Privacy Policy
At AURA, we believe that meaningful connections start with trust. This Privacy Policy explains how we collect, use, protect, and share your information when you use the AURA mobile application and related services. We are committed to being transparent about our data practices and giving you control over your personal information.
Information We Collect
Information You Provide Directly
- Account Information: Name, email address, date of birth, and authentication credentials when you create an account.
- Profile Information: Photos, gender, gender preferences, and any additional details you choose to add to your profile.
- AI Conversation Data: Your responses during the AI-powered onboarding conversation used to generate your Personality DNA and Emotional Fingerprint.
- User-Generated Content: Messages sent through chat, Confession Wall posts, Shared Mission responses, and Whisper messages.
- Payment Information: Purchase history for AURA+ subscriptions and in-app purchases. Payment processing is handled by Apple (App Store) or Google (Play Store); we do not store your credit card or payment instrument details.
- Communications: Correspondence with our support team, feedback, and survey responses.
Information Collected Automatically
- Device Information: Device model, operating system and version, unique device identifiers, language settings, and app version.
- Usage Data: Feature interactions, session duration, screens viewed, match activity, blur reveal progress, and notification interactions.
- Location Data: With your explicit consent, approximate location for proximity-based features (such as nearby matching and Overlap notifications). You may disable location services at any time through your device settings.
- Log Data: IP address, access timestamps, app crash reports, and system activity logs.
Information from Third Parties
- Sign-In Providers: If you sign in using Apple, Google, or another third-party provider, we receive your name, email address, and profile identifier as authorized by you.
- Analytics Partners: Aggregated performance data and attribution information from analytics services.
How We Use Your Information
We use the information we collect for the following purposes:
| Purpose | Data Used |
|---|---|
| Account creation & authentication | Account info, sign-in provider data |
| AI personality analysis & matching | Conversation data, usage patterns, preferences |
| Delivering matches & Chemistry Scores | Personality DNA, location, preferences |
| Blur Reveal & mission features | Interaction data, photos, match progress |
| Chat, Confession Wall & Whisper | Messages, user-generated content |
| Push notifications & alerts | Device tokens, preferences, match events |
| Safety & content moderation | Messages, photos, reports, usage patterns |
| Product improvement & analytics | Usage data, device info, crash reports |
| Payment processing | Purchase history, subscription status |
| Legal compliance & fraud prevention | Account info, log data, device info |
AI & Personality Analysis
AURA uses OpenAI, a third-party AI service provider, to analyze your personality and generate compatibility matches. Before any of your data is sent to OpenAI, you will be asked for your explicit consent through a dedicated consent screen within the app. You may decline and choose not to proceed.
What Data Is Sent to OpenAI
When you consent to AI processing, the following data is sent to OpenAI's servers:
- Your conversation responses — the text messages you type during the AURA personality chat.
- Conversation context — the AI assistant's messages that form part of the dialogue.
What Data Is Never Sent to OpenAI
The following personal information is never shared with OpenAI or any third-party AI provider:
- Your name, email address, or phone number
- Your photos or profile images
- Your location or device information
- Your matches, chat messages with other users, or any social connections
- Your age, gender, or any account identifiers
How Your Data Is Processed
- Personality DNA Generation: During onboarding, you engage in a natural conversation with our AI. Your responses are analyzed by OpenAI to identify personality traits, communication style, and emotional patterns. This generates your unique Personality DNA and Emotional Fingerprint.
- Personality Embedding: A mathematical representation (embedding vector) of your personality is generated to enable compatibility matching with other users.
- Chemistry Score Calculation: Our AI compares Personality DNA profiles using embedding vectors to calculate Chemistry Scores between users, reflecting compatibility across humor, values, emotional wavelength, and communication style.
- Match Descriptions: When matches are found, AI generates brief compatibility descriptions based on trait comparisons. No raw conversation data is shared between users.
OpenAI's Data Handling
- We use the OpenAI API with zero data retention — OpenAI does not store your data after processing.
- OpenAI does not use your data to train or improve their models.
- All communication between AURA and OpenAI occurs over encrypted HTTPS connections through our secure servers.
- For more information, see OpenAI's API Data Usage Policy.
Your Consent & Control
- Before the AI personality conversation begins, you are presented with a clear consent screen that explains what data will be processed and why.
- You must explicitly tap "I Agree & Continue" before any data is sent to OpenAI.
- You can withdraw your consent at any time by deleting your account from Settings.
- You may request deletion of your AI personality data at any time (see Your Rights & Choices).
