Legal
Privacy Policy
Effective date: July 15, 2026
AuraZen is a wellness companion, not a medical device. We do not sell personal or health-related information, use it for advertising, or share it with employers or insurers.
1. Who we are
AuraZen is provided by Brasa Solutions, Fritz-Reuter-Weg 1a, 27607 Geestland, Germany. Brasa Solutions is the controller for personal data processed through the AuraZen mobile app.
For privacy requests, contact [email protected]. For general support, contact [email protected].
2. Information we process
Depending on the choices you make, AuraZen may process account information such as your email address and first name; wellbeing check-ins; optional notes and journal entries; recovery records; consent records; and limited technical information needed to operate and secure the app. A check-in is stored on your device and may be backed up to your account after you sign in and give the relevant consent.
When you use AuraZen Plus, we verify and retain the App Store product, transaction, purchase, expiry, and revocation status linked to your AuraZen account. Payment-card and Apple Account payment details remain with Apple and are not received by Brasa Solutions.
Where an optional voice check-in is available, audio is processed only for the active request after you accept the separate voice disclosure. AuraZen sends it to OpenRouter, which is instructed to use only a zero-data-retention speech provider and to deny provider data collection. AuraZen does not store the raw audio or returned transcript, and the client deletes its temporary recording after the request. Limited request metadata, such as account identifier, provider, model, time, and success or failure, may be retained for security and reliability without the audio or transcript. Some wellbeing information may be sensitive personal data under applicable law; we request explicit consent where required.
If you select a trusted contact, the name and phone number you choose are stored on your device. AuraZen uses the system contact picker and does not read or upload your full address book. If you use location to choose a crisis-support region, AuraZen requests one current location, derives the country or region, and does not retain the coordinates. If you choose to add a location link to a trusted-contact message, AuraZen uses an approximate, neighborhood-sized coordinate by default and requires a separate explicit choice before using the device's more precise coordinate. The link is added to a message you review and is shared with the recipient and messaging or maps providers only when you send or share it; those parties may retain or forward it. AuraZen does not track your location in the background.
Apple Watch crisis resources are available without an account. Personal Watch records are transferred to the paired iPhone only after setup and are handled under the same storage, consent, export, and deletion choices as iPhone records. Apple Health samples are read on device only after you grant access; AuraZen displays seven-day aggregates and does not upload the raw samples.
3. Why we use information
- To create and secure your account and provide the app.
- To provide the check-ins and wellbeing exercises you request.
- To support account recovery, customer support, fraud prevention, and service security.
- To comply with legal obligations and manage store purchases.
- To improve reliability and usability only when you opt in to limited analytics.
4. Legal bases
Where the GDPR applies, we process personal data to perform our contract with you, comply with legal obligations, pursue legitimate interests such as security and reliability, or with your consent. We rely on explicit consent for special-category health data when required by Article 9 GDPR.
5. Sharing and service providers
Supabase provides account authentication, database hosting, and server functions. Apple and Google provide the sign-in method you choose. Apple also processes Apple Health, Watch, Siri, Messages, Maps, and store interactions under its own terms when you choose those system features. For an optional voice check-in, OpenRouter routes the request to a speech transcription provider configured for zero data retention and no provider data collection; the eligible provider may change according to availability. These providers process information only to deliver the requested service and under applicable contractual and transfer safeguards.
We do not sell your data. We do not use wellbeing information for advertising. We do not share individual wellbeing information with employers or insurers, and voice content is not used to train a shared model.
6. Retention and deletion
Records kept only on your device, including trusted contacts, remain there until you delete them, reset local data, or remove the app. One-time locations used for region selection or a reviewed message are not retained by AuraZen. Raw voice audio and returned transcripts are not retained by AuraZen. Limited voice-request metadata expires after 30 days, and daily anti-abuse usage counters are deleted after 35 days. Temporary export files on the device are removed after sharing and stale files are deleted after one hour.
Account-linked wellbeing data, consent history, and verified subscription records are kept while your account is active. When account deletion is completed, these account-linked records are deleted, except for the minimum information that must be restricted and retained to meet a legal, billing, fraud-prevention, security, or legal-claims obligation. Any such exception is kept only for the applicable statutory or limitation period and is then deleted or irreversibly anonymized.
You can request access, export, correction, or deletion in the app or by emailing [email protected]. We aim to complete rights requests within one month, subject to legally permitted extensions and required retention.
7. Your choices and rights
Depending on your location, you may have rights to access, correct, export, restrict, object to processing, withdraw consent, and delete personal data. You can review or withdraw consent in the app and can contact [email protected] for any rights request. You can also change microphone, Apple Health, and location permissions in your device settings.
You may lodge a complaint with your local data protection authority. For Brasa Solutions in Lower Saxony, this is the State Commissioner for Data Protection of Lower Saxony (LfD Niedersachsen).
8. Safety
AuraZen is not an emergency service and does not monitor you. It never places a call, sends a trusted-contact message, or shares a location automatically. In an immediate emergency, contact local emergency services or a qualified crisis resource.
9. Children
AuraZen is not intended for people under 16, or the minimum age required in their jurisdiction. We do not knowingly collect personal data from children.
10. Changes to this policy
We may update this policy as the app or legal requirements change. We will post the updated version here and, where appropriate, provide notice in the app or by email.