Privacy Policy | Aura Frames

Welcome and thank you for visiting our website. Aura Home, Inc. and its affiliates and subsidiaries (collectively ”Aura,” ”we,” ”us” or ”our”) understand the importance of privacy and information security. This privacy notice (the ”Privacy Notice”) describes how Aura collects, uses, and shares your personal data (i.e., information that personally identifies you, as an individual such as your name, phone number, or email address, as well as data that does not directly identify you, but that can reasonably be used to identify you such as the serial number of your Aura frame or other data that can be reasonably used to infer this information).

This Privacy Notice applies to your use of Aura websites, Aura mobile applications, Aura frames and other products, and all other digital and online services provided by Aura (collectively, the ”Services”) and describes Aura’s privacy practices and procedures relating to the Services. This Privacy Notice does not apply to information collected by Aura offline, or to third-party websites, applications, or services.

FOR INFORMATION ABOUT OUR BIOMETRIC INFORMATION COLLECTION AND USAGE PRACTICES, PLEASE VISIT OUR BIOMETRIC PRIVACY POLICY.

What We Do With Your Data

Collect and process the personal information you provide to deliver and improve our Services
Communicate with you
Comply with legal requirements

What We Don’t Do With Your Data

Sell your personal information, including photos, for monetary value
Use photo content for targeted advertising

For a user-friendly list of the most common privacy-related questions, please visit this FAQ: Aura’s Privacy & Data Collection Practices.

If you want to know more, please read our full Privacy Policy below.

1. Contact Information

Aura Home Inc., 148 Lafayette Street, Floor 5 New York, NY 10013

If you have any comments or questions about how we collect and use your personal data, communication can be directed to our postal address, or via email to privacy@auraframes.com.

If you are located in the European Union or the EFTA States, you can confidentially contact Aura’s Data Protection Officer at privacy@auraframes.com or via https://auraframes.com/help-request.

2. Applicability Eligibility

We need to process your personal data to operate our organization and provide you with certain Services. Before accessing, using, or interacting with the Services you should carefully review the terms and conditions of this Privacy Notice. Your use of the Services is further governed by our Terms of Service located at https://auraframes.com/terms, which is also incorporated into your agreement with Aura by this reference. Aura uses age information and age categories provided by app stores to help enforce parental‑consent requirements for minors (individuals under the age of 18), to determine eligibility to use the Services, and to restrict access for accounts not categorized as adults. When Aura receives information from an app store indicating that an account belongs to a child or teen, Aura treats that information as knowledge of the user’s age and applies the protections and controls described in this Privacy Notice.

By accepting our Privacy Notice and Terms of Service, you are confirming that you have read and understood these policies, including how and why we use your information. If you don’t want us to collect or process your personal data in the ways described in this Privacy Notice, you should not use the Services.

The Services are not directed to children under the age of 16. You may not use the Services if you are under the age of 16. If you are under the age of 16, you should not provide any information on our Services.

Aura does not knowingly collect personal information from children under 13 years of age. If Aura learns that a user is under 13, Aura will take reasonable steps to disable that user’s access to the Services and delete the child’s personal information from Aura’s records, except where we are required to retain certain information under applicable law (for example, to comply with legal obligations or resolve disputes). Parents or legal guardians who believe their child has provided Aura with personal information may contact us using the information in the Contact Information section to request review and deletion.

Where state law or app store rules require parental consent for minors to download or purchase mobile applications, that consent is obtained and managed by the app store. Aura relies on the age category and consent status communicated by the app store to verify eligibility and configure in-app access, including restricting minors’ ability to access paid features or content that is not appropriate for their age category. If our mobile app undergoes any material change that could affect its age rating or the way Aura collects, uses, or shares personal data, including any introduction of new monetized features, Aura will notify the app store as required. The app store may then update its disclosures or ratings, and renewed parental consent may be required before a minor can continue using certain features.

In addition to relying on parental consent information provided by app stores, Aura will honor and implement any additional rights and protections for children and teens that apply to the account based on that age and consent information, including obligations under the U.S. Children’s Online Privacy Protection Act (COPPA) and applicable youth privacy laws.

3. Personal Data Collection

Aura collects information about you and your use of the Services through various means, including when you provide information to us and when we automatically collect information about you when you access, use, or interact with the Services. Such processing is performed to provide you with the Services. In some instances, you may be able to choose what information to provide, but sometimes we require certain information for you to use and for us to provide you the Services.

The data we process is determined by the context in question: For example, it may vary depending on whether you have downloaded and are using our mobile application, been invited to download and use the Aura mobile applications, integrated your Alexa^® or Google^® accounts or devices with the Services, submitted an inquiry to our customer service team, or sent us a job application.

We obtain the categories of personal data listed below:

directly from you; for example, from forms you complete on our website
indirectly from you; for example, from observing your actions on our website or in our mobile applications

3.1 Categories of Personal Data We Collect

When you download and use our mobile application or use the website app.auraframes.com, we collect and process the following data to improve the Services that we offer to you:

Photographs and videos uploaded by you to the Services (including via linking third-party photo hosting services) and their metadata (dates, locations and other commonly available information)
Metadata that is stored in your connected photo libraries, which includes dates, locations other commonly available photo and video metadata (you may opt-out from this Service, called Smart Suggestions, at any time; click here for detailed instructions)
We also collect and process facial geometry information to offer advanced photo recommendations (you may opt-out from this Service, called Smart Suggestions, at any time; click here for detailed instructions)
Your name, email, address, phone number, and your Google^® account information if you signed into Google Photos within the Aura mobile application (we do not have access to your Google password)
Any contact information you provide to Aura to invite other users to contribute to your frame
Information about your Alexa^® or Google Home device integrated with your Aura frame
The make and model of your mobile phone and/or tablet
The Wi-Fi network name (SSID) used in connection with the mobile application
Analytics and logging data regarding when the mobile application and/or the Aura frame has
We may receive age-related information or an “age category” from app stores. We use this information only to verify eligibility, configure age-appropriate features and safety settings, and comply with child-safety and consumer-protection laws, and do not use it for advertising or profiling. We retain app-store-provided age/verification data only as long as reasonably necessary to enforce age-based eligibility and safety settings and to comply with applicable laws. Aura subsequently deletes the age/verification data when it is no longer needed for those limited purposes, including to meet any state-specific requirement to delete the app-store provided data after the verification process is complete. Where applicable law requires verifiable parental consent before collecting or using a child’s personal data, Aura will either rely on verifiable parental consent obtained by the app store in accordance with such laws or will obtain verifiable parental consent itself. Aura will honor any change in a child’s or parent’s consent status communicated by the app store or directly to Aura, including by disabling age‑restricted features and, where required, deleting the child’s personal data.

