Privacy Policy for Aura Flow

Last Updated: April 5, 2026

Introduction

Aura Flow ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your personal information when you use our fitness application.

Information We Collect

Information You Provide

• Account Information: Email address, name, password (encrypted)
• Profile Data: Age, weight, height, target weight, fitness goals
• Health Data: Step count, workout history, exercise logs, meal preferences
• Preferences: Dietary restrictions, religion, budget preferences, fitness goals

Automatically Collected Information

• Device Information: Device ID (for single-device login enforcement)
• Usage Data: App interaction logs, feature usage statistics
• Location Data: Only for fitness tracking features (if you grant permission)

Legal Basis for Processing (GDPR)

Under the EU General Data Protection Regulation, we process your data based on the following legal grounds:

• Contract (Article 6(1)(b)): Processing necessary to provide you with the fitness tracking, workout planning, and meal recommendation services you signed up for.
• Consent (Article 6(1)(a)): For health-related data processing (step counts, heart rate, workout metrics), we rely on your explicit consent obtained at first launch. You may withdraw consent at any time from Settings.
• Legitimate Interest (Article 6(1)(f)): For security measures (single-device login enforcement, fraud prevention) and basic app analytics to improve service quality.

How We Use Your Information

• Personalization: Provide customized meal plans and workout recommendations
• Account Management: Authenticate users and manage accounts
• Security: Enforce single-device login policy to protect your account
• Improvement: Analyze app usage to improve features and user experience
• Communication: Send important updates about the app (if applicable)

Data Storage and Security

• Firebase Platform: All data is stored securely on Google Firebase servers
• Encryption: Passwords are encrypted; data transmission uses HTTPS
• Access Control: Users can only access their own data (enforced by Firestore security rules)
• Device Session: Only one device can be logged in at a time for security
• Local Storage: Some data is cached locally on your device for offline access

Data Sharing

We DO NOT:

• Sell your personal information to third parties
• Share your data with advertisers
• Use your health data for marketing purposes

We MAY share data with:

• Google Firebase: Our secure cloud hosting provider (required for app functionality)
• Google AdMob: For serving ads within the app
• Legal Requirements: If required by law or to protect our rights

Your Rights

Under the GDPR and other applicable data protection laws, you have the right to:

• Access (Article 15): View all your personal data within the app
• Rectification (Article 16): Modify your profile and preferences at any time
• Erasure (Article 17): Request complete account deletion from the app settings. All data is permanently deleted within 30 days.
• Data Portability (Article 20): Export all your personal data (profile, workouts, health data, meals) in a machine-readable JSON format from the app settings.
• Withdraw Consent (Article 7(3)): Withdraw your consent for health data processing at any time from Settings.
• Restriction (Article 18): Request restriction of processing under certain conditions.
• Object (Article 21): Object to processing based on legitimate interest.

To exercise any of these rights, use the in-app settings or contact us at contact@dephins.com. We will respond within 30 days.

Data Retention

• Active Accounts: Data is retained as long as your account is active
• Deleted Accounts: All personal data is permanently deleted within 30 days of account deletion
• Workout History: Deleted when you delete your account

Children's Privacy

Aura Flow is not intended for users under 13 years of age. We do not knowingly collect personal information from children under 13.

Third-Party Services

We use the following third-party services:

• Google Firebase: Authentication and database (Privacy Policy)
• Google AdMob: Advertising (Privacy Policy)
• Capacitor: Mobile app framework (open source, no data collection)

Permissions We Request

• Internet Access: Required to sync data with Firebase
• Activity Recognition: For step tracking and fitness monitoring
• Location (Optional): For location-based fitness features
• Network State: To check connectivity before syncing

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by updating the "Last Updated" date above. Continued use of the app after changes constitutes acceptance.

EU Digital Services Act (DSA) Compliance

In compliance with the EU Digital Services Act (Regulation (EU) 2022/2065):

• Data Controller: Dephins
• Point of Contact: contact@dephins.com
• Content Reporting: If you encounter illegal or harmful content within the app, please report it to contact@dephins.com. We will review and respond within 14 days.

Data Controller

• Company: Dephins
• Email: contact@dephins.com

Contact Us

If you have questions about this Privacy Policy, your data, or wish to exercise your data protection rights:

• Email: contact@dephins.com
• App Support: Available in the app settings
• Response Time: We will respond to all data protection requests within 30 days.

Your Consent

By using Aura Flow, you consent to this Privacy Policy and our data practices as described herein. For health data processing specifically, we obtain your explicit consent during the initial app setup.