AI Data Processing Principles
- Raw conversation text is never shared with other users — only AI-generated trait scores and compatibility summaries.
- Your Personality DNA is stored as a mathematical vector representation, not as readable text.
- AI matching decisions can be influenced by your feedback — rejecting or accepting matches helps refine recommendations.
- We do not sell AI-generated personality data to third parties.
Content Moderation
AI-powered systems automatically scan user-generated content (messages, photos, confessions) to detect and filter explicit, harmful, or harassing content. This processing is essential to maintain a safe environment for all users.
How We Share Your Information
We do not sell your personal information. We share data only in the following limited circumstances:
With Other Users
- Profile information and photos (subject to the Blur Reveal system progression).
- Chemistry Score and AI-generated compatibility summaries.
- Confession Wall posts (displayed anonymously).
- Chat messages with matched users.
- Shared Mission responses with assigned mission partners.
With Service Providers
- Cloud Infrastructure: For hosting, database storage, and content delivery.
- AI Processing (OpenAI): Your conversation responses are processed by OpenAI for personality analysis and content moderation, with your explicit consent and under strict data processing agreements. OpenAI does not retain or train on your data.
- Analytics: Aggregated and anonymized usage data for product improvement.
- Push Notifications: Device tokens to notification delivery services.
For Legal Reasons
We may disclose information if required by law, subpoena, or legal process, or if we believe in good faith that disclosure is necessary to protect the safety of any person, prevent fraud, or respond to a government request.
Business Transfers
In the event of a merger, acquisition, or sale of assets, user information may be transferred as part of that transaction. We will notify you via in-app notice or email before your information becomes subject to a different privacy policy.
Data Retention
We retain your information only for as long as necessary to provide our services and fulfill the purposes described in this policy.
| Data Type | Retention Period |
|---|---|
| Account & profile data | Until account deletion |
| AI conversation data | Processed into embeddings, then deleted within 90 days |
| Personality DNA vectors | Until account deletion |
| Chat messages | Until account deletion by either participant |
| Confession Wall posts | Until deleted by user or account deletion |
| Photos | Until removed by user or account deletion |
| Location data | Approximate location cached for 24 hours only |
| Usage & analytics data | Aggregated data retained up to 24 months |
| Safety & moderation records | Up to 3 years for abuse prevention |
When you delete your account, we begin the deletion process within 30 days. Some data may be retained in encrypted backups for up to 90 days before complete removal. Data required for legal obligations or dispute resolution may be retained longer as permitted by law.
Data Security
We implement industry-standard security measures to protect your personal information:
- Encryption in Transit: All data transmitted between your device and our servers is encrypted using TLS 1.2 or higher.
- Encryption at Rest: Personal data stored in our databases is encrypted using AES-256 encryption.
- Access Controls: Strict role-based access controls limit employee access to user data on a need-to-know basis.
- Infrastructure Security: Our infrastructure is hosted on SOC 2 compliant cloud providers with continuous monitoring.
- Photo Security: Profile photos are stored in secure, access-controlled storage with signed URLs that expire.
- Screenshot Detection: The app includes screenshot detection mechanisms within chat and profile views to protect user privacy.
While we strive to protect your information, no method of electronic transmission or storage is 100% secure. If you discover a security vulnerability, please contact us immediately at support@appflows.co.
Your Rights & Choices
You have the following rights regarding your personal data:
- Access: Request a copy of the personal data we hold about you.
- Correction: Update or correct inaccurate information in your profile at any time.
- Deletion: Delete your account and associated data through Settings > Account > Delete Account, or by contacting us.
- Data Portability: Request your data in a structured, machine-readable format.
- Withdraw Consent: Revoke consent for optional processing (e.g., location services, notifications) at any time.
- Restrict Processing: Request that we limit how we use your data in certain circumstances.
- Object: Object to processing based on legitimate interests, including AI-based profiling.
Managing Permissions
- Location: Enable or disable via your device's Settings > AURA > Location.
- Notifications: Manage via Settings > AURA > Notifications, or within the app's notification preferences.
- Camera & Photos: Control access via your device's Settings > AURA > Photos/Camera.
- After Dark Mode: Opt in or out of night mode features through the app settings.
Account Deletion
You may delete your account at any time from Settings within the app. Upon deletion:
- Your profile is immediately removed from discovery and matching.
- Your Personality DNA, Emotional Fingerprint, and photos are queued for permanent deletion.
- Chat histories are removed from your side; the other participant's copy is anonymized.
