Aura — Privacy Policy
Last updated · 3 May 2026 · Version 1.0
Plain-English summary
Aura is a quiet, on-device companion for your daily rituals. The things you put into the app — your mood check-ins, photos, journal entries, intentions, ritual completions, and streak history — live on your phone. We do not have a server that stores them. We do not have a user-account system, and we cannot read what you write or see what you photograph.
The one thing we do collect is anonymous product analytics (which screens were opened, whether a subscription was purchased, whether the app crashed) and subscription receipts processed through Apple. Nothing identifies you personally; nothing tells us about your moods, your photos, or what you reflected on.
When you choose to share a Daily Aura Card or Weekly Recap to Instagram, TikTok, Pinterest, or anywhere else, the image leaves your device through the system share sheet — that's your decision, and the receiving app's privacy policy takes over from there.
If you disagree with any part of this policy, please don't use Aura — uninstalling removes every trace of your use immediately.
1. Who we are
Aura ("the app", "we", "us", "our") is developed and operated by E2 Partners LLC ("E2 Partners", "the Developer"), the data controller for the limited personal information described below. You can contact us at hello@e2partners.co.
For users in the European Union, United Kingdom, Switzerland, or other regions with data-protection laws, we are the controller of the limited data described in Section 3. A data-protection representative, where legally required, is available on request at the address above.
2. Scope of this policy
This policy applies to the Aura iOS application distributed via Apple's App Store and to the related pages at e2partners.co. It does not apply to third-party apps or platforms you may share Aura content to (for example, Instagram, TikTok, Pinterest, Messages, or your camera roll); their terms and policies govern those interactions.
3. Data we collect
The following is an exhaustive list. If a type of data is not listed here, we do not collect it.
3.1 Product analytics (via Firebase Analytics)
- Screen views (which onboarding step you reached, which aesthetic preset you selected, whether you opened the Daily Card screen).
- Aggregate event counts (a check-in happened, a card was generated, a recap was opened, a share sheet was invoked) — without the contents of any check-in, card, or recap.
- Paywall events (shown, plan selected, trial started, dismissed).
- Notification engagement (a soft-chime notification was tapped or dismissed) — we do not log the time of day you check in beyond what is needed to know "morning vs. evening".
- Device-level identifiers that Apple provides to apps (Identifier for Vendor), device model, OS version, language, country derived from App Store.
Analytics events never include the contents of your photos, journal entries, mood selections, intentions, ritual notes, share cards, or recaps. They never include your name, email address, phone number, or any persistent identifier we create.
3.2 Crash and performance diagnostics (via Firebase Crashlytics)
- Stack traces and crash context when the app terminates unexpectedly.
- App launch time and other performance metrics Apple exposes through standard system APIs.
- A static custom value identifying the app (
product = aura_ios).
Crash reports do not include the contents of any photo, journal entry, mood, intention, ritual, card, or recap.
3.3 Subscription billing (via Apple App Store and RevenueCat)
- A random, RevenueCat-generated identifier bound to your installation.
- Subscription state (active / inactive / in trial / expired), product identifier, renewal events.
- Country of the App Store account used to purchase.
We never see your payment method, credit card number, or Apple ID. All billing is handled directly by Apple.
3.4 Support correspondence
If you email hello@e2partners.co, we receive your email address and whatever you choose to include. We keep support emails for up to 24 months and then delete them.
4. Data we explicitly do NOT collect
The following stay on your device. Our servers never see them, our analytics never log them, our crash reports never include them:
- Every photo you capture inside Aura's photo journal, and every photo you import from your camera roll for use in a Daily Card or Weekly Recap.
- Every word you write — journal entries, intentions, ritual notes, captions.
- Every mood you select from the six-word vocabulary, and the time at which you selected it.
- Every ritual you complete, skip, or schedule.
- Your streak history, your weekly recap data, and the contents of any Daily Aura Card you generate or share.
- Which aesthetic preset you currently use (Clean Girl, Soft Girl, Coquette, Pilates Princess, Coastal Grandmother, Old Money, Hot Girl Walk, Cottagecore) is stored locally and is reflected only as an aggregate, anonymous popularity metric in our analytics.
- Your name, email address (unless you email us), phone number, physical address, date of birth, gender, or any government identifier.
- Your precise or approximate location.
- Your contacts, calendars, reminders, health data, or other system data.
- Your browsing history or activity in other apps.
5. Permissions Aura asks for, and why
Aura works best when you grant a few system permissions. You can change any of these at any time in iOS Settings → Aura.
| Permission | What it lets Aura do | What happens if you decline |
|---|---|---|
| Camera | Capture photos directly inside the photo journal so you can save the matcha, the light, the journal page in one tap. | You can still pick photos from your camera roll instead. |
| Photo Library (add only, by default) | Save Daily Aura Cards and Weekly Recap carousels to your camera roll when you tap "Save". | You can still share cards directly through the system share sheet without saving. |
| Photo Library (read access, optional) | Pick existing photos from your camera roll to attach to a daily entry, card, or recap. | The photo journal becomes camera-only; existing photos cannot be imported. |
| Notifications | Send the soft, opt-in chimes and invitations ("your morning is waiting") that we describe in the app. | You will not receive any notification from Aura, ever. |
Aura does not request location, microphone, contacts, calendars, reminders, motion, HealthKit, Bluetooth, or App Tracking Transparency.