When you visit our website or use any of our online services, we collect and process the following data:

Name of the Internet service provider
Information on the website you have visited us from
Web browser and operating system used
The IP address assigned by your Internet service provider
Requested files, amount of data transferred, downloads/file export
Information on the pages of our website(s) that you visit, including date and time
Analytics and logging data such as IP addresses and email addresses if you sign up for marketing emails from Aura

When you use an Aura frame, we may collect and process the following data from sensors built into the frame so we can offer certain product features. What we collect depends on the type of Aura frame you are using:

The lux value of ambient light in the room where the Aura frame is located (applies to all Aura models) so that our frames can auto-adjust their brightness levels
Information about movements that occur directly in front of the frame so that users can ‘swipe’ to the next photo or video (applies to Classic, Wood, and Modern models)
Direct touch and close proximity events to support the Aura frame’s touch bar feature via capacitive touch technology (applies to Carver, Gallerie, Mason, Sawyer, and Smith models)
Motion events to detect frame rotation (e.g. from landscape to portrait orientation) and to automatically adjust all photos/videos to the correct orientation occurring near the frame (applies to certain Mason, Sawyer, and Smith models)

If you have been invited to download and use an Aura mobile application, regardless of whether you accept the invitation, we collect and process the following data:

Last name, first name, salutation
Contact data (email address and telephone number)

When you send an inquiry, we collect and process the following data:

Last name, first name, salutation
Contact data (email address and telephone number)
Details on your preferences and interests related to the Aura Services

We also keep track of how you use and interact with certain Services through the use of cookies and other tracking technologies as listed below.

The exact data we collect will depend on how you interact with us. Below we have listed the personal data that we may collect:

Photographs and Related Information:

File Upload: Aura Users may upload their photographs or videos to Aura frames, the Aura mobile application, and other Aura Services by using the Aura mobile application. You remain in control of which photographs or videos the Aura mobile application may access, using the privacy features offered by your mobile phone operating system. Aura will only upload and store those photographs and videos that you choose to share through the app. Your selected photographs and videos will be stored on our secure servers so that they may be accessed by your frame(s) over the internet.

Metadata: Aura may access and upload metadata about your photo library to the Aura Services using a feature called Smart Suggestions, which you can easily disable as explained in this FAQ. Metadata includes commonly available photo and video information including location and dates. After completing this opt-out process, Aura will only upload to its servers data from those photos / videos that you specifically selected to be displayed on your frame.

Google Photos: Aura also allows users to connect their Google Photos account to upload photographs from Google Photos to the Services. Aura does not own your photos. Aura will never use your photos for any purpose other than providing you with the Services. Aura will never sell or publish any of your photos without your explicit permission and consent.

Account Registration: In order to use the Aura mobile and web application and upload photos to an Aura frame you must create a free user account. When you create an account, we collect your name, email, and information about your device, and our app requests your permission to access your photos.

Contact and Device Data: We collect name, phone number and email address when you fill out a contact form to send an inquiry. We also collect technical information on your device type, hardware, unique device identifiers, time zone settings, IP address, and operating system version, as well as analytics data about how a device uses the Services.

Correspondence Information: If you sign up for updates from Aura or email us, we may keep your message, email address, and contact information to respond to your requests, provide the requested products or Services, and to provide notifications or other correspondences to you.

If you do not want to receive communications from us in the future, please let us know by sending us an email requesting the same to privacy@auraframes.com or by following the unsubscribe instructions found in any email we send. Please note requests to remove your email address from our lists may take some time to fulfill. We may also still contact you as needed to provide important announcements or notifications regarding the Services, including communications related to purchases or other transactions you make with us.

Support Information: You may provide information to us via a support, warranty replacement or product return request submitted through email or the Services. We will use this information to assist you with your support request and may maintain this information to assist you or other users with support requests. Please do not submit any information to us via a support submission, including confidential or sensitive information that you do not wish for Aura or our Service Providers to have access to or use in the future. Some support inquiries may be analysed with the assistance of a third-party service provider using artificial intelligence technology, which has access to our customer service systems to help us identify opportunities for improving our customer support.

Customer Service Chatbot: If you contact our customer service team through our website or mobile application, you might interact with our automated AI-powered support bot. This virtual assistant helps answer questions and resolve issues related to our products and services. While the chatbot is designed to make support faster and more efficient, you’re always welcome to request assistance from a human representative at any point. When you engage with the chatbot, we collect the content of your conversation along with any information you choose to share in the text field to help us address your request. Chat transcripts and related data are encrypted, protected by access controls, and handled in accordance with the same security standards as other information we collect. We use these records for customer service, quality assurance, service improvement, and legal compliance. Chat data is retained for up to thirty (30) days and then securely and automatically deleted. To provide our support bot, we rely on a third-party service provider who processes chatbot interactions on our behalf and is contractually restricted from using this data for any other purpose. Within the 30-day data retention period, you may contact us to access or delete your chat data.

Form Information: We may use forms to request certain information from you on the Services, such as your contact information to assist with contacts or service requests. This information may include personal data.

Messaging and Communication Features

Aura's Services include several features that allow users to communicate and share content with other frame contributors, including:

Comments: Users may comment on photo upload events through the Aura mobile application. Users currently may comment only on entire photo upload events, and not on individual photos. Comments are visible only within the app to all contributors of the frame and are not displayed on physical frames. Comments may be edited or deleted by the user who created them. Other contributors will receive app notifications when comments are posted, if they have enabled notifications in their device settings.

Captions: Users may add text captions to individual photos that will be displayed on the selected physical frames alongside the photo. Captions are visible on the selected frames showing that photo and can be added, edited, or removed by any frame contributor through the Aura mobile application.

Gift Messages: Users preparing frames as gifts may pre-load photos and gift messages that will be displayed on the frame when first activated by the recipient.

Aura Post: Users may send physical photo cards with personalized messages through the Aura Post service. Information submitted for Aura Post, including messages and recipient addresses, is processed to fulfill physical delivery and is shared with our shipping and fulfillment service providers.

All messaging content is processed and stored on our secure servers, including those operated by our service providers, and may be transferred to the United States or other countries where we or our service providers operate. We process messaging content on the basis of contract performance to provide the Services and based on our legitimate interests in enabling user communication and providing support. Aura may access these messages for support or troubleshooting purposes.

Messaging content is retained for as long as the frame remains active or until deleted by the user or frame owner. Upon account deletion, messaging content is deleted in accordance with our standard data retention practices unless retention is required for legal compliance or business purposes.

Users may access, correct, or delete messaging content they have created through account settings or by contacting privacy@auraframes.com. We do not use messaging content for advertising purposes or share it outside the contributor group or service fulfillment context except as required by law or as disclosed in this Policy.

3.2 Consent to Personal Data Usage of You and Others:

Parental Consent and Minor Safety: Aura is committed to providing a safe and age-appropriate experience for individuals 16+. Children under 16 are not permitted to create an Aura account or use the Services. Aura does not knowingly collect personal information from children under 13 years of age. Individuals under 18 must obtain verified consent from a parent or legal guardian before engaging in certain activities within the Aura mobile app. Parental consent is always required for minors who wish to make in-app purchases or enable and access features categorized as 18+. Where required by law, Aura may seek verifiable consent directly from a parent or legal guardian before enabling certain processing of a child’s data, and may provide parents with an opportunity to review and request deletion of their child’s personal information.

Managing and Revoking Consent: Parents and legal guardians may review, manage, or withdraw their consent at any time using the tools and processes provided by the app store or through the mechanisms Aura supports. Parents and legal guardians may also contact Aura directly using the information in the Contact Information section to review the personal data associated with a minor’s account, request that Aura delete such information, or request that Aura stop further processing of the minor’s personal data except as legally required. If consent is withdrawn, the minor’s access to age-restricted or otherwise limited features will be disabled until consent is restored.

