← Back to AURA
Privacy Policy
Last updated: April 10, 2026
Summary: Your privacy is our priority. Photos are processed transiently via a secure AI service and are never stored on our servers — they remain only on your device. We use anonymous device identifiers, never require personal information, and you can delete all your data at any time.
1. Introduction
This Privacy Policy describes how RATTO Michaël ("we," "us," or "our") collects, uses, and protects your information when you use the AURA mobile application ("the App"). We are committed to protecting your privacy and complying with applicable data protection laws, including the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and the Apple App Store Review Guidelines.
2. Information We Collect
2.1 Photos and Face Data
When you use the scan feature, the App accesses your device camera to take a selfie. This photo contains face data (facial features visible in the image). This face data is:
- Sent securely via encrypted connection (HTTPS/TLS) to a third-party AI service (Google Gemini API) for real-time analysis.
- Processed transiently: the photo and face data exist in server memory only for the duration of the API call (typically a few seconds) and are never written to disk, never stored in a database, and never retained by our servers or by the AI service after processing.
- Used solely to generate your Aura Score, Archetype, and Glow-Up Preview. No biometric data, facial recognition templates, or facial geometry maps are created or stored.
- The resulting analysis and enhanced image are returned directly to your device and stored only on your device (locally in the App's sandboxed storage).
- Never shared with any third parties for advertising, marketing, tracking, or any purpose beyond the immediate AI analysis.
- No server-side copy of your photo, face data, or generated image exists after the response is sent to your device.
- Face data is never used for facial recognition, identity verification, or user tracking.
2.1.1 Face Data Summary
- What face data is collected: A selfie photo containing the user's facial features, captured via the device camera with user permission.
- How face data is used: The photo is sent to Google Gemini API solely for real-time AI analysis to generate an aura score, personality archetype, and optional AI-enhanced image (Glow-Up). No biometric templates or facial geometry data are extracted or stored.
- Third-party sharing: Face data (the photo) is shared only with Google Gemini API for transient processing. Google does not retain API inputs after processing. No other third party receives face data.
- Storage: Face data is never stored on our servers. The original photo and any AI-generated images are stored exclusively on the user's device in the App's sandboxed storage.
- Retention: Face data is retained in server memory for the duration of the API call only (typically 2-5 seconds). No server-side copy exists after the response is returned. On-device photos persist until the user deletes them from the App.
2.2 Device Information
We collect an anonymous device identifier using Apple's DeviceCheck framework. This is used solely to:
- Track free scan usage limits per device.
- Prevent abuse of the free tier.
- Associate your stored scans with your device (not your identity).
We do NOT collect: your name, email address, phone number, Apple ID, or any other personally identifiable information.
2.3 Purchase Information
All purchases are processed by Apple through the App Store. We do not have access to your payment information. We only receive a transaction receipt to verify and deliver your purchased credits.
2.4 Usage Analytics
We may collect anonymized analytics data such as feature usage frequency and crash reports to improve the App experience. This data is aggregated and cannot be used to identify individual users.
3. How We Use Your Information
We use the information collected to:
- Provide the App's core functionality (scan analysis, Glow-Up generation, compatibility scans).
- Deliver and verify In-App Purchases.
- Store your scan history (only with your explicit consent).
- Prevent fraud and abuse of the service.
- Improve the App's performance and features.
4. Data Storage and Security
- Photos are never stored on our servers. All photo processing is transient: images are sent to the AI service, processed in memory, and the result is returned directly to your device. No server-side copy is retained.
- Scan result metadata (scores, archetypes, text descriptions) may be stored on secure servers with encryption at rest and in transit, associated with an anonymous device identifier — not your personal identity.
- All original photos and generated images are stored exclusively on your device, in the App's private sandboxed storage.
- We implement industry-standard security measures including HTTPS/TLS encryption, HMAC request signing, and access controls.
- Our backend servers are located in the European Union (EU-West region).
5. Third-Party Services
We use the following third-party services to provide the App's functionality:
- Google Gemini API: For AI-powered photo analysis and image enhancement (Glow-Up feature). Your photo is sent to Google's Gemini API for transient, real-time processing only. Google does not store, retain, or use API inputs to train their models. Google's Gemini API Terms of Service and data usage policies apply.
- OpenAI API: For text-based AI analysis (energy reading, archetype descriptions). Only text data is sent to OpenAI — no photos or images are shared with OpenAI. OpenAI does not use API inputs to train their models.
- Supabase: For secure backend services and edge function hosting. No user photos are stored in Supabase.
- Apple StoreKit / RevenueCat: For In-App Purchase management and subscription handling.
We do not sell, rent, or share your personal data with advertisers or marketing companies.
6. Your Rights
Under GDPR, CCPA, and other applicable laws, you have the right to:
- Access: Request a copy of all data associated with your device.
- Deletion: Delete all your stored data at any time from the App's Settings screen, or by contacting us.
- Portability: Request your data in a machine-readable format.
- Opt-out: Decline to store your scan results on our servers (data stays local only).
- Withdraw consent: You can withdraw your storage consent at any time.
To exercise any of these rights, use the "Delete My Data" option in the App's Settings, or contact us at scokiller@gmail.com.
7. Data Retention
- Photos: Never retained on our servers. Processing is transient (seconds) and no copy is stored. Photos exist only on your device.
- Scan metadata: Text-based scan results (scores, descriptions) are retained until you request deletion.
- Anonymous analytics: Retained for up to 24 months.
- When you delete your data, all associated scan metadata is permanently removed from our servers within 30 days. Photos do not need to be deleted from our servers since they were never stored there.
8. Children's Privacy
AURA is rated 4+ on the App Store and does not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal data, please contact us immediately and we will take steps to delete it.
9. International Data Transfers
Your data may be processed in servers located in the EU and the United States (for AI processing via Google Gemini API and OpenAI). All processing is transient — no user photos are stored outside of the user's device. We ensure appropriate safeguards are in place for any international data transfers in accordance with GDPR requirements.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes through the App or by updating the "Last updated" date. Your continued use of the App after changes constitutes acceptance of the updated policy.
11. Contact Us
For any privacy-related questions or requests, please contact us at:
RATTO Michaël
Email: scokiller@gmail.com