletion: Permanently delete your account and all associated data. Processed within 30 days.
  • Waitlist removal: Email privacy@auraconnect.io to be removed from the waitlist at any time.

Third-party services we use.

  • Firebase / Google Cloud — infrastructure, database, cloud storage, authentication, and push notifications (Firebase Cloud Messaging / FCM). Data is stored in the United States.
  • Cloudflare — CDN, DDoS protection, and Turnstile CAPTCHA for bot prevention on the waitlist form. Cloudflare may set a functional session cookie (cf_clearance) as part of its bot-prevention challenge. Your email address is not shared with Cloudflare.
  • Plausible Analytics — privacy-friendly, cookieless web analytics hosted in the EU. Plausible does not collect personal information, does not set cookies, and does not track you across sites. See Plausible's data policy .
  • SendGrid — transactional email delivery (account invitations, notifications, platform communications). Your email address is shared with SendGrid solely for the purpose of delivering these messages.
  • Segpay — payment processing for web subscriptions (in-app only, not on the marketing site). Segpay is a PCI-DSS compliant payment processor. Your payment information is handled directly by Segpay and is never stored on Aura's servers.
  • RevenueCat — mobile subscription management for iOS and Android. RevenueCat processes purchases through the Apple App Store and Google Play Store on our behalf. Your payment information is handled by the respective app store and is never stored on Aura's servers.
  • Twilio — backup SMS verification for account authentication (in-app only, fallback when Firebase Auth SMS is unavailable). Your phone number is shared with Twilio solely for delivering verification codes.
  • Google Cloud Vision — automated content moderation for uploaded photos (in-app only). Uploaded images are analyzed for policy compliance. No images are shared with third parties or used for training.

No advertising networks. No social media pixels. No data brokers.

Contact us.

Privacy questions: privacy@auraconnect.io
General: hello@auraconnect.io
Aura Digital, LLC
502 W 7th St, STE 100, Erie, PA 16502

CCPA / GDPR compliance.

California residents: Under the California Consumer Privacy Act (CCPA), you have the right to know what personal information we collect, request deletion, and opt out of the sale of your data. We do not sell personal information. To exercise your rights, contact privacy@auraconnect.io.

EU/EEA residents: Under GDPR, the legal basis for processing your information is consent (waitlist form submission). You have the right to access, correct, and delete your data. We process data in the United States. Contact us at privacy@auraconnect.io to exercise your rights.

Children's privacy: We do not knowingly collect personal information from anyone under 18 years of age. If you believe we have inadvertently collected such information, contact us immediately.

Data retention.

Waitlist data is retained until app launch + 90 days, then permanently deleted if not converted to an account. Server logs are automatically purged per Firebase Hosting's default retention policy. Plausible analytics data is aggregated and contains no personal information.

Email communications.

If we send you email in the future (platform updates, launch announcements), every message will identify "Aura" as the sender, include our physical mailing address, and contain a one-click unsubscribe link. We will honor unsubscribe requests promptly. We will never disguise promotional emails as transactional messages.

Your privacy questions, answered.

Who can see our profile? Can we control our visibility?

Your profile is only ever visible to logged-in Aura members — never indexed by search engines, never surfaced in a public web search, and never shown to anyone who is not signed in. Within Aura, your strongest control is Block: block an account and the two of you disappear from each other completely — discovery, search, who's-viewed-me, and chat all go dark in both directions, and the blocked account is never told. You can block proactively, before any contact, if you recognize someone you would rather not encounter. Aura also runs no public activity feed — there is no timeline or post history attached to your profile for anyone to scroll.

How are our photos protected? Can another member save or share them?

Private photos on Aura are delivered through time-limited signed URLs generated by our servers — there is no direct access to the underlying storage. This means that even if someone captures a URL, it expires and becomes invalid within minutes. We cannot prevent someone from taking a screenshot, but we can and do make it technically difficult to directly download or share photos by URL. You can revoke photo access for any couple at any time, instantly — even after access has been granted. This is not a setting buried in a menu. It is a first-class feature available in one tap.

What if a coworker, neighbor, or family member is also on Aura?

This is one of the most common concerns couples bring to us, and we take it seriously. If you recognize an account you would rather not encounter, you can block it proactively — blocking is bidirectional, so you vanish from each other's discovery, search, who's-viewed-me, and chat, and they are never notified. Aura also runs no public activity feed: there is no timeline or post history that could reveal you are here. Your profile is never indexed by search engines and is only ever visible to signed-in members. Discretion is not an afterthought on Aura — it is load-bearing architecture.

Will the app be discreet on our phone?

Yes, intentionally. Push notifications from Aura use generic text — they will never display a sender name, a match detail, or anything that identifies the context of the notification on your lock screen. The app icon is abstract and non-descriptive. The app can be configured to require biometric or PIN authentication before opening, independent of your phone lock. App name in your app library is simply "Aura." We have thought carefully about the scenario where someone else glances at your screen or your notification bar, and designed against it at every layer.

Do you sell our data?

No. Full stop. Aura does not sell, license, or monetize user data to any third party. Our business model is subscription revenue — we are paid directly by couples who find value in the platform, not by advertisers or data brokers who want access to your information. We have no advertising relationships. We run no advertising pixels. The product is Aura. You are not the product.

What data does Aura actually collect?

We collect what we need to run the platform and nothing we do not. This includes: account credentials (email, authentication tokens), profile information you provide (names, location at city level, preferences, photos you upload), interaction data (connections, messages, photo access grants), and standard app analytics (crash reports, performance data — no behavioral ad tracking). We do not collect precise GPS location, we do not access your contacts, and we do not build advertising profiles. Our full Privacy Policy details everything collected, how it is used, and how long it is retained.

