Privacy Policy
Last updated: 2026-04-17
What aura does
aura is an AI dating coach that analyses chat conversations you share with us and generates reply suggestions. You upload screenshots or paste text from your dating conversations; our AI reads the conversation and provides intelligence, reply suggestions, and a Rizz Score.
Data we collect
| Data | Purpose | Retention |
|---|---|---|
| Email address | Authentication (magic-link OTP) | Until account deletion |
| Chat screenshots and text | AI analysis and reply generation | Free tier: 24 hours. Paid tier: 30 days (encrypted at rest) |
| Reply session history | Outcome tracking and Rizz Score | Until account deletion |
| Age confirmation | Regulatory requirement for NSFW content gating | Until account deletion |
| Device identifiers | Push notifications (OneSignal) | Until account deletion or opt-out |
| Usage events | Product analytics (PostHog) | Anonymised; no PII or chat content |
Third-party processors
- Supabase(database, auth, storage) — EU region
- OpenAI(AI analysis via GPT-4o) — data not used for training per our API agreement
- RevenueCat (subscription management)
- OneSignal (push notifications)
- PostHog (anonymised product analytics)
How we protect your data
- Chat content is encrypted at rest for paid users (pgcrypto column-level encryption).
- Free-tier chat content is automatically deleted within 24 hours.
- Screenshots are moderated server-side before storage (CSAM detection, NSFW filtering).
- All images are stored in private buckets; access is via short-lived signed URLs (max 5 minutes).
- Session tokens are stored in the device secure enclave (Expo SecureStore), never in plain storage.
- PII is redacted before any AI processing (phone numbers, emails, addresses, names of non-users).
Third-party consent
You upload screenshots of conversations with people who have not consented to our processing. We mitigate this by:
- Redacting PII of non-users before AI processing.
- Never storing non-user names, phone numbers, or identifiers in our database.
- Enforcing strict retention limits (24 hours for free tier).
- Providing no mechanism to search or retrieve data by non-user identifiers.
Your rights
You can exercise the following rights at any time from the Profile tab in the app:
- Right to access: Export all your data as JSON via “Export your data”.
- Right to erasure: Delete your account and all associated data via “Delete account”. This is irreversible and wipes all data across all systems (database, storage, RevenueCat, OneSignal).
- Right to restrict processing: You can stop using the app at any time. Free-tier data is automatically deleted within 24 hours.
Age requirement
aura is rated 17+ due to the availability of NSFW content for paid subscribers who confirm they are 18 or older. Age confirmation is required before NSFW features are activated.
Changes to this policy
We will notify users of material changes via in-app notification and update the “Last updated” date above.
Contact
For privacy inquiries: privacy@tryaura.dating
For security issues: security@tryaura.dating