Image and Likeness Consent: By submitting photos or other content to the Services, you consent to the use of your likeness, personal data, and other included information [for the operation of the Services], and you warrant and represent that you have obtained the written consent, release, and/or permission of every identifiable individual who appears in such content to the use of their likeness, personal data, and other included information. This written release must include the right to use such individual’s likeness in the manner contemplated in this Policy and in the Terms of Service. If any identifiable individual is under the age of 18, you warrant and represent you have obtained such written consent, release and/or permission from that individual’s parents or guardians (and you agree to provide to us a copy of any such consents, releases and/or permissions upon request). If you do not have this release, do not submit the content to Aura or the Services.

Image Recognition: We use photo-recognition software to analyze the photographs you upload to group the photos by like characteristics, including by grouping photographs that may contain images of the same individuals. YOU UNDERSTAND THAT IMAGE RECOGNITION ANALYSIS WILL BE PERFORMED ON THE PHOTOGRAPHS IN YOUR CONNECTED PHOTO LIBRARIES, AND YOU REPRESENT AND WARRANT THAT YOU HAVE OBTAINED THE INFORMED WRITTEN CONSENT OF THE INDIVIDUALS IN THE PHOTOGRAPHS PERMITTING US TO UTILIZE IMAGE RECOGNITION SOFTWARE ON PHOTOGRAPHS OF THEM. Where required by law, if an identifiable individual in the photographs is a minor, Aura will obtain or rely on valid consent from the minor’s parent or legal guardian before collecting or using biometric identifiers or biometric information relating to that minor as required by applicable law. To disable image recognition analysis, please disable our Smart Suggestions Service as explained on this page: Photo Access and Privacy. After completing this opt-out process, Aura will delete any existing facial geometry data and Aura will not do any facial geometry analysis or processing on any future uploads.

To opt-out from these automatic metadata uploads, please follow the instructions on this page: Photo Access and Privacy. After completing this process, Aura will only upload to its servers data from those photos that you specifically selected to be displayed on your frame and will not do any facial geometry analysis or processing on any of your photos.

These consents are in addition to any age verification and parental consent processes conducted and managed by app stores.

3.3 Biometric Information Privacy Policy

This policy defines Aura’s policy for the collection, use, safeguarding, storage, retention, and destruction of biometric identifiers and biometric information (”Biometric Data”). It is Aura’s policy to protect, use, and store Biometric Data in accordance with applicable laws including, but not limited to, the Illinois Biometric Information Privacy Act. Aura has instituted the following biometric information privacy policy:

Biometric Identifiers and Information Defined

State and local laws may regulate the collection, use, safeguarding, handling, storage, retention, and destruction of “biometric identifiers” and “biometric information.” “Biometric identifier” means a retina or iris scan, fingerprint, voiceprint, or scan of hand or face geometry. “Biometric information” means any information, regardless of how it is captured, converted, stored, or shared, based on an individual’s biometric identifier used to identify an individual.

Purpose

For any Aura User who has not disabled the “Smart Suggestions” feature, Biometric Data may be captured, converted, stored, and/or shared through the use of facial geometry analysis. The purpose of the facial geometry analysis is to offer advanced photo recommendations. You may opt out of this service at any time.

Aura will not sell, lease, trade, or otherwise profit from any Aura User’s Biometric Data.

Consent

To the extent that Aura collects, captures, or otherwise obtains Biometric Data relating to an Aura User, Aura Users are provided a written consent electronically for their acknowledgment authorizing Aura to capture, collect, convert, store, share, and use the Aura User’s Biometric Data for the specific purposes disclosed in this policy. If an Aura User is under the age of 18, or if Aura otherwise knows that biometric data relates to a minor, Aura will obtain the necessary authorization or written release from the minor’s parent, legal guardian, or other legally authorized representative, where required by applicable biometric privacy laws.

Disclosure

To the extent that Aura collects, captures, or otherwise obtains Biometric Data relating to an Aura User, Aura will not disclose, redisclose, or otherwise disseminate an Aura User’s Biometric Data unless:

the Aura User or Aura User’s legally authorized representative consents to such disclosure or redisclosure;
the disclosure or redisclosure completes a financial transaction requested or authorized by the Aura User or Aura User’s legally authorized representative;
the disclosure or redisclosure is required by State or federal law or municipal ordinance; or
the disclosure is required pursuant to a valid warrant or subpoena issued by a court of competent jurisdiction.

Retention Schedule

If Smart Suggestions is enabled, Aura processes facial geometry information on the Aura User’s device only from photos to which the user grants Aura access in the Aura User’s connected libraries and photos that the Aura User uploads to the user’s frame. To the extent that any Biometric Data relating to an Aura User is collected, captured, or otherwise obtained on the Aura User’s device, the Biometric Data will be retained on the Aura User’s device only until the first of the following occurs:

The Aura User disables Smart Suggestions.
The Aura User deletes their Aura account.
The Aura User deletes the Aura Mobile App from their device.
The Aura User logs out from the Aura Mobile App.

Any Biometric Data used by Smart Suggestions on the Aura User’s device is not uploaded to Aura’s servers. Biometric Data is only stored on the device itself.

Data Storage, Transmission, and Protection

To the extent that Aura collects, captures, or otherwise obtains Biometric Data relating to an Aura User, if any, Aura will store, transmit, and protect the Aura User’s Biometric Data using a reasonable standard of care. Such storage, transmission, and protection from disclosure will be performed in a manner that is the same as or more protective than the manner in which Aura stores, transmits, and protects from disclosure other confidential and sensitive information of Aura and its customers. Aura will require any third-party service provider responsible for security protection of Aura Users’ Biometric Data, if any, to implement and maintain reasonable security procedures and practices. Such Biometric Data, if any, will be destroyed no later than six months from the date that you delete your Aura user account.

Facial Analysis Description and Opt Out Choices

As described in our Biometric Privacy Policy, Aura currently uses facial geometry analysis to support various value-add features that may be covered under certain privacy laws.

When active, the facial analysis process only occurs on the user’s phone itself and no photos will be uploaded to our servers.

Highlights

An optional app prompt that uses metadata and facial recognition to recommend photos for customers to add to their frame (i.e. “Add more photos of the people you’ve already selected for your frame.”).

3.4 Information We Collect Automatically:

We use automatic data collection and analytics technologies to collect aggregate and user-specific information about your equipment, patterns of use, communication data and the resources that you access and use on the Services, including your IP address, browsing, and navigation patterns. This information is used to improve our Services.

Information we collect automatically through your use of the Services includes:

Cookies, Web Beacons, Links, And Other Tracking Technologies:

Aura may keep track of how you use and interact with the Services through the use of cookies, web beacons, links, and other tracking technologies. We do this to help analyze the use of and improve the Services. Through these technologies, we may automatically collect information about your use of the Services and other online activities, including our email correspondences, third-party services, and client applications, and certain online activities after you leave the Services. Link information is generally only analyzed on an aggregate basis. Some Services features may not function properly if you disable cookies. Such data may include analytics information, browser type, operating system, and tracking of your interactions with our content and emails.