Can we permanently delete our account and all our data?

Yes. You can request complete account deletion by contacting support. Once you do, your profile is removed from discovery, all your photos are deleted from storage, and your personal data is permanently purged from our systems within 30 days. Anonymized, non-identifiable analytics data may be retained for platform improvement. You will receive email confirmation when deletion is complete. We will never put a survey or a multi-step retention gauntlet between you and leaving.

How does Aura use our location?

Aura uses your location at the city level to surface relevant couples and events in your area. We do not track your precise GPS location in the background, and we do not store a history of your movements. When you set up your profile, you choose your city. When browsing events or nearby couples, the app uses approximate location (not precise GPS) to calculate distances and surface relevant results. Location access can be set to "while using the app" on both iOS and Android — we do not request background location permissions.

Will our Aura profile show up in a Google search?

No. Aura profiles are never indexed by search engines. Profile pages are behind authentication — they are not accessible to any crawler or unauthenticated visitor. There is no public-facing URL for any user profile on Aura. This is a deliberate architectural decision, not a setting you need to configure.

Safety & trust.

How do you make sure accounts are real people and not fakes?

Aura confirms a real, of-age adult is behind every paid account through a one-time identity check at upgrade — a government ID plus a single liveness check against that document, done once. It is never matched against your profile photos and never repeated on your content. There is deliberately no "verified couple" badge and no "verified-only" filter, because the people who most value discretion often use non-identifiable photos, and a public badge would quietly recode privacy as something suspicious. Impersonation is handled where it actually shows up: any member can report an account in one tap, and accounts found misrepresenting who they are are permanently removed. The trust signal lives in the architecture, not in a badge.

How do you handle fake profiles and single men misrepresenting themselves as couples?

This is one of the most persistent problems on every lifestyle platform, and Aura addresses it without the theater of a "verified couple" badge. Every paid account completes a one-time, document-based identity check at upgrade that confirms a real, of-age adult stands behind it — not a photo match against profile pictures, and never a public badge or a "verified-only" filter that would punish members who keep their photos discreet. Misrepresentation is caught where it surfaces: any member can report an account in one tap, reports are reviewed quickly, and accounts found to be misrepresenting who they are — including a single person posing as a couple — are permanently removed and barred from returning. Honesty about who you are is a community standard, not a setting.

What happens if someone violates consent or behaves inappropriately?

Reports of consent violations are treated as priority cases and reviewed by our safety team within 24 hours. Depending on severity, the response ranges from a formal warning and temporary suspension to permanent account removal and, where appropriate, referral to relevant authorities. We maintain a zero-tolerance policy for coercion, harassment, non-consensual image sharing, or any behavior that violates a member's stated limits. Members who are permanently banned from Aura are prohibited from creating new accounts. Reporting is anonymous — the person you report is never notified who made the report.

How do I report a member or conversation that concerns me?

Every profile and conversation has a Report option, one tap away. You can report for harassment, a fake profile, suspected underage use, non-consensual content, spam, or anything else that concerns you. Each report includes a short description so our team has the context to act, and you can attach a photo as evidence if it helps. Reports go straight to our safety team — and for the platform's first 90 days, the founder personally reviews every one. You will get a confirmation that your report was received. Reporting is private: the person you report is never told who filed it, and you can block the account in the same step so there is no further contact while we review.

How do you ensure all members are 18 or older?

Age is confirmed at two points. Every member affirms they are 18 or older at account creation, with date of birth recorded and locked — only your age is ever shown, never your birth date. When a member upgrades to a paid tier, the same one-time, document-based identity check that confirms a real adult holds the account also confirms they are of age. Any account confirmed or suspected to belong to a minor is immediately suspended and reported as required by law. We cooperate fully with law enforcement, and the platform is designed to keep minors off it in the first place. This is a bright line with zero tolerance and no exceptions.

Can we block specific couples or individuals?

Yes. Blocking removes a couple from your discovery feed, prevents them from viewing your profile, and removes any existing connection or conversation. Blocked accounts are never notified that they have been blocked — they simply no longer see you on the platform. You can block proactively — before any contact occurs — if you recognize an account you would prefer not to encounter on the platform. Blocks are permanent until you choose to remove them and can be managed from your account settings.

What are Aura's community standards?

Aura's community standards are built around three pillars: consent, honesty, and discretion. Consent means every interaction is explicitly agreed to — no pressure, no assumption, no pushing past stated limits. Honesty means profiles accurately represent who you are — real photos, accurate descriptions, transparent preferences. Discretion means what happens on Aura stays on Aura — no sharing of other members' information, photos, or identities outside the platform without explicit permission. Violations of any of these standards result in account action up to and including permanent removal. The full community standards are published in our Terms of Service.

What prevents another member from sharing our photos outside the platform?

Technical and social mechanisms both. On the technical side, private photos are delivered through time-limited signed URLs that cannot be directly linked or shared in a functional way — the URL itself expires within minutes. Photos cannot be downloaded through the standard interface. On the social side, non-consensual sharing of another member's photos results in immediate permanent account termination and, depending on jurisdiction and circumstances, may constitute a legal violation that we will support affected members in pursuing. We are also building watermarking for private photos that embeds invisible account-identifying metadata — deterrence through traceability.

What happens if there is a data breach?

We collect minimal data by design — the less we hold, the less there is to expose. In the event of a confirmed breach, we will notify affected members within 72 hours, and sooner where applicable US state law requires it. Notification will include a clear description of what was accessed, what was not, and what specific actions affected members should take. We do not hold payment card numbers — all payment processing is handled by our PCI-compliant processor, not stored in our systems. Breach response procedures are tested regularly as part of our security operations.