DeepAura Privacy Policy

Last Updated: 3 March 2026

This Privacy Policy explains in a transparent and fair manner how DeepAura collects, uses, stores, shares, and protects personal data when you access or use the DeepAura mobile application (the “Services”).

Data Controller

DeepAura acts as the data controller for personal data processed under this Privacy Policy for the purposes of applicable data protection laws, including the General Data Protection Regulation (GDPR).

If you have any questions regarding this Privacy Policy, you may contact:

support@deepaura.io

Personal Data We Process

2.1 Account Information

When you create and use an account, we process:

• Email address
• User ID

This data is required to authenticate users and provide core app functionality.

2.2 Subscription Information

• Payments are processed securely by Apple through the App Store
• We do not collect, process, or store your payment card details
• We use RevenueCat to manage subscription status and validate entitlements
• Subscription status and purchase validation data may be processed to enable premium access

2.3 Usage Data

We process information about how you interact with the Services, including:

• Product interaction data
• Feature usage
• Session activity
• Listening progress

2.4 Device and Technical Information

• Device ID
• App version
• Operating system version
• IP address
• Technical logs

2.5 Diagnostics and Performance Data

• Crash reports
• Performance diagnostics
• Error logs

2.6 Reflections and Wellness Inputs

If you provide reflections or wellness-related inputs within the app, such information is processed solely to provide and improve the Services.

DeepAura does not treat such information as medical or health data and does not infer diagnoses or medical conditions.

DeepAura does not provide medical advice.

Automated Processing and AI

DeepAura may use automated systems, including artificial intelligence, to analyse usage patterns and personalise content.

This processing is intended solely to enhance functionality and user experience.

DeepAura does not engage in automated decision-making or profiling that produces legal effects or similarly significant effects within the meaning of Article 22 GDPR.

Legal Bases for Processing

We process personal data only where lawful, including where processing is necessary to:

• Perform our contract with you
• Comply with legal obligations
• Pursue legitimate business interests
• Provide services you request
• Where you have provided consent, if required by law

Data Sharing

Personal data is shared only where necessary and under appropriate safeguards.

We may share data with trusted service providers acting on our behalf, including:

• Firebase (Google LLC) – authentication, hosting, database storage, analytics
• RevenueCat – subscription management and entitlement validation
• Apple App Store – payment processing and subscription billing
• Crash and performance monitoring tools

These providers process data strictly in accordance with applicable data protection laws and contractual safeguards.

We do not sell personal data.

Personal data may be disclosed where required by law or in connection with corporate transactions such as a merger or acquisition.

International Data Transfers

Where personal data is transferred outside your country of residence, DeepAura relies on legally approved safeguards, including adequacy decisions and Standard Contractual Clauses, in accordance with applicable law.

Data Retention

Personal data is retained only for as long as necessary to:

• Provide the Services
• Maintain account functionality
• Comply with legal obligations
• Protect legitimate business interests

If you delete your account:

• Your authentication record is deleted
• Associated user data is removed from our database

Certain anonymised or aggregated analytics or diagnostic data may be retained for security, legal, or operational purposes.

Your Rights

Subject to applicable law, you have the right to:

• Access your personal data
• Request correction
• Request deletion
• Restrict processing
• Object to processing
• Request data portability
• Withdraw consent where processing is based on consent

Requests may be submitted to:

support@deepaura.io

You also have the right to lodge a complaint with your local data protection authority.

Security

DeepAura implements appropriate technical and organisational measures designed to protect personal data.

However, no system can be guaranteed to be completely secure, and residual risk remains.

Children’s Data

The Services are not intended for children under sixteen (16) without parental consent.

DeepAura does not knowingly process children’s personal data unlawfully.

If we become aware that personal data of a child has been collected without appropriate consent, we will take steps to delete it.

Changes to This Policy

DeepAura may update this Privacy Policy from time to time.

Updates will be posted on this page with a revised date.

Continued use of the Services after changes constitutes acceptance of the updated policy.

Contact

For privacy-related questions or requests, contact:

support@deepaura.io