The technologies we use for this automatic data collection may include:

Cookies (or browser cookies). A cookie is a small file placed on the hard drive of your computer. We use essential, functional, performance, and marketing cookies for the purposes described below. You may refuse to accept browser cookies by activating the appropriate setting on your browser. However, if you select this setting you may be unable to access certain parts of our Services. Unless you have adjusted your browser setting so that it will refuse cookies, our system will issue cookies when you direct your browser to our website unless prohibited by law.
Web Beacons. Pages of our the website may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit us, for example, to count users who have visited those pages or opened an email and for other related website statistics (for example, recording the popularity of certain website content and verifying system and server integrity).

The purposes for which we use first party cookies include:

Purpose

Explanation

Processes

Intended to make the Services work in the way you expect. For example, we use a cookie that tells us whether you have already signed up for an account.

Authentication, Security, and Compliance

Intended to prevent fraud, protect your data from unauthorized parties, and comply with legal requirements. For example, we use cookies to determine if you are logged in.

Preferences

Intended to remember information about how you prefer the Services to behave and look.

Notifications

Intended to allow or prevent notices of information or options that we think could improve your use of the Services. For example, we use a cookie that stops us from showing you the signup notification if you have already seen it.

Analytics

Intended to help us understand how visitors use the Services. For example, we use a cookie that tells us how our search suggestions correlate to your interactions with the search page.

We also partner with third parties to manage our advertising on other sites. Our third-party partners may use cookies, pixels, or similar technologies in order to provide you with advertising based upon your browsing activities and interests.Third-party cookies include essential, functional, performance, and marketing cookies. For more information and choices regarding cookies, see our cookie banner.

IP Addresses: We automatically collect the IP addresses of users of certain Services, such as website visitors, those that log in to the Services, and those who post messages to the communities and forums. We process this information on the basis of our legitimate interests in protecting the Services and providing the Services to you.

Location Information: Neither the Aura applications nor the Aura frames capture or record location data, but they collect connected Wi-Fi, IP address and Internet service provider information. Note that photos uploaded to the Services will frequently contain location-related metadata (including the GPS location where the photo was taken) and we may use that information to classify photos (for example, by grouping photos taken in a single location).

Advertising Information: We partner with third parties to manage advertising to you about Aura on other sites. Our third-party partners may use cookies or similar technologies in order to provide you with advertising on other sites based upon your browsing activities and interests. If you have chosen to connect your account to an external third-party application, such as Facebook, or an app developed using the API, you can change your settings and remove permission for the app by changing your account settings. Aura does not use photographs or associated photograph data to target third-party advertising or other marketing to individuals. See the Third-Party Advertisements section below for more information.

Unique Identifiers: When you use or access the Services, we may access, collect, monitor, store on your device, and/or remotely store one or more “Unique Identifiers,” such as a universally unique identifier (“UUID”). A Unique Identifier may remain on your device persistently, to help you log in faster and enhance your navigation through the Services. Some features of the Services may not function properly if use or availability of Unique Identifiers is impaired or disabled.

Analytics Information: We use data analytics to ensure site functionality and improve the Services. We use mobile analytics software to allow us to understand the functionality of the Services on your phone. This software may record information such as how often you use the Services, what happens within the Services, aggregated usage, performance data, app errors and debugging information, and where the Services were downloaded from. We do not link the information we store within the analytics software to any personally identifiable information that you submit within the mobile application.

Log File Information: When you use our Services, we may receive log file information such as your IP address, browser type, access times, domain names operating system, the referring web page(s), pages visited, location, your mobile carrier, device information (including device and application IDs), search terms, and cookie information. We receive log file data when you interact with our Services, for example, when you visit our website, sign in to our Services, or interact with our email notifications. Aura uses log file data to provide, understand, and improve our Services, and to customize the content we show you. Aura may link this log file to other information Aura collects about you via the Services.

Meta Pixel Usage: We incorporate “pixels” provided by Meta Platforms, Inc. on our Websites. This enables us to track user behavior after a user clicks on a Facebook ad and is redirected to our website. By doing so, we can assess the effectiveness of Facebook ads for statistical and market research purposes and sometimes retarget certain users. It is important to be aware that Facebook may associate this information with your Facebook account and utilize it for its own promotional activities, in accordance with Facebook’s Data Usage Policy. You have the option to authorize Facebook and its partners to display advertisements on and off Facebook (see here). Additionally, a cookie may be stored on your computer for these purposes.

3.5 Information Use

Aura uses the information we receive about you for the purposes described in this Privacy Notice, including:

Providing and Improving Our Services: We may use your information to improve and customize our Services, including gathering your information for such purposes, and we do so as it is necessary to pursue our legitimate interests of improving our Services for our users. We use your information to organize and catalogue your photos into categories using photo-recognition software. Our collection of your usage data may also be necessary to enable us to pursue our legitimate interests in understanding how our Services are being used and to explore and unlock ways to develop and grow our business. It is also necessary to allow us to pursue our legitimate interests in improving our Services, efficiency, interest in Services for users and obtaining insights into usage patterns of our Services. We use your information to provide and improve the Services and our products, for billing and payments, for identification and authentication, for targeted online and offline marketing including through tools like Facebook Custom Audience and Google Customer Match, to contact users or interested parties, and for general research and aggregate reporting.

Keeping Our Services Safe And Secure: We may also use your information for safety and security purposes, including sharing of your information for such purposes, and we do so because it is necessary to pursue our legitimate interests in ensuring the security of our Services, including enhancing protection of our community against spam, harassment, intellectual property infringement, crime, and security risks of all kind.

Third-Party Advertisements: Aura may utilize the services of third-party advertising companies, including Google and others, to serve ads to you when you use other sites across the Internet, including to perform remarketing services. These third parties may collect information about your visits to certain pages of our Services and may use technology like cookies to store information about your use of the Services. The information collected may be reported back to us, and we may link this information to personal data we have collected about you. This information allows us to track which other websites have linked visitors to our Services, what pages of our Services are used by and are of interest to visitors, so we may provide better, more targeted advertising regarding our business and Services. More information about interest-based advertising and similar practices may be available at http://www.networkadvertising.org/consumer/opt_out.asp.

Our Legal Bases for Processing Personal Data: If European data protection law applies to the processing of your information, we process your information for the purposes described in this Privacy notice, based on the following legal grounds:

When we’re providing a product or service: We process your data to provide and support a product or service you’ve asked for under a contract, including but not limited to delivering our Terms of Service.

When we’re pursuing legitimate interests: We process your information for our legitimate interests and those of third parties while applying appropriate safeguards that protect your privacy. This means we process your information for things like:

offering and improving our Services
developing new products and features
understanding how our Services are used
performing research that improves our Services for our users and benefits the public
sending you direct marketing and other communications
detecting, preventing or otherwise addressing fraud, abuse, security or technical issues with our Services
maintaining and improving the integrity of our computing systems, and protecting our users’ data security
enforcing legal claims, including investigation of potential violations of applicable Terms of Service
when we’re complying with legal obligations

We process your data when we have a legal obligation to do so, for example, if we’re responding to a legal process or an enforceable governmental request.

We ask for your consent to process your information for certain specific purposes and give you the right to withdraw that consent at any time.

