Privacy Policy - Aura

Last updated: May 2, 2026

This Privacy Policy describes how Aura collects, uses, stores and protects your personal data when you use our mobile application (the "Application") and our website https://www.auraapp.fr (together, the "Services").

Aura complies with the General Data Protection Regulation (GDPR, Regulation (EU) 2016/679) and the French Data Protection Act (Law No. 78-17 of January 6, 1978, as amended).

1. Identity of the Data Controller

Tobiasz Bajek - Entrepreneur Individuel Trade name: Bajek Dev Paris SIREN: 992 510 057 - SIRET: 992 510 057 00019 EU VAT number: FR 44 992510057 APE code: 6201Z (Computer programming) Address: 178 rue Marcadet, 75018 Paris, France Phone: +33 7 65 29 08 92

Contact for personal data questions: Email: privacy@auraapp.fr

Tobiasz Bajek acts as the contact point for data protection matters. Aura is not legally required to appoint a Data Protection Officer (DPO) within the meaning of Article 37 of the GDPR, as the activity does not meet the criteria requiring such appointment.

2. Data We Collect

We collect only the data strictly necessary for the operation of the Services. No data is sold to third parties.

2.1 Account Data

  • Email address
  • Display name
  • Profile photo (if you sign in with Google or Apple Sign-In)
  • Unique user identifier (Firebase UID)
  • Preferred language

2.2 Wardrobe Photos and Content

  • Photos of clothing items that you take or upload
  • Metadata automatically generated from these photos (colors, categories, text descriptions)
  • AI-generated outfit images based on your wardrobe
  • Style preferences and recommendation history

2.3 Subscription and Payment Data

  • Subscription tier (Free, Plus, Pro)
  • Subscription status (active, canceled, past due, etc.)
  • Stripe customer identifier (stripeCustomerId)
  • Apple transaction identifier (for In-App Purchases)
  • Billing period start and end dates

Important: Aura never directly stores your card numbers or payment credentials. These data are processed exclusively by Stripe and Apple.

2.4 Technical Data

  • Device type and operating system
  • Application version
  • Error logs and diagnostic data (crash logs)
  • IP address (temporarily collected by hosting providers and anti-fraud services)

2.5 Usage and Statistics Data

  • Pages visited on the website
  • Features used in the Application
  • Date and time of main actions (account creation, item scan, outfit generation)

On the website, these data are collected through Google Analytics 4 only with your explicit consent (see Cookie Policy).

3. Data We Do NOT Collect

For clarity, Aura does not collect or process the following categories:

  • Biometric data or facial recognition data
  • Precise body measurements
  • Health data
  • Full card numbers
  • Precise geolocation (unless you explicitly consent for weather)
  • Address book contacts
  • Photos other than those you choose to scan

Aura does not use your clothing photos to train its artificial intelligence models.

4. Legal Bases for Processing

In accordance with Article 6 of the GDPR, we process your data on the following legal bases:

PurposeLegal basis
Creating and managing your accountPerformance of a contract (Art. 6.1.b)
Providing the Services (outfit generation, wardrobe storage)Performance of a contract (Art. 6.1.b)
Managing subscriptions and billingPerformance of a contract (Art. 6.1.b)
Security and fraud preventionLegitimate interest (Art. 6.1.f)
Service improvement and aggregated statisticsLegitimate interest (Art. 6.1.f)
Analytics cookies (Google Analytics)Consent (Art. 6.1.a)
Marketing communications (newsletters)Consent (Art. 6.1.a)
Retaining accounting recordsLegal obligation (Art. 6.1.c)

5. Processors and International Transfers

To provide the Services, we use third-party processors. Each has signed a data processing agreement (DPA) with Aura in accordance with Article 28 of the GDPR.

Transfers outside the European Union: Some data are transferred to the United States. These transfers are governed by the EU-US Data Privacy Framework (European Commission adequacy decision of July 10, 2023) or, failing that, by the Standard Contractual Clauses approved by the European Commission (Decision 2021/914).

You may request a copy of the applicable safeguards by writing to privacy@auraapp.fr.

