Privacy Policy
Last updated: February 2026
1. Introduction
AuraFace ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and website (collectively, the "Service").
By using the Service, you agree to the collection and use of information in accordance with this policy.
2. Information We Collect
2.1 Information You Provide
- Account information (email address, name)
- Profile data (gender, age range, height, self-rating)
- Face photos uploaded for analysis
- Quiz responses and preferences
- Payment information (processed by our payment provider)
2.2 Information Collected Automatically
- Device information (type, operating system, unique identifiers)
- Usage data (features accessed, time spent, interactions)
- IP address and approximate location
- App analytics and crash reports
3. How We Use Your Information
- To provide AI-powered face analysis using Google's Gemini 2.0 Flash model
- To generate personalized improvement tips and recommendations
- To track your progress over time
- To process payments and manage subscriptions
- To send you relevant notifications and updates
- To improve our Service and develop new features
- To respond to your requests and provide customer support
4. AI Processing & Facial Analysis
What data is collected: When you use the face scan feature, AuraFace captures a standard 2D photograph using your device camera. No biometric identification data (Face ID templates, depth maps, or facial recognition identifiers) is collected.
What data is sent to Google Gemini: Your photo (as a compressed JPEG image) and optional gender preference are sent to Google's Gemini AI API (gemini.googleapis.com) for facial attribute analysis. The AI evaluates six attributes: symmetry, skin quality, facial harmony, eye area, jawline definition, and nose structure, and generates numerical scores and personalized improvement tips.
Google's data handling: Google does not use data submitted through the Gemini API to train their models. Your photos are processed in real-time and are not permanently stored by Google after analysis is complete.
Photo storage: Your photos are stored in Cloudflare R2 cloud storage (encrypted at rest) linked to your authenticated account. Photos are retained for your scan history and progress tracking until you delete individual scans or your account.
Results storage: Your facial analysis scores and improvement tips are stored in our Supabase database with Row Level Security (RLS), meaning only you (the authenticated account owner) can access your data.
Data retention: Photos and analysis results are retained until you choose to delete them. You can delete individual scans from your scan history at any time, or delete your entire account to remove all data within 30 days.
User consent: Before your first face scan, the app displays a consent modal that explains what data is sent, who it is sent to (Google Gemini), and how it is stored. You must accept this disclosure to proceed with scanning.
5. Data Storage
Your data is stored using the following services:
- Supabase: Account data, scan results (scores, tips), and profile information are stored in our Supabase PostgreSQL database with Row Level Security (RLS) enabled — only you can access your data
- Cloudflare R2: Face images are stored encrypted at rest for your scan history and progress tracking, retained until you delete them or your account
- Device storage: Preferences and cached data are stored locally on your device
All data is encrypted in transit (TLS) and at rest.
6. Third-Party Services
We use the following third-party services:
- Google Gemini: AI face analysis processing
- Supabase: Database and authentication
- Cloudflare R2: Image storage
- RevenueCat: In-app subscription management (mobile)
- Dodo Payments: Web payment processing
- Vercel: Website hosting
Each of these services has their own privacy policy governing their use of your data.
7. Data Sharing
We do not sell your personal data. We may share your information only in the following circumstances:
- With service providers who assist in operating our Service (listed above)
- When required by law or to respond to legal process
- To protect our rights, privacy, safety, or property
- In connection with a merger, acquisition, or sale of assets
8. Your Rights
You have the right to:
- Access: Request a copy of your personal data
- Correction: Update or correct inaccurate data
- Deletion: Request deletion of your account and all associated data
- Portability: Receive your data in a structured, machine-readable format
- Opt-out: Unsubscribe from marketing communications
To exercise any of these rights, please contact us at privacy@auraface.lol.
9. Account Deletion
You can delete your account at any time through the app settings. When you delete your account:
- All personal data is permanently removed from our servers within 30 days
- Stored images are deleted immediately
- Scan history and results are permanently erased
- Active subscriptions will be cancelled
10. Data Retention
We retain your personal data only for as long as necessary to provide the Service and fulfill the purposes described in this policy. When you delete your account, we remove your data within 30 days, except where retention is required by law.
11. Children's Privacy
Our Service is not intended for children under the age of 18. We do not knowingly collect personal data from children. If you are a parent or guardian and believe your child has provided us with personal data, please contact us.
12. GDPR Compliance (EU Users)
If you are located in the European Economic Area (EEA), you have additional rights under the General Data Protection Regulation (GDPR), including the right to lodge a complaint with a supervisory authority. Our legal basis for processing your data includes consent, contract performance, and legitimate interests.
13. CCPA Compliance (California Users)
If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with additional rights regarding your personal information, including the right to know what data we collect, the right to delete your data, and the right to opt-out of the sale of your data. We do not sell personal data.
14. Security
We implement appropriate technical and organizational measures to protect your personal data, including encryption, access controls, and regular security assessments. However, no method of transmission over the Internet is 100% secure.
15. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the "Last updated" date. Continued use of the Service after changes constitutes acceptance of the updated policy.
16. Contact Us
If you have any questions about this Privacy Policy, please contact us at:
- Email: privacy@auraface.lol
- Website: https://auraface.lol