AURA is a proximity-based reputation app. Because the product depends on real-world location and real interactions between real people, we collect and use certain personal data to make it work. This policy explains exactly what we collect, why, and what rights you have over it.
AURA is operated by AuraLabs ("we," "us," or "our"), based in Virginia Beach, Virginia, USA. Questions about this policy can be directed to legal@liveaura.app.
Account information. When you sign up, we collect your name, profile photo, and authentication details via Google Sign In or Sign In with Apple. We do not store your Google or Apple password.
Phone number. We require phone verification to use core features of the app. Your number is verified via Twilio and stored to enforce one-account-per-person policy and prevent abuse. VoIP numbers are blocked.
Location data. AURA is location-driven. We collect your GPS coordinates while the app is active and, if you grant the permission, while it runs in the background via a foreground location service. Location data is used to show you nearby users and to show you to nearby users. Location data is stored temporarily and expires after a short inactivity window.
Bluetooth data. The app uses Bluetooth Low Energy (BLE) to detect and be detected by nearby users. We broadcast a short anonymous identifier (your bleId) in BLE advertising packets. We do not collect data about non-AURA Bluetooth devices.
Reputation data (vibes). When another user rates you, we store the structured metric votes they submitted. No comments or free-text are collected — only structured ratings. Your aggregate AURA score is computed from this data.
Profession information. If you choose to add a profession, we store it and the profession-specific ratings you receive. Profession is optional and changeable (with a 30-day cooldown).
Payment information. Subscription payments are handled by RevenueCat and Stripe. We do not store your payment card details. We receive subscription status and transaction identifiers from these providers.
Device and usage data. We collect device identifiers, operating system version, push notification tokens, and basic usage logs for diagnostics and app functionality. Crash reports may include device state at the time of the crash.
Waitlist data. If you submitted your email on liveaura.app before downloading the app, that email is stored via Netlify Forms and used only to notify you about AURA availability.
We do not sell your personal data. We do not use your data for third-party advertising.
Location is the foundation of AURA. When you are active in the app, your location is shared with nearby users (within the app's detection radius) so they can see you exist nearby. You cannot opt out of location sharing while using the app — it is inherent to the product. You can stop sharing your location at any time by closing the app or revoking location permissions in your device settings, which will stop you from appearing to others.
We do not store a persistent history of everywhere you have been. Location records are updated in real time and expire after inactivity.
We share data with third-party service providers only as necessary to operate the app:
We do not sell, rent, or trade your personal data to any third party. We may disclose data if required by law, subpoena, or to protect the safety of users or the public.
We retain your account and reputation data for as long as your account exists. If you delete your account, your profile is deactivated and your public-facing information is removed. Residual data may be retained in backups for up to 90 days. Note that deleting your account carries a trust score penalty per AURA's community rules — this is disclosed in the Terms of Service.
Location data expires automatically after a short period of inactivity (minutes, not days).
AURA is intended for users aged 13 and older. We do not knowingly collect personal information from children under 13. If we become aware that a child under 13 has created an account, we will delete their data and terminate the account. If you believe a child under 13 is using AURA, please contact us at legal@liveaura.app.
We use HTTPS for all data in transit. Data at rest is stored on Supabase with access controls and encryption. Authentication uses short-lived JWTs with refresh token rotation. We take security seriously, but no system is 100% secure — please use a strong, unique password on your Google or Apple account.
Depending on where you live, you may have rights including:
To exercise any of these rights, email legal@liveaura.app. We will respond within 30 days.
Virginia residents may have additional rights under the Virginia Consumer Data Protection Act (VCDPA). California residents may have rights under the CCPA/CPRA. We honor these rights on request.
We send push notifications for events like receiving a vibe, score changes, and milestones. You can manage notification preferences within the app. You can also disable all notifications via your device settings at any time.
We may update this policy as the app evolves. When we make material changes, we will update the effective date at the top and, where appropriate, notify you through the app. Continued use of AURA after changes constitutes acceptance of the updated policy.
AuraLabs
Virginia Beach, Virginia, USA
legal@liveaura.app