Privacy Policy

Effective date: May 6, 2026  ·  AuraForge, LLC  ·  Virginia Beach, Virginia

AURA is a proximity-based reputation app. Because the product depends on real-world location and real interactions between real people, we collect and use certain personal data to make it work. This policy explains exactly what we collect, why, and what rights you have over it.

1. Who We Are

AURA is operated by AuraForge, LLC ("we," "us," or "our"), based in Virginia Beach, Virginia, USA. Questions about this policy can be directed to legal@liveaura.app.

2. Information We Collect

Account information. When you sign up, we collect your name, profile photo, and authentication details via Google Sign In or Sign In with Apple. We do not store your Google or Apple password.

Phone number. We require phone verification to use core features of the app. Your number is verified via Twilio and stored to enforce one-account-per-person policy and prevent abuse. VoIP numbers are blocked.

Location data. AURA is location-driven. We collect your GPS coordinates while the app is active and, if you grant the permission, while it runs in the background via a foreground location service. Location data is used to show you nearby users and to show you to nearby users. Location data is stored temporarily and expires after a short inactivity window.

Bluetooth data. The app uses Bluetooth Low Energy (BLE) to detect and be detected by nearby AURA users. We broadcast a short anonymous identifier (your bleId) in BLE advertising packets continuously while the app is running, including in the background. Other AURA users within approximately 150 feet who have the app installed and have opted in may detect your presence via this signal — and you may detect theirs. This detection occurs even when your screen is locked or the app is not in the foreground. We do not collect data about non-AURA Bluetooth devices.

No biometric data. We do not collect biometric identifiers (fingerprints, facial geometry, voice prints, iris or retina scans, hand or palm geometry, gait analysis, or any similar biometric measurements). The bleId is a randomly assigned numeric identifier and is not derived from any physical characteristic of you or your device. Your profile photo is stored as a regular image file and is not analyzed for facial recognition or biometric extraction.

Reputation data (vibes). When another user rates you, we store the structured metric votes they submitted. No comments or free-text are collected — only structured ratings. Your aggregate AURA score is computed from this data and is visible to other AURA users.

Profession information. If you choose to add a profession, we store it and the profession-specific ratings you receive. Profession is optional and changeable (with a 30-day cooldown).

Payment information. Subscription payments are handled by RevenueCat and Stripe. We do not store your payment card details. We receive subscription status and transaction identifiers from these providers.

Device and usage data. We collect device identifiers, operating system version, push notification tokens, and basic usage logs for diagnostics and app functionality. Crash reports may include device state at the time of the crash.

Waitlist data. If you submitted your email on liveaura.app before downloading the app, that email is stored via Netlify Forms and used only to notify you about AURA availability.

3. How We Use Your Information

• To provide the app's core features: showing nearby users, enabling vibes, computing your AURA score
• To verify your identity and phone number
• To send push notifications (subject to your in-app preferences)
• To process subscription payments
• To enforce community standards, investigate reports, and take moderation actions
• To diagnose crashes and improve app performance
• To communicate service updates and, if you opted in, product announcements

We do not sell your personal data. We do not share your personal data for cross-context behavioral advertising. We do not use your data for third-party advertising. We do not engage in profiling that produces legal or similarly significant effects on you without your consent — your AURA score is computed from votes cast by other users you have encountered, is visible only within the AURA platform, and is not shared with employers, lenders, insurers, or other third parties for decisions about you.

4. Location and Bluetooth Detection — Additional Detail

Location and Bluetooth are the foundation of AURA. When you are active in the app, your location is shared with nearby users (within the app's detection radius) so they can see you exist nearby. You cannot opt out of location sharing while using the app — it is inherent to the product. You can stop sharing your location at any time by closing the app or revoking location permissions in your device settings, which will stop you from appearing to others.

