Privacy Policy

Last updated: May 7, 2026

1. Who We Are (Data Controller)

Aura Tracker is the data controller responsible for your personal data collected through the Aura Tracker mobile application and website.

Contact: contact@auratracker.tech

This Privacy Policy explains how we collect, use, store, and share your personal data in accordance with the General Data Protection Regulation (GDPR – Regulation (EU) 2016/679) and the French Data Protection Act (Loi Informatique et Libertés n°78-17).

2. Data We Collect, Purposes, and Legal Bases

We only collect data that is strictly necessary for the provision of our Service. The table below details what we collect, why, and on what legal basis.

DataPurposeLegal Basis
Username & profile pictureIdentify you within your groupsPerformance of contract (Art. 6(1)(b) GDPR)
Email addressAccount authentication and notificationsPerformance of contract (Art. 6(1)(b) GDPR)
Device identifiers (iOS)Push notifications and fraud preventionLegitimate interests (Art. 6(1)(f) GDPR)
Group membership & leaderboard dataCore gamification featuresPerformance of contract (Art. 6(1)(b) GDPR)
Votes and wishes historyGameplay mechanicsPerformance of contract (Art. 6(1)(b) GDPR)
Chat messagesGroup communicationPerformance of contract (Art. 6(1)(b) GDPR)
App usage analytics (anonymised)Service improvementLegitimate interests (Art. 6(1)(f) GDPR)
Contact form data (name, email, message)Responding to enquiriesLegitimate interests (Art. 6(1)(f) GDPR)

We do not sell your personal data to third parties. We do not use your data for automated decision-making or profiling that produces legal or similarly significant effects.

3. Data Retention

We retain your personal data only as long as necessary for the purposes for which it was collected:

  • Account data: retained for the duration of your account, then deleted within 30 days of account deletion
  • Chat messages and gameplay history: retained for the duration of your account; you may request earlier deletion
  • Analytics data (anonymised): retained for up to 24 months
  • Contact form data: retained for up to 12 months after the matter is resolved
  • Legal and compliance records: retained for the legally required period (up to 10 years under French commercial law)

4. Who We Share Your Data With

We may share your data with:

  • Cloud infrastructure providers (e.g. hosting, database) acting as processors under a GDPR-compliant Data Processing Agreement
  • Analytics providers using anonymised or pseudonymised data only
  • Competent public authorities, when required by law or a court order

Any sub-processor is required to implement appropriate technical and organisational measures to ensure data security equivalent to our own standards.

5. International Data Transfers

Where your personal data is transferred outside the European Economic Area (EEA), we ensure an adequate level of protection through one of the following mechanisms:

  • An adequacy decision by the European Commission
  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Other appropriate safeguards as permitted under Chapter V of the GDPR

6. Your Rights Under GDPR

As a data subject, you have the following rights, which you may exercise at any time by contacting contact@auratracker.tech:

  • Right of access (Art. 15): obtain a copy of your personal data and information about how it is processed
  • Right to rectification (Art. 16): correct inaccurate or incomplete data
  • Right to erasure (Art. 17): request deletion of your data ("right to be forgotten"), subject to legal retention obligations
  • Right to restriction (Art. 18): request that we limit the processing of your data in certain circumstances
  • Right to portability (Art. 20): receive your data in a structured, commonly used, machine-readable format
  • Right to object (Art. 21): object to processing based on legitimate interests
  • Right to withdraw consent: where processing is based on consent, withdraw it at any time without affecting the lawfulness of prior processing

We will respond to your request within 30 days. If we are unable to fulfil your request, we will explain why.

You also have the right to lodge a complaint with the French data protection authority:

CNIL – Commission Nationale de l'Informatique et des Libertés
3 Place de Fontenoy, 75007 Paris, France
www.cnil.fr

7. Children's Privacy

The Service is not directed to children under the age of 13. We do not knowingly collect personal data from children under 13. Users aged 13–15 may only use the Service with verifiable parental consent in accordance with Article 8 GDPR.

If we become aware that we have inadvertently collected data from a child under 13 without parental consent, we will delete that data promptly. Parents or guardians may contact us at contact@auratracker.tech to report such cases.

8. Data Security

We implement appropriate technical and organisational security measures to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access. These measures include:

  • Encryption of data in transit (TLS) and at rest
  • Access controls limiting data access to authorised personnel only
  • Regular security assessments and monitoring
  • Incident response procedures compliant with GDPR Article 33 (72-hour breach notification to the CNIL)

9. Cookies and Similar Technologies

Our website uses cookies and similar technologies. We use:

  • Strictly necessary cookies: required for the site to function (e.g. language preference). No consent required.
  • Analytics cookies: used to understand how visitors interact with the site. Only deployed with your consent.

You may manage your cookie preferences at any time via your browser settings or our cookie consent banner. Withdrawing consent does not affect the lawfulness of prior processing.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you via a prominent in-app notice or by email at least 30 days before the changes take effect. The "Last updated" date at the top of this page will always reflect the most recent revision.

11. Contact Us

For any questions, requests, or complaints about this Privacy Policy or our data practices, please contact:

Aura Tracker
Email: contact@auratracker.tech