6. Retention Period

Data categoryRetention period
Account data (email, profile)Lifetime of the account + 30 days after deletion
Wardrobe photosLifetime of the account + 30 days after deletion
AI-generated outfitsLifetime of the account + 30 days after deletion
Technical and diagnostic logs12 months maximum
Payment data and invoices10 years (accounting obligation, Art. L.123-22 French Commercial Code)
Analytics cookies (GA4)13 months maximum
Data after deletion requestErased within 30 days

You may delete your account at any time from the Application (Profile -> Delete my account) or by writing to privacy@auraapp.fr.

7. Your Rights

In accordance with Articles 15 to 22 of the GDPR, you have the following rights over your personal data:

  • Right of access (Art. 15): obtain confirmation that your data are being processed and receive a copy
  • Right to rectification (Art. 16): correct inaccurate or incomplete data
  • Right to erasure / "right to be forgotten" (Art. 17): request deletion of your data
  • Right to restriction of processing (Art. 18): temporarily restrict processing
  • Right to data portability (Art. 20): receive your data in a structured, machine-readable format
  • Right to object (Art. 21): object to processing based on legitimate interest
  • Right to withdraw your consent: at any time, without affecting the lawfulness of prior processing
  • Right to define post-mortem instructions (Art. 85 French Data Protection Act)

How to exercise your rights: Send an email to privacy@auraapp.fr specifying:

  • The right you wish to exercise
  • The email address associated with your Aura account
  • Proof of identity (copy of an identity document) if we have reasonable doubts about your identity

We will respond within a maximum of 30 days from receipt of your request (Art. 12 GDPR), extendable by two months for complex requests.

8. Cookies and Similar Technologies

Our website uses cookies and similar technologies.

  • Strictly necessary cookies (always active): Firebase authentication, language preferences
  • Analytics cookies (subject to your consent): Google Analytics 4
  • Functional cookies (subject to your consent): interface preferences

For more information and to manage your preferences, see our Cookie Policy.

The mobile application does not use cookies in the technical sense, but may use equivalent technical identifiers (Firebase Installation ID, Apple identifiers) for purposes strictly necessary for operation.

9. Minors

The Services are intended for persons aged at least 15, in accordance with Article 8 of the GDPR and Article 7-1 of the French Data Protection Act.

Users aged 15 to 17 must obtain the consent of a person holding parental authority to subscribe to a paid subscription.

Aura does not knowingly collect data concerning children under 15. If you believe that a minor under 15 has sent us their data, contact us immediately at privacy@auraapp.fr so that we can delete it.

10. Data Security

We implement appropriate technical and organizational measures to protect your data:

  • Encryption of data in transit (TLS 1.2 minimum)
  • Encryption of data at rest (Firebase, Stripe, Railway)
  • Strong authentication for administrator access
  • Least privilege principle: only authorized persons access the data
  • Regular backups of critical databases
  • Monitoring for abnormal access and intrusion attempts
  • Regular security updates for dependencies

In the event of a personal data breach likely to result in a risk to your rights and freedoms, we will notify the CNIL within 72 hours (Art. 33 GDPR) and inform you without undue delay if the risk is high (Art. 34 GDPR).

11. Changes to This Policy

We may modify this Privacy Policy to reflect changes to our Services or legal obligations.

In the event of a substantial change, we will inform you:

  • By notification in the Application
  • By email to the address associated with your account
  • By updating the "Last updated" date at the top of the document

Continued use of the Services after notification constitutes acceptance of the new version.

12. Complaints to the CNIL

If you believe that the processing of your personal data does not comply with applicable regulations, you have the right to lodge a complaint with the Commission Nationale de l'Informatique et des Libertes (CNIL):

CNIL 3 Place de Fontenoy TSA 80715 75334 PARIS CEDEX 07 Phone: +33 1 53 73 22 22 Website: https://www.cnil.fr

Before filing any complaint with the CNIL, we invite you to contact us directly at privacy@auraapp.fr so that we can try to resolve your issue amicably.

13. Contact

For any question about this Privacy Policy or your personal data:

Email: privacy@auraapp.fr Postal address: Tobiasz Bajek (Bajek Dev Paris), 178 rue Marcadet, 75018 Paris, France