When we have a legal obligation: We process your data when we have a legal obligation to do so, for example, if we’re responding to a legal process or an enforceable governmental request.

When we obtain your consent: We ask for your consent to process your information for certain specific purposes and give you the right to withdraw that consent at any time.

When we carry out a contract: You can choose whether or not you want to use the Services. However, if you want to use the Services, you need to agree to our Terms of Service, which set out the contract between Aura and the users of the Services. We cannot provide many of the Services without your agreement to this contract, and without moving your personal data to Aura entities and Service Providers in various jurisdictions. Therefore certain processing of your personal data is done on the legal basis of processing necessary for the performance of the contract between you, as a user of the Services, and Aura.

3.6 Information Sharing

When you access or use the Services, we collect, use, share, and otherwise process your personal data as described in this Privacy Notice. Aura will not share, sell, rent, or otherwise disclose your personal data to third parties without your consent or as otherwise disclosed in this Privacy Notice.

Aura will share your information in the following circumstances on the legal basis of the legitimate interests of providing the requested Services:

Within Aura: We may share and process information internally within Aura and with our subsidiaries and affiliates. Aura’s personnel may have access to your information as needed to provide and operate the Services in the normal course of business. This includes information regarding your use and interaction with the Services.

Authorized Contributors Associated with your Aura Frame: If you are one of several contributors to an Aura frame, other contributors to that frame will be able to see your email address and access and manage the photos or videos you add to the shared frame. Contributors may also view and interact with comments posted in the app, and view captions added to photos displayed on frames. For more information about messaging features, see the Messaging and Communication Features section above.

Service Providers: Aura works with various organizations and individuals to help provide the Services to you (“Service Providers”), such as website and data-hosting companies and companies providing analytics information, like Google Analytics. Aura needs to engage such third-party Service Providers to help us operate, provide, and market the Services. These third parties have only limited access to your information and may use your information only to perform these tasks on our behalf. Information we share with our Service Providers may include both information you provide to us and information we collect about you, including personal data and information from data collection tools like cookies, web beacons, and log files. Service providers also assist with messaging features, including cloud storage for comments, captions, and gift messages, and shipping and fulfillment providers for Aura Post physical deliveries.

Aura takes reasonable steps to ensure that our Service Providers are obligated to reasonably protect your information on Aura’s behalf. If Aura becomes aware that a Service Provider is using or disclosing information improperly, we will take commercially reasonable steps to end or correct such improper use or disclosure.

We share personal data with our Service Providers on the legal basis of Aura’s legitimate interests in providing you with the Services. Our engagement of Service Providers is often necessary for us to provide the Services to you, particularly where such companies play important roles like helping us keep our Services operating and secure. Aura will not share, sell, rent, or otherwise disclose your personal data to third parties without your consent or as otherwise disclosed in this Privacy Notice.

Business Transactions: Aura may purchase other businesses or their assets, sell our business assets, or be involved in a bankruptcy, merger, acquisition, reorganization or sale of assets (a “Business Transactions”). Your information, including personal data, may be among assets sold or transferred as part of a Business Transaction. In some cases, Aura may choose to buy or sell assets. Such transactions may be necessary and in our legitimate interests, particularly our interest in making decisions that enable our organization to develop over the long term.

Safety and Lawful Requests: We may be required to disclose Services user information pursuant to lawful requests, such as subpoenas or court orders, or in compliance with applicable laws. We generally do not disclose user information unless we have a good faith belief that an information request by law enforcement or private litigants meets applicable legal standards. We may share your information when we believe it is necessary to comply with applicable laws, to protect our interests or property, to prevent fraud or other illegal activity perpetrated through the Services or using Aura name, or to protect the safety of any person. This may include sharing information with other companies, lawyers, agents, or government agencies. Nothing in this Privacy Notice is intended to limit any legal defenses or objections that you may have to a third party’s, including a government’s, request to disclose your information.

Aggregated Non-Personal Data: We may disclose aggregated, non-personal data received from providing the Services, including information that does not identify any individual, without restriction. Aura may share demographic information with business partners, but it will be aggregated and de-personalized so that personal data is not revealed.

4. Your Rights and Choices Regarding Your Information

4.1 Your Rights Applicable To EU Residents

If you are a resident of the European Union, you may have certain rights with respect to your personal data. These rights are standardized in Articles 15 - 22 EU-GDPR. To the extent that these laws apply, you may exercise the following rights:

Right of access (Art. 15 EU-GDPR). Note that much of the information you are entitled to know or access is disclosed in this Privacy Notice. With this said, you have the right to know about our information practices. You also have the right to access the categories of data we collect, with whom we share or sell that information, and, in some cases, what specific Personal data we associate with you or your account.
Right of rectification (Art. 16 EU-GDPR). You may request that we delete the personal data we have collected about you. Depending on the applicable law, in some cases we are required or permitted to retain your information, even if you validly requested we delete or erase it. Please note if you request erasure, you may be unable to access the Services and that this may be processed by account deletion.
Right to erasure ('right to be forgotten') (Art. 17 EU-GDPR). You may request we correct or rectify inaccurate information we have collected about you.
Right to restriction of processing (Art. 18 EU-GDPR). If we process your information based on our legitimate interests as explained in this Privacy Notice, or in the public interest, you can object to this processing in certain circumstances. Where we use your data for direct marketing purposes, you can always object using the unsubscribe link in such communications or changing your account settings.
Right to data portability (Art. 20 EU-GDPR). If we process your information based on our legitimate interests as explained in this Privacy Notice, you may have the right to restrict processing in certain circumstances.
Right to object to data processing (Art. 21 EU-GDPR). If you request a copy of your specific information then we will provide it in an easily accessible format.

To exercise these rights, please contact our Data Protection Officer at privacy@auraframes.com.

The same applies if you have any queries on data processing at our company. You also have the right to lodge a complaint directly with the Data Protection Supervisory Authority.

a. Right To Object

Please note the following in connection with your right to object:

If we process your personal data for the purpose of direct mail, you have the right to object to this form of data processing at any time without giving reasons. This also applies to profiling insofar as it is associated with direct mail.

If you object to data processing for direct marketing purposes, we will no longer process your personal data for these purposes. Exercising your right to object is free of charge and can be carried out informally, ideally by clicking on the “unsubscribe” button offered in any of our marketing emails, or via email to: privacy@auraframes.com.

In the event that we process your data to protect legitimate interests, you may object to this type of processing at any time for reasons relating to your particular situation; this also applies to profiling based on these provisions.

We will then no longer process your personal data unless we can demonstrate compelling legitimate grounds that outweigh your interests, rights, and freedoms, or the data processing is being used to assert, exercise or defend legal claims.

A withdrawal of consent will not affect the validity of our use of your personal data up until the point you have withdrawn your consent.

4.2 Rights Applicable To Residents of U.S. States

Certain laws like the California Privacy Rights Act, the Virginia Consumer Data Protection Act, and the Colorado Privacy Act, grant you rights to control your personal information. Although some of these rights apply generally, certain rights will only apply to limited individuals or circumstances. Although some of these rights apply generally, certain rights will only apply to limited individuals or circumstances. To the extent that these laws apply, you may exercise the following rights:

Right to Know and Access Information. Note that much of the information you are entitled to know or access is disclosed in this Privacy Notice. With this said, you have the right to know about our information practices. You also have the right to access the categories of data we collect, with whom we share or sell that information, and, in some cases, what specific personal data we associate with you or your account.

Right to Data Portability. If you request a copy of your specific information then we will provide it in an easily accessible format.

Right to Deletion or Erasure. You may request that we delete the information we have collected about you. Depending on the applicable law, in some cases we are required or permitted to retain your information, even if you validly requested we delete or erase it. Please note if you request erasure, you may be unable to access the Services and that this may be processed by account deletion.

Right to Correct Information. You may request we correct or rectify inaccurate information we have collected about you.

Right to Opt Out of Targeting Advertising, Sales, or Profiling. You may opt-out of our use of your personal data for targeted advertising, sales, or profiling in furtherance of decisions that produce legal or similarly significant effects, if applicable.

Additional Rights for Minors.For California residents under 16, Aura does not sell or share personal information or use it for cross‑context behavioral or targeted advertising unless you have first provided a valid opt‑in. For children under 13, this opt‑in must be provided by a parent or legal guardian; for teens ages 13 to 15, Aura will seek the teen’s own opt‑in, as permitted by applicable law. If Aura learns that it has engaged in a sale, sharing, or targeted advertising involving the personal information of a minor without a required opt‑in, Aura will stop such processing and honor any applicable deletion or restriction request.

Right to Consent to or Limit the Use of Sensitive Data. Some residents may have the right to consent to the use of their personal data. California residents have the right to ask that we limit our use and disclosure of any sensitive data to certain purposes permitted by law.

a. Do Not Sell or Share My Data

Aura does not sell user data for monetary value.

What can I do if I don’t want to receive targeted advertising?

In line with the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA) our US customers can submit a Do-Not-Sell-or-Share-My-Data request to privacy@auraframes.com.

To further reduce your general exposure to interest-based advertising, you can use the tools made available by the Digital Advertising Alliance and Network Advertising Initiative:

GPC Signal

We respond to the Global Privacy Control (“GPC”) signal. The GPC signal is a browser-level signal that can reflect the desire to opt-out of having Personal Data shared or sold. Some browsers allow transmission of GPC signal. By broadcasting this signal, we will not transmit your Personal Data to third parties who perform analytics services or who advertise to you based on this information.

You can reject our optional cookie collection when visiting our site. You can also directly control the cookie settings in your browser by following the instructions provided by the supplier of the browser. Remember that disabling cookies is browser specific. If you log on using Safari and disable the cookies, you must also disable cookies in Chrome if you use that browser at a different time:

Please note:

If you want to avoid any Aura advertisements targeted to you based on your information, you’ll want to both clear your cookies (as described above) and contact privacy@auraframes.com with a do-not-share-my-data request. Note that opting out of targeted advertising will not prevent advertising partners and agencies from delivering generic ads to your browser, which may include Aura ads.

Email addresses and other user data

Aura uses email addresses and phone numbers (a) to send out marketing emails and text messages and (b) for ad targeting. Aura never sells user information. We do use user information for serving targeted advertisements through partners such as Facebook.

Aura does not use personal information associated with accounts that Aura knows belong to children under 16 for activities that are considered a “sale,” “sharing,” or targeted advertising under applicable law unless the required affirmative authorization has been obtained, and never does so for accounts known to belong to children under 13.

Aura will continue to send you direct email or text message updates and promotions if you have signed up to our marketing newsletters. Simply use the “unsubscribe” option to opt out of emails, and reply “STOP” to opt out of receiving Aura’s text messages

Aura will continue to send you direct email or text message updates and promotions if you have signed up to our marketing newsletters. Simply use the “unsubscribe” option to opt out of emails, and reply “STOP” to opt out of receiving Aura’s text messages

b. Access To Specific Information and Data Portability Rights

You have the right to request that we disclose certain information to you about our collection and use of your personal data over the past 12 months. Once we receive and confirm your verifiable consumer request, we will disclose to you:

the categories of personal data we collected about you
the categories of sources for the personal data we collected about you
our business or commercial purpose for collecting or selling that personal data
the categories of third parties with whom we share that personal data.
the specific pieces of personal data we collected about you (also called a data portability request).
If we sold or disclosed your personal data for a business purpose, two separate lists disclosing:

sales, identifying the personal data categories that each category of recipient purchased; and
disclosures for a business purpose, identifying the personal data categories that each category of recipient obtained.

c. Deletion Request Rights

You have the right to request that we delete any of your personal data that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request your personal data from our records unless an exception applies.

We may deny your deletion request if retaining the information is necessary for us or our Service Provider(s) to:

complete the transaction for which we collected the personal data, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you
detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities
debug products to identify and repair errors that impair existing intended functionality
exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law
comply with the law, including the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.)
engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent
enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us
comply with a legal obligation
make other internal and lawful uses of that information that are compatible with the context in which you provided it

Please note requests to delete or remove your information do not necessarily ensure complete or comprehensive removal of the content or information posted and removed information may persist in backup copies indefinitely. Please note that if you choose to delete your information or opt out of the collection and use of your information, you understand that certain features, including but not limited to access to the Services, may no longer be available to you.

d. Non Discrimination

We will not discriminate against you for exercising any of your rights. Unless permitted by law, we will not:

deny you goods or services.
charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
provide you a different level or quality of goods or services.
suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.

e. Notice of Financial Incentive

We may offer certain benefits in connection with the disclosure of personal information and data associated with your account, or the opportunity to be eligible for certain perks and benefits such as rewards, exclusive offers, and discounts. All benefits are free of charge.

When you participate in these perks and benefits, we will collect and keep the personal information you provide, or that you have previously provided. To enhance your experience, reward you, and provide you with tailored benefits, we may also collect and use the following categories of personal information listed in connection with your accounts, including personal information we have previously collected about you:

Identifiers, including name and email
Online activity information

We collect this information through your interactions, as further detailed in this Privacy Notice. We will also use this information to send you messages about benefits and rewards, and to send you tailored marketing messages.

The benefits to you are reasonably related to our good-faith estimate of the value provided to us by their personal information. The value of personal information to us varies by individual and is related to the value of the rewards and discounts provided to you, minus the costs of providing those benefits.

You may withdraw your participation from any rewards program at any time by following the instructions provided upon enrollment.

f. Other California Privacy Rights

California’s “Shine the Light” law (Civil Code Section § 1798.83) permits users of our website that are California residents to request certain information regarding our disclosure of personal data to third parties for their direct marketing purposes. To make such a request, please send an email to privacy@auraframes.com.

g. Additional Information for Nevada

If you are a Nevada resident, you may also have certain rights regarding the sale of personal data. Nevada residents may opt out of the future sale of their data to a third party by emailing us at: privacy@auraframes.com. Please note, however, that we do not sell any of our customers’ personal data.

4.3 Rights Applicable to Residents of Canada

You may request access to or correction of your personal information in our custody or control. You may also have the right, in specified circumstances, to object to our use of your personal information, to request the deletion of your personal information or restrict its use, to request a copy of the information you have provided to us to use for your own purposes, to lodge a complaint with a supervisory authority, or to make a request for the portability of your personal information.

