Privacy Policy

Last Updated: October 9, 2025

1. Introduction

Auro ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and website (collectively, the "Service"). Please read this Privacy Policy carefully. If you do not agree with the terms of this Privacy Policy, please do not access the Service.

2. Information We Collect

2.1 Personal Information

We collect information you provide directly to us, including:

Account information (name, email address, phone number)
Profile information (bio, profile photos, social media handles)
Content you upload (photos, videos, messages for reviews)
Payment information (processed securely through Stripe)
Communication preferences and marketing consent

2.2 Google User Data

When you sign in with Google, we access the following data:

Basic profile information (name, email address, profile picture)
Google account ID for authentication purposes

We do not access your Google Drive, Gmail, Calendar, or any other Google services beyond basic profile information.

2.3 Social Media Data

If you choose to connect social media accounts, we may collect:

Instagram and TikTok usernames and basic profile information
Public content you choose to share for review purposes

2.4 Automatically Collected Information

Device information (device type, operating system, unique device identifiers)
Usage data (pages visited, features used, time spent on the Service)
Log data (IP address, browser type, access times, referring URLs)
Location data (if you grant permission)

3. How We Use Your Information

We use the information we collect to:

Provide, maintain, and improve our Service
Process transactions and send related information
Match users with appropriate reviewers
Send technical notices, updates, security alerts, and support messages
Respond to your comments, questions, and requests
Communicate about products, services, and promotional offers
Monitor and analyze trends, usage, and activities
Detect, investigate, and prevent fraudulent transactions and other illegal activities
Comply with legal obligations

4. Information Sharing and Disclosure

4.1 With Your Consent

We share your information with your explicit consent, including:

Sharing your photos and content with selected reviewers
Publishing reviews on social media (only with your explicit consent)

4.2 Service Providers

We share information with third-party service providers who assist us in operating our Service:

Supabase: Database and authentication services
Stripe: Payment processing
Google: Authentication services
SMS Providers: Two-factor authentication
Cloud Storage: File storage and delivery

4.3 Legal Requirements

We may disclose your information if required by law or to:

Comply with legal process or government requests
Enforce our Terms of Service
Protect the rights, property, or safety of Auro, our users, or others
Prevent fraud or abuse of our Service

4.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.

5. Data Storage and Protection

5.1 Security Measures

We implement appropriate technical and organizational measures to protect your information:

Encryption of data in transit and at rest
Secure authentication and access controls
Regular security assessments and updates
Limited access to personal information on a need-to-know basis
Secure data centers with physical and environmental controls

5.2 Data Location

Your information is stored on secure servers operated by our service providers, primarily in the United States. We ensure that any international transfers comply with applicable data protection laws.

6. Data Retention and Deletion

6.1 Retention Periods

Account Information: Retained while your account is active and for up to 3 years after account closure
Review Content: Automatically deleted after 30 days unless you request otherwise
Payment Information: Retained as required by law and for accounting purposes
Communication Records: Retained for up to 2 years for customer service purposes

6.2 Your Rights

You have the right to:

Access your personal information
Correct inaccurate information
Delete your account and associated data
Export your data in a portable format
Opt out of marketing communications
Withdraw consent for data processing

6.3 Data Deletion Process

To request deletion of your data:

Contact us at privacy@appauro.com
We will verify your identity
We will delete your data within 30 days of verification
We will confirm deletion in writing

7. Google User Data Policy Compliance

This section specifically addresses how we handle data from Google OAuth sign-in, in compliance with the Google API Services User Data Policy.

7.1 What Google Data We Access

When you sign in with Google, we only request and access the following limited data:

Email address: Used for account creation and communication
Name (first and last): Used to personalize your profile
Profile picture (optional): Used for your Auro account avatar
Google Account ID: Used solely for authentication purposes

We do NOT access: Gmail, Google Drive, Google Calendar, Google Photos, Contacts, or any other Google services. We only use basic profile information for authentication.

7.2 How We Use Google Data

Google user data is used exclusively for the following purposes:

Account Creation: Creating and managing your Auro account
Authentication: Verifying your identity when you sign in
Profile Display: Displaying your name and profile picture in the app
Communication: Sending you service-related emails (order confirmations, reviews, account notifications)
Platform Operations: Providing our core review and matching services

We do NOT use Google data for: Advertising, marketing to third parties, AI/ML training, or any purpose unrelated to providing our Service.

7.3 How We Share Google Data

We do NOT sell, rent, or trade your Google user data to third parties.

Google data is only shared in the following limited circumstances:

Supabase (Authentication Provider): Handles secure authentication and stores your email/name in our database. Supabase is SOC 2 Type II certified.
With Your Consent: Your name and profile information is visible to reviewers you match with to provide the review service you requested.
Legal Compliance: If required by law, court order, or government request.

7.4 How We Store and Protect Google Data

Google user data is stored securely using industry-standard practices:

Encryption: All data is encrypted in transit (TLS 1.3) and at rest (AES-256)
Access Controls: Only authorized personnel can access user data on a need-to-know basis
Secure Infrastructure: Data is stored on Supabase's SOC 2 compliant servers
Regular Audits: We conduct regular security reviews and updates
No Third-Party Access: Google data is never shared with unauthorized third parties

7.5 How Long We Keep Google Data

Active Accounts: Google data (email, name, profile picture) is retained while your account is active
After Account Deletion: All Google data is permanently deleted within 30 days of account deletion
Backup Retention: Backup copies are securely destroyed within 90 days

7.6 Your Rights Over Your Google Data

You have complete control over your Google data:

Access: View all Google data we have stored (email, name, profile picture) in your account settings
Update: Change your name and profile picture at any time
Delete: Request complete deletion of your account and all associated Google data
Revoke Access: Disconnect Google sign-in from your Google Account settings at myaccount.google.com/permissions
Export: Request a copy of your data in portable format

To exercise these rights, contact us at privacy@appauro.com or delete your account in app settings.

7.7 Limited Use Disclosure

Auro's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

8. Cookies and Tracking Technologies

We use cookies and similar technologies to:

Remember your preferences and settings
Analyze how you use our Service
Provide personalized content and advertisements
Improve our Service performance

You can control cookies through your browser settings, but disabling cookies may affect Service functionality.

9. Children's Privacy

Our Service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately.

10. International Users

If you are accessing our Service from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States where our servers are located. By using our Service, you consent to the transfer of your information to the United States.

11. California Privacy Rights

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

Right to know what personal information is collected
Right to delete personal information
Right to opt-out of the sale of personal information (we do not sell personal information)
Right to non-discrimination for exercising privacy rights

12. European Union Users

If you are in the European Union, you have rights under the General Data Protection Regulation (GDPR):

Right of access to your personal data
Right to rectification of inaccurate data
Right to erasure ("right to be forgotten")
Right to restrict processing
Right to data portability
Right to object to processing
Rights related to automated decision-making

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. We encourage you to review this Privacy Policy periodically for any changes.

14. Contact Us

If you have any questions about this Privacy Policy or our privacy practices, please contact us: