Privacy Policy
Effective Date: 18th December 2025
Last Updated: 18th December 2025
1. Introduction
Welcome to Aura, a quit-smoking application developed by Timon Harz ("we," "our," or "us"). We are committed to protecting your privacy and personal data in compliance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.
This Privacy Policy explains how we collect, use, store, and protect your information when you use the Aura mobile application (the "App"). By using the App, you agree to the collection and use of information in accordance with this Privacy Policy.
2. Data Controller
For the purposes of GDPR, the data controller is:
Timon Harz
Email: harztimon@gmail.com
If you have any questions or concerns about how we handle your personal data, please contact us using the details above.
3. Information We Collect
3.1 Personal Information (Sign in with Apple)
When you create an account using Sign in with Apple, we may collect:
Name: Your first and last name (if you choose to share it)
Email Address: Your email address or Apple's private relay email (if you choose to hide your email)
User ID: A unique identifier provided by Apple to authenticate your account
Legal Basis for Processing: Contract performance (to provide you with access to the App) and legitimate interest (to maintain account security).
3.2 Anonymous Usage Data
We collect anonymous, aggregated usage data to improve the App's functionality and user experience. This data is not linked to your identity and cannot be used to identify you personally.
Usage data includes:
App feature interactions and usage patterns
Session duration and frequency of use
Device type and operating system version
Crash reports and technical diagnostics
Time and date of App usage
General performance metrics
Legal Basis for Processing: Legitimate interest (to improve our services and fix technical issues).
Important: This usage data is completely anonymized before collection and cannot be traced back to individual users.
3.3 User-Generated Content
You may choose to input personal information into the App, such as:
Smoking cessation goals and milestones
Personal notes or journal entries
Progress tracking data
Custom reminders
This content is stored locally on your device or in your private iCloud account (if you enable iCloud sync) and is not accessible to us unless you explicitly share it.
Legal Basis for Processing: Consent (you voluntarily provide this information) and contract performance (to provide personalized App features).
3.4 Subscription and Payment Information
When you purchase a subscription, payment processing is handled entirely by Apple through the App Store. We do not collect, store, or have access to your payment card information.
We may receive:
Subscription status (active, expired, canceled)
Subscription type (monthly or yearly)
Transaction date
Legal Basis for Processing: Contract performance (to manage your subscription and provide premium features).
3.5 Information We Do NOT Collect
We do not collect:
Precise geolocation data
Health data or medical records
Contacts or address book information
Photos or camera access (unless you explicitly grant permission for specific features)
Microphone or audio recordings
Browsing history outside the App
4. How We Use Your Information
We use the collected information for the following purposes:
4.1 To Provide and Maintain the App
Authenticate your account and manage access
Deliver personalized quit-smoking support and features
Process your subscription and manage billing
Send you important service notifications
4.2 To Improve the App
Analyze anonymous usage patterns to enhance user experience
Identify and fix technical issues and bugs
Develop new features based on user behavior
Optimize App performance
4.3 To Communicate With You
Respond to your inquiries and support requests
Send important updates about the App or Privacy Policy changes
Provide customer support
4.4 To Comply With Legal Obligations
Respond to legal requests and prevent fraud
Enforce our Terms of Use
Protect our rights and the safety of our users
5. Data Sharing and Disclosure
We respect your privacy and do not sell, rent, or trade your personal information to third parties.
5.1 Third-Party Service Providers
We may share limited information with trusted third-party service providers who assist us in operating the App:
Apple Inc.
Purpose: Authentication (Sign in with Apple), payment processing (App Store subscriptions), and app distribution
Data Shared: Apple ID information, subscription status
Location: United States and other countries where Apple operates
Privacy Policy: https://www.apple.com/legal/privacy/
These service providers are contractually obligated to protect your data and may only use it for the specific purposes we authorize.
5.2 Legal Requirements
We may disclose your information if required by law or in response to:
Valid legal processes (subpoenas, court orders)
Requests from government authorities
Protection of our legal rights
Prevention of fraud or illegal activity
Protection of user safety
5.3 Business Transfers
If we are involved in a merger, acquisition, or sale of assets, your information may be transferred to the new entity. You will be notified of any such change and given the opportunity to delete your account before the transfer.
5.4 With Your Consent
We may share your information with third parties when you explicitly consent to such sharing.
6. Data Retention
6.1 Account Information
We retain your account information (name, email) for as long as your account is active or as needed to provide you with services. If you delete your account, this information is permanently deleted within 30 days.
6.2 Anonymous Usage Data
Anonymous usage data is retained for up to 24 months for analytical purposes. Since this data is not linked to your identity, it cannot be deleted upon request.
