Privacy Policy
In short: at aura does not collect, store or transmit any personal data to us or to third parties. There is no server, no account, no tracking and no analytics services. All data stays on your device. This website, too, sets no cookies and embeds no third-party services.
Note: This is a courtesy English translation. The legally binding version is the German Datenschutzerklärung; in case of any discrepancy, the German text prevails.
1. Controller
Julius Breit
Gronauer Str. 25
60385 Frankfurt am Main, Germany
Email: me@juliusbreit.com
2. The app's core principle: no data collection
at aura is deliberately built without server infrastructure. The app connects people in immediate proximity directly from device to device over Bluetooth Low Energy. There is no technical means by which we as the provider could view, store or evaluate profiles, messages, photos, locations or usage behaviour — the data simply never reaches us.
3. What data the app processes locally on your device
You enter the following data into the app yourself; it is stored exclusively locally on your iPhone (in the app's protected storage area):
- your first name (freely chosen, transmitted only on a “wave” to the person you wave at),
- interests from the app catalogue,
- optionally a profile picture (transmitted only to your matches),
- optionally links to your social media profiles (transmitted only if you actively share them),
- chat messages and photos from your conversations,
- a list of people you have blocked together with their archived chat histories: blocking does not delete the history but keeps it locally as possible evidence for a report — until you delete it in the blocked area or lift the block.
You can delete all of this data at any time within the app (Profile → “Delete all data” also removes the archived histories of blocked people) or remove it entirely by deleting the app.
4. What is transmitted over Bluetooth — and how it is protected
- Radar visibility: Your device broadcasts a random identifier that changes every 10 minutes, along with cryptographically hashed interest values. Neither your name nor your interests can be read from this in plain text. Persistent recognition or tracking of your device via this identifier is not possible.
- Waving: Only when you actively wave is your first name (and, if you have enabled it, your links) transmitted directly to the device of the person you wave at.
- Chats, photos, profile pictures: Transmitted exclusively end-to-end encrypted (AES-GCM with keys negotiated via Diffie-Hellman) directly between the two devices. No third party — not even us — can read along.
- No GPS: The app uses no location services. The distance indicator (“very close” to “far”) is based solely on Bluetooth signal strength; during a mutually confirmed “find” session additionally on ultra-wideband ranging (UWB) directly between the devices.
5. Permissions
- Bluetooth: Core function — without Bluetooth the app cannot discover people nearby.
- Camera: Only for scanning at aura QR codes and — after mutual consent — for the direction indicator when finding. No recordings are stored or transmitted.
- Photo selection: Via the system photo picker; the app receives only the images you specifically choose.
- Notifications: Local notifications for matches and messages. No push servers are used.
- Ultra-wideband (UWB): Only during a mutually confirmed “find” session.
6. No sharing, no third-party services, no tracking
The app embeds no analytics, advertising or crash-reporting services and contains no trackers. No data is shared with third parties. Apple's app privacy label for at aura is accordingly: “Data Not Collected.”
7. TestFlight (beta versions)
If you test a pre-release version via Apple's TestFlight, Apple as an independent controller processes certain data (e.g. the invitation email address, device information, crash reports and your feedback) and provides us with crash reports and feedback without a direct personal reference or in pseudonymised form. Details: Apple Privacy Policy and the notes in the TestFlight app.
8. This website
This website is a purely static site. It sets no cookies, uses no analytics or tracking services and embeds no content from third-party servers (fonts, images and videos are also served from this server itself). No input data is collected — the site has no forms.
When the website is accessed, our hosting provider (united-domains GmbH, Gautinger Straße 10, 82319 Starnberg, Germany) processes so-called server log files for technical reasons (e.g. IP address, date and time of the request, the file requested, browser identifier). This processing is necessary for the technical operation and security of the website (Art. 6(1)(f) GDPR). The log files are automatically deleted by the hosting provider after 14 days — including backups of this data. We do not establish any personal reference.
This website's share button uses only your own device's share function or opens your own messenger or email app. In doing so, this website itself transmits no data to third parties.
9. Legal basis and your rights (GDPR)
For the app: all data resides exclusively on your device — we have no access to it. Insofar as the app processes data locally, this is done to fulfil the function you requested (Art. 6(1)(b) GDPR).
Insofar as we ourselves process personal data — the server log files when this website is accessed (Section 8) and your email correspondence with us (support requests and reports; legal basis in each case Art. 6(1)(f) GDPR) — you have the rights under Art. 15–21 GDPR: access, rectification, erasure, restriction of processing, data portability and objection. We delete emails once processing is complete. The report email is pre-filled by the app with the displayed name, dates, the app version and a report code — a checksum of your match connection with no device or personal reference, and never with chat contents. To match up counter-reports and repeat reports we keep an internal record containing only this code, the date of receipt and the outcome of processing (Art. 6(1)(f) GDPR, abuse prevention); we delete these entries no later than 12 months after receipt. You also have the right to lodge a complaint with a data protection supervisory authority.
10. Children and young people
The app is not directed at children. The App Store age rating applies.
11. Changes
If the app's functionality or this website changes, we will adapt this policy. The current version is always available at this address.