- Confession Wall posts are permanently deleted.
- Complete data removal is finalized within 90 days.
To exercise any of these rights, contact us at support@appflows.co. We will respond within 30 days.
Cookies & Tracking Technologies
AURA is a native mobile application and does not use browser cookies. However, we use the following technologies:
- Device Identifiers: We use platform-provided advertising identifiers (IDFA on iOS, GAID on Android) only with your explicit consent, in compliance with Apple's App Tracking Transparency framework and Google's policies.
- Analytics SDKs: We use analytics tools to understand app usage patterns. Data collected is aggregated and does not identify you personally.
- Push Tokens: Unique tokens generated by Apple Push Notification Service (APNs) or Firebase Cloud Messaging (FCM) to deliver notifications.
On iOS, you will be prompted via the App Tracking Transparency dialog before any cross-app tracking occurs. You may change your preference at any time in your device settings.
Third-Party Services
We integrate with the following categories of third-party services:
| Service Category | Purpose | Data Shared |
|---|---|---|
| Cloud Infrastructure | Hosting, storage, database | All data (encrypted) |
| AI Processing (OpenAI) | Personality analysis, moderation | Conversation text only (no name, photos, or contact info). Requires explicit user consent. Zero data retention by OpenAI. |
| Authentication | Sign-in services | Auth tokens, email |
| Analytics | Usage insights | Anonymized usage data |
| Notifications | Push delivery | Device tokens, message content |
| Payment Processing | Subscriptions & purchases | Handled by App Store / Play Store |
All third-party providers are bound by data processing agreements and are required to handle your data in accordance with this policy and applicable law. We do not allow third-party providers to use your data for their own purposes.
International Data Transfers
Your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws. When we transfer data internationally, we implement appropriate safeguards:
- Standard Contractual Clauses (SCCs) approved by the European Commission.
- Data processing agreements with all service providers.
- Encryption of data in transit and at rest.
- Compliance with applicable cross-border transfer mechanisms.
Children's Privacy
AURA is intended for users aged 18 and older. We do not knowingly collect personal information from anyone under the age of 18. If we learn that we have collected data from a user under 18, we will delete that information immediately. If you believe a minor has provided us with personal data, please contact us at support@appflows.co.
California Privacy Rights (CCPA/CPRA)
If you are a California resident, you have the following additional rights under the California Consumer Privacy Act and the California Privacy Rights Act:
- Right to Know: You may request details about the categories and specific pieces of personal information we have collected about you in the past 12 months.
- Right to Delete: You may request deletion of personal information we have collected from you, subject to certain exceptions.
- Right to Correct: You may request correction of inaccurate personal information.
- Right to Opt-Out of Sale/Sharing: We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising.
- Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.
- Right to Limit Use of Sensitive Information: You may limit the use of sensitive personal information to what is necessary to provide the services.
Categories of Information Collected
To submit a request, email support@appflows.co or use the in-app privacy request form. We will verify your identity before processing your request and respond within 45 days.
European Privacy Rights (GDPR)
If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, the following additional provisions apply:
Legal Bases for Processing
| Processing Activity | Legal Basis |
|---|---|
| Account creation & service delivery | Performance of contract |
| AI personality analysis & matching | Consent |
| Safety & content moderation | Legitimate interest |
| Analytics & product improvement | Legitimate interest |
| Marketing communications | Consent |
| Legal compliance | Legal obligation |
| Location-based features | Consent |
Additional Rights
- Right to Lodge a Complaint: You have the right to lodge a complaint with your local data protection authority.
- Automated Decision-Making: Our AI matching involves automated processing of your personality data. You have the right to request human review of any significant automated decisions affecting you.
- Data Protection Officer: You may contact our data protection team at support@appflows.co.
Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes:
- We will notify you via in-app notification or email before changes take effect.
- We will update the "Last Updated" date at the top of this page.
- For significant changes, we may require you to re-acknowledge or re-consent to the updated policy.
We encourage you to review this policy periodically. Your continued use of AURA after changes are posted constitutes your acceptance of the updated policy.
Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, please reach out to us:
Email
support@appflows.co
Mailing Address
APPFLOWS TEKNOLOJİ ANONİM ŞİRKETİ
Pınarbaşı Mah. Hürriyet Cad. Akdeniz Üniversitesi Uluğbey AR-GE 2 No: 3 A İç Kapı No: B33
Konyaaltı/Antalya 07070 Turkey
We aim to respond to all privacy-related inquiries within 30 days.