Legal & Privacy

2. Who We Are

This Privacy Policy explains how Aura AI ("Aura AI," "we," "us," or "our") collects, uses, discloses, and protects your personal data when you use our website.

3. Scope of This Privacy Policy

This Privacy Policy applies to personal data we collect when you use Aura AI, including through our website, communications, and related services.

This Privacy Policy does not apply to third-party services that maintain their own privacy notices, including payment processors and external websites linked from our platform.

4. Personal Data We Collect

Depending on how you use Aura AI, we may collect the following categories of personal data:

5. How We Use Personal Data & Our Legal Bases

6. Health-Related & Sensitive Data

Because Aura AI is a mental wellness service, data you provide, and data we derive from it, may constitute sensitive personal data under applicable law, including India's Digital Personal Data Protection Act, 2023.

Where required, we rely on your explicit consent to process health-related or wellness-related data in order to deliver Aura AI's core therapeutic features, including summaries, continuity, memory, and session personalisation.

You may withdraw this consent at any time through in-app settings or by contacting us. Withdrawal does not affect processing already carried out, and may limit parts of the service that depend on this data.

You are not required to provide sensitive data, but some features may not function properly if you choose not to.

7. Automated Processing & AI Personalisation

Aura AI uses automated systems, including AI, to generate responses and support service features. This may include:

• Responses and therapeutic suggestions
• Session summaries and recaps
• Memory and context features
• Emotional-state or theme analysis
• Wellness-profile style outputs
• Personalised reminders, insights, and recommendations

These features are used to provide and personalise the service. They are not intended to replace professional diagnosis, treatment, or crisis care. Aura AI does not use solely automated decision-making that produces legal effects or similarly significant effects on users.

8. Who We Share Personal Data With

We may share personal data with the following categories of recipients where necessary to operate the service or comply with law:

• Cloud hosting, database, infrastructure, and security providers
• Payment processors (Razorpay, Stripe)
• Communications, customer-support, and notification providers
• Analytics, monitoring, and software vendors
• AI model, inference, and related technology providers supporting core functionality
• Professional advisers, auditors, insurers, and legal counsel
• Regulators, courts, law enforcement, or other authorities where required by law
• A buyer or successor party in connection with a merger, acquisition, or sale of assets, subject to appropriate confidentiality protections

We do not sell your personal data. Ever.

9. International Transfers

Some of our service providers may process or store personal data outside India. Where required by applicable law, we rely on appropriate safeguards for international transfers, including data processing agreements with relevant providers.

You may contact us to request information about the transfer mechanisms relied upon for any relevant transfer.

10. Data Retention

We retain personal data only for as long as necessary:

• Account data: Retained while your account is active and for a limited period afterward for dispute resolution and compliance
• Conversation & wellness data: Retained until you delete it, request deletion, or close your account, subject to fraud-prevention and legal retention needs
• Derived & personalisation data: Retained for as long as needed to provide continuity and personalisation features, unless deleted earlier
• Payment & transaction records: Retained for the period required by tax, accounting, and fraud-prevention obligations
• Support communications: Retained as long as reasonably necessary to resolve inquiries and protect legal rights
• De-identified or aggregated data: May be retained longer where it no longer identifies you

If you request deletion, we will process it within 30 days, subject to legal retention requirements.

11. Your Rights & Choices

Depending on where you live, you may have the right to:

• Access personal data we hold
• Correct inaccurate data
• Request deletion of data
• Restrict or object to processing
• Receive data in portable format
• Withdraw consent
• Opt out of marketing
• Lodge a complaint

To exercise any of these rights, contact us at privacy@myauraai.com. We may ask for additional information to verify your identity before responding. We aim to respond within 30 days.

12. Whether You Must Provide Personal Data

Some personal data is necessary to create your account, authenticate you, provide AI conversations and continuity features, process payments, and deliver the service. If you do not provide certain required personal data, we may be unable to create your account, provide relevant features, or respond fully to your request.

Providing health-related or wellness data is voluntary, but parts of the service may not function as intended without it.

13. Data Security

We use appropriate technical and organisational measures designed to protect personal data against unauthorised access, disclosure, alteration, and destruction. These measures include:

• Encryption in transit and at rest
• Access controls and role-based restrictions
• Authentication safeguards
• Audit logging and monitoring

However, no method of transmission or storage is completely secure, and we cannot guarantee absolute security. If you believe your account has been compromised, contact us immediately at privacy@myauraai.com.

14. Third-Party Services & Links

Our services may contain links to third-party websites or applications. We are not responsible for the privacy, security, or content practices of those third parties. Their use of your information is governed by their own privacy notices.

15. Marketing & Communications

We may send you service-related communications necessary to operate your account. Where required by law, we will obtain your consent before sending marketing emails. You can opt out of marketing communications at any time by using the unsubscribe link in any email or contacting us directly.

16. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we will post the updated version here and update the "Last updated" date at the top. Where required by law, we will provide additional notice directly to you.