6.3 Subscription Information
Subscription records are retained for 7 years to comply with tax and accounting regulations.
6.4 User-Generated Content
Content stored locally on your device or in your private iCloud account is under your control. Deleting the App or clearing your iCloud data will remove this content.
7. Your Rights Under GDPR
If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have the following rights:
7.1 Right of Access
You have the right to request a copy of the personal data we hold about you.
7.2 Right to Rectification
You can request correction of inaccurate or incomplete personal data.
7.3 Right to Erasure ("Right to Be Forgotten")
You can request deletion of your personal data when:
The data is no longer necessary for its original purpose
You withdraw consent
You object to processing and there are no overriding legitimate grounds
The data has been unlawfully processed
7.4 Right to Restriction of Processing
You can request that we limit how we use your personal data in certain circumstances.
7.5 Right to Data Portability
You can request your personal data in a structured, commonly used, machine-readable format and transfer it to another service provider.
7.6 Right to Object
You can object to processing of your personal data based on legitimate interests.
7.7 Right to Withdraw Consent
Where processing is based on consent, you can withdraw consent at any time without affecting the lawfulness of prior processing.
7.8 Right to Lodge a Complaint
You have the right to lodge a complaint with your local data protection authority if you believe we have violated your rights.
To exercise any of these rights, please contact us at: oneboardhq@outlook.com
We will respond to your request within 30 days. There is no fee for exercising these rights unless your request is manifestly unfounded or excessive.
8. International Data Transfers
Your information may be transferred to and processed in countries outside the European Economic Area (EEA), including the United States, where Apple operates its servers.
When we transfer data internationally, we ensure adequate protection through:
Standard Contractual Clauses (SCCs) approved by the European Commission
Adequacy decisions by the European Commission
Other legally compliant transfer mechanisms
Apple Inc. participates in relevant data protection frameworks and implements appropriate safeguards for international data transfers.
9. Data Security
We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction.
9.1 Security Measures Include:
Encryption of data in transit using industry-standard protocols (TLS/SSL)
Encryption of data at rest
Secure authentication via Sign in with Apple
Regular security assessments and updates
Access controls limiting who can access personal data
Anonymization of usage data before collection
9.2 Your Responsibility
You are responsible for:
Keeping your Apple ID credentials secure
Using a strong password for your Apple account
Logging out of shared devices
Notifying us of any suspected security breaches
Important: No method of transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.
10. Children's Privacy
The App is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children under 18.
If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately. We will delete such information from our systems within 30 days.
11. Cookies and Tracking Technologies
11.1 Our Use
The App does not use cookies or similar tracking technologies. We collect only anonymous usage data that is not linked to your identity.
11.2 Third-Party Services
Apple may use cookies and tracking technologies as part of Sign in with Apple and App Store services. Please refer to Apple's Privacy Policy for more information.
12. Do Not Track Signals
The App does not respond to "Do Not Track" signals because we do not track users across third-party websites or services. Our anonymous usage data collection is limited to the App itself.
13. California Privacy Rights (CCPA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):
Right to Know: What personal information we collect and how it's used
Right to Delete: Request deletion of your personal information
Right to Opt-Out: We do not sell personal information, so this right does not apply
Right to Non-Discrimination: We will not discriminate against you for exercising your rights
To exercise these rights, contact us at [Insert Contact Email].
14. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. When we make material changes, we will:
Update the "Last Updated" date at the top of this policy
Notify you via the App or email
Request your consent if required by law
We encourage you to review this Privacy Policy periodically. Your continued use of the App after changes are posted constitutes acceptance of the revised policy.
15. Third-Party Links
The App may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to read their privacy policies before providing any information.
16. Data Protection Officer
For questions specifically related to data protection and GDPR compliance, you may contact our Data Protection Officer:
Email: harztimon@gmail.com
17. Supervisory Authority
If you are located in the EEA, UK, or Switzerland, you have the right to lodge a complaint with your local data protection authority:
For EU residents: Find your local authority at https://edpb.europa.eu/about-edpb/board/members_en
For UK residents: Information Commissioner's Office (ICO) - https://ico.org.uk
For Swiss residents: Federal Data Protection and Information Commissioner (FDPIC) - https://www.edoeb.admin.ch
18. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
Developer: Timon Harz
Email: harztimon@gmail.com
Data Protection Officer: harztimon@gmail.com
We will respond to all inquiries within 30 days.
By using Aura, you acknowledge that you have read and understood this Privacy Policy and agree to our data practices as described herein.