Your rights are subject to applicable legal restrictions and we may take appropriate steps to verify your identity before responding to your request.

4.4 Rights Applicable to Residents of Mexico

Personal Data Collected

In accordance with the provisions of the Federal Law on Protection of Personal Data Held by Private Parties (LFPDPPP), we inform you that the following categories of personal data may be collected, directly or indirectly, using Aura’s products, mobile applications, websites, digital platforms, and the Services:

Identification and Contact Information
Includes full name, email address, phone number, and title/salutation. Also includes contact details of invited users and any messages or inquiries sent to Aura.
Photographic and Media Content
Photos and videos uploaded by the user or imported from third-party services (e.g., Google Photos), along with associated metadata (e.g., date, location, device info).
Device and Technical Information
Includes device type, model, OS version, unique device identifiers, IP address, Wi-Fi network name (SSID), browser type, ISP, time zone, and language settings.
Usage and Interaction Data
Covers app and website activity, session data, page views, interactions with Aura frames (e.g., gestures, rotation, ambient light), and smart device integrations (e.g., Alexa, Google Home).
Location and Network Data
Inferred location from IP address and photo metadata (Aura does not track live GPS location).
Preferences and Profile Data
User-selected settings, preferences, marketing opt-ins, and any feedback or interests voluntarily provided.
Cookies and Tracking Technologies
Information collected via cookies, web beacons, pixels, and other tracking tools (including Meta Pixel), for analytics, personalization, and advertising purposes.

Sensitive Personal Data

For the purposes established in this Privacy Notice, Aura may collect and process the following categories of sensitive personal data, subject to your explicit consent:

Biometric Data: Information derived from facial geometry analysis, including facial recognition data, and any other biometric identifiers such as retina or iris scans, fingerprints, voiceprints, or scans of hand or face geometry, as may be applicable.

Classification of Purposes for Processing Personal Data

Aura Home, Inc. will take reasonable steps to ensure that the personal data contained in our databases is accurate, complete, correct, and up to date for the purposes for which it is collected. We Process Personal Data for the following purposes:

Essential or Necessary Purposes

These purposes are fundamental for Aura to provide its core Services, fulfill contractual obligations, or comply with legal requirements. Users generally cannot opt out of these without losing access to the Services.

Account Registration and Management
- Collecting and processing user information (name, email, device information) to create and manage user accounts.
- Authenticating users and managing account security.
Service Delivery
- Uploading and storing photographs or videos that users choose to display on their Aura frames.
- Managing and maintaining the technical operation of Aura frames and mobile applications.
- Collecting device and technical data (e.g., device type, operating system, Wi-Fi SSID) necessary for the operation of the Services.
Customer Support and Communication
- Responding to user inquiries, support requests, warranty replacements, and product returns.
- Sending essential communications related to account verification, security, or changes to the Services.
Legal Compliance
- Processing data as required to comply with applicable laws and regulations (e.g., responding to lawful requests, subpoenas, or court orders).
- Retaining data as necessary to comply with tax, revenue, or other legal obligations.
Security and Fraud Prevention

Using data to detect, prevent, or address fraud, abuse, security, or technical issues.
Protecting the integrity and security of Aura’s systems and user data.
Internal Analytics for Service Improvement

Collecting and analyzing usage data to understand how the Services are used and to improve functionality and user experience (as long as this is not for marketing or profiling purposes).

Secondary or Non-Essential Purposes (Opt-Out/Disabling Available)

These purposes are not strictly necessary for the core functioning of the Services. Users are provided with mechanisms to opt out or disable these features.

Smart Suggestions (Facial Recognition and Biometric Data)

Analyzing facial geometry and photo metadata to provide advanced photo recommendations.
This feature is optional and can be enabled or disabled by the user at any time. Biometric data is processed only on the user’s device and is deleted if the feature is disabled.

Integration with Third-Party Services

Connecting Aura with Google Photos, Alexa, or Google Home for enhanced functionalities.
These integrations are optional and require explicit user action to enable or disable.

Targeted Marketing and Advertising

Using user data (such as email addresses or browsing activity) for targeted advertising, remarketing, or profiling.
Users can opt out of targeted advertising and submit “Do Not Sell or Share My Data” requests. Aura does not sell personal data for monetary value.

Collection of Photo Metadata for Smart Suggestions

Uploading and analyzing metadata (dates, locations) from connected photo libraries for the Smart Suggestions feature.
Users can opt out, after which only specifically selected photos are uploaded and analyzed.

Marketing Communications

Sending marketing emails, newsletters, or promotional messages.
Users can unsubscribe from marketing communications at any time.

Participation in Rewards or Incentive Programs

Collecting and using personal data to provide rewards, exclusive offers, or discounts.
Participation is voluntary, and users can withdraw at any time.

Use of Cookies and Tracking Technologies for Non-Essential Purposes

Using cookies, web beacons, and similar technologies for analytics, preferences, and marketing.
Users can manage cookie preferences and opt out of non-essential cookies.

For secondary features, especially those involving sensitive or biometric data (like facial geometry for Smart Suggestions), Aura requires explicit, informed consent from the user. You can also opt in or out of features like Smart Suggestions or third-party integrations (e.g., Google Photos, Alexa, or Google Home) as detailed above.

Data Transfers

Aura will transfer personal data only in the cases previously indicated, which are considered to be the cases established by Article 36 of the LFPDPPP and under the conditions of Article 17 of the corresponding Regulations. This includes photos, videos, metadata, and messaging content such as comments, captions, gift messages, and Aura Post delivery information.

ARCO Rights

Right to Access. You have the right to know what Personal Information we collect about you and how we process it. This information will be provided to you at no cost, through physical copies, electronic documents, or any other means specified in this Privacy Notice.

Right to Rectification. You may request correction or rectification of any inaccurate, incomplete or not updated Personal Information.

Right to Cancellation. You may request the deletion of your Personal Information when it is no longer necessary for the purposes of which you have provided it or when you withdraw your consent.

Right to Object. You have the right to object to the processing of your Personal Information for legitimate reasons or for marketing purposes, when this (i) must cease to prevent its persistence from causing harm or damage, or (ii) when your Personal Information is subject to automated processing, which produces undesired legal effects or significantly affects your interests, rights, or freedoms, and is intended to evaluate, without human intervention, certain personal aspects of your data or to analyze or predict, in particular, your professional performance, economic situation, health status, sexual preferences, reliability, or behavior. The exercise of the right to object shall not be applicable in those cases in which processing your Personal Information is necessary for the fulfillment of a legal obligation imposed on Aura.

Right to Limit the Use or Disclosure of your Personal Information. Except if the limits to the use or disclosure you would like to establish jeopardize the realization of the purposes for which they were collected, as stated in this Privacy Notice. If the limits are valid, we will use or disclose your personal data subject to the limits you indicated in writing.

To exercise these rights, you or your authorized representative must email us at privacy@auraframes.com or submit a written request through our web form: https://auraframes.com/help-request including the following information: (i) your full name and address or any valid means of contact for receiving notifications, (ii) documentation proving your identity or, if applicable, documentation establishing both the legal authority and identity of your representative; (iii) a clear and precise description of the specific personal data in respect to which you intend to exercise your ARCO rights, unless the exercised right is the one of Access; (iv) the scope of the request, or a brief explanation of the ARCO right you wish to exercise, and (v) any additional information or documentation that may result helpful to locate your Personal Information. In the case of the Right to Rectification, you must also indicate the modifications to be made and provide the documentation supporting the request.