6. Why we collect what we collect
| Purpose | Legal basis (GDPR) | Retention |
|---|---|---|
| Understand how Aura is used so we can improve it (analytics). | Legitimate interest; consent where required by local law. | Up to 14 months then aggregated or deleted. |
| Fix crashes and performance issues. | Legitimate interest. | Up to 90 days. |
| Manage your subscription, prevent abuse of the free trial. | Contract performance. | As long as your subscription is active, plus up to 24 months for accounting. |
| Respond to your support questions. | Legitimate interest; consent for marketing follow-ups (we do not send marketing follow-ups). | Up to 24 months. |
7. Sharing — when content leaves your device
Aura's Daily Aura Card and Weekly Recap are designed to be shared, gently, on your terms. When you tap "Share" on a card or recap, iOS opens the standard share sheet and the image (and any caption text you compose) is handed off to whatever app you choose — Instagram Stories, TikTok, Pinterest, Messages, Mail, AirDrop, or your camera roll.
At that moment, two things happen:
- The image you chose to share leaves your device through the operating system. We do not see it, route it, or copy it. The receiving app — and any platform it posts to — is then governed by its own privacy policy and terms.
- An anonymous analytics event ("share sheet invoked") may be logged so we know the feature is being used. The event does not include the contents of the card, the destination app, or any caption you typed.
If you keep a card or recap to yourself — never tap "Share", never tap "Save" — it stays inside the app and is removed when you uninstall.
8. Third-party processors
We rely on a small number of service providers who process data on our behalf. Each has their own privacy commitments and is contractually bound not to use your data for any purpose outside the service they provide.
| Provider | Role | Data they see |
|---|---|---|
| Apple Inc. | App Store distribution and subscription billing. | Your Apple ID, payment method, country, purchase receipts. Apple's privacy policy applies. |
| Google LLC (Firebase) | Analytics, Crashlytics, Remote Config. | Anonymous analytics events, crash traces, device-level identifiers. Firebase ships its own privacy manifest. |
| RevenueCat Inc. | Subscription plumbing on top of the App Store. | Anonymous install ID, subscription state. |
| Apple iCloud (only if you enable iCloud Backup on your device) | Optional system-level backup of your Aura content as part of your standard iOS backup. | An encrypted backup of Aura's local container. We have no access to this backup; only you, through your Apple ID, do. |
We do not use advertising networks, data brokers, fingerprinting SDKs, or cross-app tracking providers.
9. Tracking and advertising
Aura does not track you across other companies' apps or websites. We do not serve advertising inside the app. We have never and will never sell your data. We do not request App Tracking Transparency permission because we have no tracking to do.
10. International transfers
Analytics and crash data are processed by Google LLC in the United States and other regions where Google operates data centres. RevenueCat processes subscription data in the United States. Apple processes billing data in the region associated with your Apple ID. Where these transfers involve personal data of EU, UK, or Swiss residents, we rely on Standard Contractual Clauses and adequacy decisions where applicable.
11. Your rights
Depending on where you live, you may have the following rights over the limited data we hold about you:
- Access — ask what, if anything, we hold about you.
- Correction — ask us to fix inaccurate data.
- Deletion — ask us to delete data (we will honour this for support email threads immediately; analytics/crash data is already pseudonymised and auto-expires).
- Portability — request a machine-readable copy of your data.
- Objection — object to processing based on legitimate interests.
- Withdraw consent — where processing is based on consent.
- Lodge a complaint — with your local supervisory authority. For EU residents, you can find yours at edpb.europa.eu.
To exercise any of these, email hello@e2partners.co from the address you contacted us with (we have no other way to identify you — there are no accounts).
You can also control several things directly in the app:
- Toggle analytics and crash reporting off in Settings → Privacy.
- Turn notifications off completely, or pick which rituals send chimes, in Settings → Notifications.
- Delete individual journal entries, photos, mood check-ins, daily cards, or weekly recaps directly from their respective screens.
- Reset all Aura data — your streak, your archive, your preset, your rituals — in Settings → Reset Aura.
- Uninstall the app to remove every local record immediately.
We do not charge a fee for responding to these requests and will reply within 30 days (or 45 days for complex requests, with notice).
12. California residents (CCPA / CPRA)
If you are a California resident, the sections above describe the categories of personal information we collect, the sources, and the purposes. We have not sold or shared personal information for cross-context behavioural advertising in the preceding 12 months and have no intention of doing so. You have the right to know, delete, correct, and limit the use of sensitive personal information; contact us to exercise these rights.
13. Children
Aura is intended for users aged 13 and older. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal information, contact us and we will delete it. If you are a parent or guardian and want to know how Aura handles your family's data, we're happy to walk you through it.
14. Wellbeing note
Aura is a lifestyle companion designed to make daily rituals feel beautiful. It is not a medical device, a clinical mood-tracking tool, a mental-health diagnostic, or a substitute for therapy. The six-word mood vocabulary, soft streaks, and gentle reminders are intentionally low-stakes. If you are experiencing distress, please reach out to a qualified professional or, in an emergency, your local emergency services.
15. Security
Because almost no personal data ever leaves your device, there is very little for us to secure centrally. For the data described in Section 3, we rely on the security controls provided by Apple, Google, and RevenueCat, each of which maintains industry-standard protections (TLS in transit, AES-256 at rest, access controls). Locally on your device, your photos, journal entries, moods, and rituals live inside Aura's application container and, where applicable, the iOS Secure Enclave; enabling the Face ID lock in Settings → Privacy → Lock Aura adds a biometric gate on top.
No system is perfectly secure. If you discover a vulnerability, please email hello@e2partners.co with the subject line "Security" and we will respond promptly.
16. Changes to this policy
If we materially change how Aura handles data, we will:
- Update the "Last updated" date and version number at the top.
- Surface the change inside the app the next time you open it, before it takes effect.
- For changes affecting EU or UK residents, obtain consent where legally required.
Non-material edits (typos, clarifications) may be made without notice.
17. Contact
Questions, requests, or concerns: hello@e2partners.co.
We read every message and reply to every one.
© 2026 E2 Partners LLC