Privacy Policy
Last updated: May 7, 2026
1. Who We Are (Data Controller)
Aura Tracker is the data controller responsible for your personal data collected through the Aura Tracker mobile application and website.
Contact: contact@auratracker.tech
This Privacy Policy explains how we collect, use, store, and share your personal data in accordance with the General Data Protection Regulation (GDPR – Regulation (EU) 2016/679) and the French Data Protection Act (Loi Informatique et Libertés n°78-17).
2. Data We Collect, Purposes, and Legal Bases
We only collect data that is strictly necessary for the provision of our Service. The table below details what we collect, why, and on what legal basis.
| Data | Purpose | Legal Basis |
|---|---|---|
| Username & profile picture | Identify you within your groups | Performance of contract (Art. 6(1)(b) GDPR) |
| Email address | Account authentication and notifications | Performance of contract (Art. 6(1)(b) GDPR) |
| Device identifiers (iOS) | Push notifications and fraud prevention | Legitimate interests (Art. 6(1)(f) GDPR) |
| Group membership & leaderboard data | Core gamification features | Performance of contract (Art. 6(1)(b) GDPR) |
| Votes and wishes history | Gameplay mechanics | Performance of contract (Art. 6(1)(b) GDPR) |
| Chat messages | Group communication | Performance of contract (Art. 6(1)(b) GDPR) |
| App usage analytics (anonymised) | Service improvement | Legitimate interests (Art. 6(1)(f) GDPR) |
| Contact form data (name, email, message) | Responding to enquiries | Legitimate interests (Art. 6(1)(f) GDPR) |
We do not sell your personal data to third parties. We do not use your data for automated decision-making or profiling that produces legal or similarly significant effects.
3. Data Retention
We retain your personal data only as long as necessary for the purposes for which it was collected:
- Account data: retained for the duration of your account, then deleted within 30 days of account deletion
- Chat messages and gameplay history: retained for the duration of your account; you may request earlier deletion
- Analytics data (anonymised): retained for up to 24 months
- Contact form data: retained for up to 12 months after the matter is resolved
- Legal and compliance records: retained for the legally required period (up to 10 years under French commercial law)
4. Who We Share Your Data With
We may share your data with:
- Cloud infrastructure providers (e.g. hosting, database) acting as processors under a GDPR-compliant Data Processing Agreement
- Analytics providers using anonymised or pseudonymised data only
- Competent public authorities, when required by law or a court order
Any sub-processor is required to implement appropriate technical and organisational measures to ensure data security equivalent to our own standards.
5. International Data Transfers
Where your personal data is transferred outside the European Economic Area (EEA), we ensure an adequate level of protection through one of the following mechanisms:
- An adequacy decision by the European Commission
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Other appropriate safeguards as permitted under Chapter V of the GDPR
6. Your Rights Under GDPR
As a data subject, you have the following rights, which you may exercise at any time by contacting contact@auratracker.tech:
- Right of access (Art. 15): obtain a copy of your personal data and information about how it is processed
- Right to rectification (Art. 16): correct inaccurate or incomplete data
- Right to erasure (Art. 17): request deletion of your data ("right to be forgotten"), subject to legal retention obligations
- Right to restriction (Art. 18): request that we limit the processing of your data in certain circumstances
- Right to portability (Art. 20): receive your data in a structured, commonly used, machine-readable format
- Right to object (Art. 21): object to processing based on legitimate interests
- Right to withdraw consent: where processing is based on consent, withdraw it at any time without affecting the lawfulness of prior processing
We will respond to your request within 30 days. If we are unable to fulfil your request, we will explain why.
You also have the right to lodge a complaint with the French data protection authority:
CNIL – Commission Nationale de l'Informatique et des Libertés
3 Place de Fontenoy, 75007 Paris, France
www.cnil.fr
7. Children's Privacy
The Service is not directed to children under the age of 13. We do not knowingly collect personal data from children under 13. Users aged 13–15 may only use the Service with verifiable parental consent in accordance with Article 8 GDPR.
If we become aware that we have inadvertently collected data from a child under 13 without parental consent, we will delete that data promptly. Parents or guardians may contact us at contact@auratracker.tech to report such cases.
8. Data Security
We implement appropriate technical and organisational security measures to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access. These measures include:
- Encryption of data in transit (TLS) and at rest
- Access controls limiting data access to authorised personnel only
- Regular security assessments and monitoring
- Incident response procedures compliant with GDPR Article 33 (72-hour breach notification to the CNIL)
9. Cookies and Similar Technologies
Our website uses cookies and similar technologies. We use:
- Strictly necessary cookies: required for the site to function (e.g. language preference). No consent required.
- Analytics cookies: used to understand how visitors interact with the site. Only deployed with your consent.
You may manage your cookie preferences at any time via your browser settings or our cookie consent banner. Withdrawing consent does not affect the lawfulness of prior processing.
10. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. When we make material changes, we will notify you via a prominent in-app notice or by email at least 30 days before the changes take effect. The "Last updated" date at the top of this page will always reflect the most recent revision.
11. Contact Us
For any questions, requests, or complaints about this Privacy Policy or our data practices, please contact:
Aura Tracker
Email: contact@auratracker.tech