We will respond to your rights request within a maximum period of twenty (20) business days from the date the request was received. If the request results appropriate, it will be executed within fifteen (15) business days from the date on which the response is communicated. In the case of requests for access to personal data, we will proceed to the delivery, prior proof of your identity or that of your legal representative, as applicable. The aforementioned deadlines may be extended once for an equal period, if justified by the circumstances.

Provided that withdraw of consent does not result in the impossibility of complying with any obligations under our relationship with you, the consent granted by you for the processing of your personal data may be revoked by delivering a written notice through our web form: https://auraframes.com/help-request or emailing us at privacy@auraframes.com. The revocation will be effective as of the date in which we receive your request.

Notwithstanding any provision to the contrary in this Privacy Notice, the exercise of ARCO Rights will be provided to you free of charge.

4.5 Exercising Your Rights

Aura seeks to ensure all individuals are provided with the rights mandated by their governing jurisdiction. Not all of the rights discussed in this Privacy Notice will apply to each individual data subject and may not apply to you depending upon your jurisdiction. If you have any additional questions about your rights, please contact us.

To exercise your rights, please email us at privacy@auraframes.com. or submit a request through our web form: https://auraframes.com/help-request.

When submitting a request, please include your email address, full name, and your specific request.

For requests submitted by email, you must provide enough information that allows us to verify your identity. Only you or your authorized agent may make requests regarding your personal data. An authorized agent must have documentation that they are authorized to act on your behalf.

Aura will fulfill or reject your request within the amount of time required by law. For data portability requests, we will select a format to provide your Personal Information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.

We do not charge a fee to process or respond to your request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

If we deny your rights request, you may have the right to request an appeal of our decision. To initiate an appeal, follow the instructions provided in the communication denying your request, or contact us at the information provided in this Privacy Notice.

To access your personal data, please see below.

4.6 Access To The Information Aura Has Collected About You

Aura provides certain tools and settings within the Services to all users to help you access, correct, delete, or modify your personal data associated with the Services. If you need assistance with these services visit our FAQ.

4.7 Data Retention

Aura will retain your information only for as long as is necessary for the purposes set out in this Privacy Notice, for as long as an account is active, as described in this Privacy Notice, or as needed to provide the Services to you. Aura will retain and use your information to the extent necessary to comply with our legal obligations (for example, if we are required to retain your information to comply with applicable tax/revenue laws), resolve disputes, enforce our agreements, and as otherwise described in this Privacy Notice. We also retain log files for internal analysis purposes. These log files are generally retained for a brief period of time, except in cases where they are used for site safety and security, to improve site functionality, or we are legally obligated to retain them for longer time periods. We may delete your personal data from our systems as part of a data retention plan. Aura deletes inactive user accounts and personal data from our systems as part of Aura’s data retention plan. Users will be notified by email before their inactive accounts are deleted.

4.8 Opting Out Of Communications From Aura

Users may opt-out of receiving certain communications from Aura by following the unsubscribe process described in email communication, or by contacting us using the contact information provided above. However, please note you may not opt-out of certain Services-related communications, such as account verification, changes or updates to features of the Services, or technical and security notices.

4.9 Do Not Track

Aura does not currently employ a process for automatically responding to “Do Not Track” (DNT) signals sent by web browsers, mobile devices, or other mechanisms. Per industry standards, third parties may be able to collect information, including personal data, about your online activities over time and across different websites or online services when you use Services. You may opt out of online behavioral ads at http://www.aboutads.info/choices/. You also may limit certain tracking by disabling cookies in your web browser.

5. Data Transfers and Security

5.1 Transfer And Storage Of Your Information

The United States, EEA Member States, Canada and other countries all have different laws relating to privacy and data protection. When your information is moved from your home state, province or country to another jurisdiction, the laws and rules that protect your personal data in the country to which your information is transferred may be different from those in the country in which you live. For example, the circumstances in which law enforcement can access personal data may vary from jurisdiction to jurisdiction. In particular, if your information is in the United States, it may be accessed by government authorities in accordance with U.S. law.

Please be advised that information Aura collects about you via the Services may be transferred, processed and/or accessed by us in the United States, or another country where we, or our Service Providers operate. Please be aware that the privacy laws and standards in certain countries, including the rights of authorities to access your personal data, may differ from those that apply in the country in which you reside. If you are located outside the United States and choose to allow us to collect information about you, please be aware that Aura may transfer your personal data to the United States and process and store it there. We will transfer personal data only to those countries to which we are permitted by law to transfer personal data, and we will take steps to ensure that your personal data continues to enjoy appropriate protections.

5.2 Information Security

The security of your personal data is important to us. Aura takes reasonable efforts to secure and protect the privacy, accuracy, and reliability of your information and to protect it from loss, misuse, unauthorized access, disclosure, alteration, and destruction. Aura implements security measures as we deem appropriate and consistent with industry standards. As no data security protocol is impenetrable, Aura cannot guarantee the security of our systems or databases, nor can we guarantee that personal data we collect about you will not be breached, intercepted, destroyed, accessed, or otherwise disclosed without authorization. Accordingly, any information you transfer to or from Services is provided at your own risk.

5.3 Safely Using Aura’s Services

Despite Aura’s safety and privacy controls, we cannot guarantee the Services are entirely free of illegal, offensive, or otherwise inappropriate material, or that you will not encounter inappropriate or illegal conduct or content from other users when using the Services. You can help Aura by notifying us of any unwelcome contact or inappropriate content by contacting us at privacy@auraframes.com.

5.4 Age-Based Access Controls

Aura implements technical and administrative measures to ensure minors cannot access features, content, or functionality that exceed the age rating assigned to our mobile app. These measures may include:

Blocking or disabling age-restricted features;
Restricting visibility of 18+ content;
Requiring parental consent before enabling certain settings; and
Applying default safety settings based on age.
Limiting the use of minors’ data for profiling or targeted advertising and applying more protective default privacy settings for accounts that Aura knows belong to children or teens, consistent with applicable law.

Attempted access to restricted content may trigger protective measures or additional verification. Where Aura knows that an account belongs to a minor, Aura may also shorten retention periods for certain categories of personal information, restrict optional features, or further limit data uses where doing so is required or appropriate to protect children’s and teens’ privacy.

6. Third Party Links

Aura’s Services may occasionally link to outside websites and content. Aura does not endorse, approve, or certify any content from third parties, and we do not guarantee the accuracy, completeness, efficacy, or timeliness of the information they provide. You should check the applicable privacy notice of the website sponsor when linking to other websites from Aura Services.

7. Changes To Our Privacy Notice

Aura may modify this Privacy Notice from time to time. The most current version of this Privacy Notice will govern our use of your information and will be located at https://auraframes.com/privacy.

You may contact us to obtain prior versions. We will notify you of material changes to this policy by posting a notice at the Services or by emailing you at an email address associated with your account, if applicable, and provide an “at a glance” overview of any changes.

[LAST UPDATED: December 22, 2025]