In addition to GPS, AURA uses Bluetooth Low Energy (BLE) to detect nearby users and to make you detectable to them. Your device broadcasts an anonymous BLE signal continuously while AURA is running, including when the app is in the background or your screen is locked. Other opted-in AURA users within approximately 150 feet can detect your presence via this signal, and you can detect theirs. By using AURA, you consent to this mutual background detection among opted-in users.

You can stop BLE detection at any time by revoking Bluetooth permissions in your device settings or by closing the app. Revoking Bluetooth permission will prevent AURA from detecting nearby users via BLE and will prevent other AURA users from detecting you via BLE.

We do not store a persistent history of everywhere you have been. Location records are updated in real time and expire after inactivity. BLE detection events are stored temporarily to power the nearby user list and expire within minutes.

5. Sharing Your Information

We share data with third-party service providers only as necessary to operate the app:

• Supabase — database hosting (PostgreSQL)
• Railway — backend server hosting
• Cloudflare R2 — profile photo storage
• Twilio — phone number verification
• RevenueCat / Stripe — subscription and payment processing
• Google / Apple — OAuth authentication
• Firebase (Google) — push notification delivery (FCM)
• Netlify — waitlist form submissions

We do not sell, rent, or trade your personal data to any third party. We may disclose data if required by law, subpoena, or to protect the safety of users or the public.

6. Data Retention

We retain your account and reputation data for as long as your account exists. If you delete your account, your profile is deactivated and your public-facing information is removed. Note that deleting your account carries a trust score penalty per AURA's community rules — this is disclosed in the Terms of Service.

Our database provider (Supabase) automatically takes a daily backup of our database and retains those backups for up to 7 days. This means residual copies of deleted account data may persist in those rolling backups for up to 7 days after deletion before being overwritten in the normal backup rotation. We do not access these backups for any purpose other than disaster recovery.

Location data expires automatically after a short period of inactivity (minutes to hours, not days). BLE detection records expire within minutes of the detection event.

7. Children's Privacy

AURA is intended for users aged 13 and older. We do not knowingly collect personal information from children under 13. If we become aware that a child under 13 has created an account, we will delete their data and terminate the account. If you believe a child under 13 is using AURA, please contact us at legal@liveaura.app.

8. Security

We use HTTPS for all data in transit. Data at rest is stored on Supabase with access controls and encryption. Authentication uses short-lived JWTs with refresh token rotation. We take security seriously, but no system is 100% secure — please use a strong, unique password on your Google or Apple account.

9. Your Rights

Depending on where you live, you may have rights including:

• Access to the personal data we hold about you
• Correction of inaccurate data
• Deletion of your account and associated data
• Objection to or restriction of certain processing
• Data portability
• Opt out of the sale or sharing of personal information (we do not sell or share for cross-context behavioral advertising)
• Opt out of profiling that produces legal or similarly significant effects (we do not engage in such profiling)

To exercise any of these rights, email legal@liveaura.app. We will respond within 30 days as required by applicable law (45 days under the VCDPA, with one 45-day extension if reasonably necessary).

Virginia residents have rights under the Virginia Consumer Data Protection Act (VCDPA). California residents have rights under the CCPA/CPRA. We honor these rights on request. If we deny your request, you have the right to appeal that decision; appeals can be submitted to legal@liveaura.app with "Appeal" in the subject line.

10. Push Notifications

We send push notifications for events like receiving a vibe, score changes, and milestones. You can manage notification preferences within the app. You can also disable all notifications via your device settings at any time.

11. Geographic Scope

AURA is intended for use within the United States. We do not target users outside the United States. If you access AURA from outside the United States, you do so on your own initiative and are responsible for compliance with local laws.

12. Changes to This Policy

We may update this policy as the app evolves. When we make material changes, we will update the effective date at the top and, where appropriate, notify you through the app. Continued use of AURA after changes constitutes acceptance of the updated policy.

13. Contact

AuraForge, LLC
Virginia Beach, Virginia, USA
legal@liveaura.app

---

© 2026 AuraForge, LLC. All rights reserved.  ·  Terms of Service