Effective Date: October 16, 2025
Auralis is committed to protecting your privacy. This Privacy Policy complies with the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other applicable privacy laws. It explains what data we collect, why we need it, and how you can control it.
1. Data Controller and Contact
The data controller is: Softnest, ul. Ludwika Zamenhofa 2/33, 33-300 Nowy Sącz, Poland, Tax ID (NIP): 7343649264, Business ID (REGON): 540236581.
Contact us:
- Email: adrian.szablowski.kontakt@gmail.com
For EU users: You may contact your local data protection authority. In Poland: President of the Personal Data Protection Office (UODO), ul. Stawki 2, 00-193 Warsaw, Poland.
2. Personal Data We Collect
When you use Auralis, we collect:
- Account Information: name, email address, password (encrypted)
- Authentication Data: Apple ID identifier (if using Apple Sign In)
- Device Information: device type, operating system version, unique device identifiers
- App Usage Data: features used, session duration, app performance data
- User Preferences: currency selection, app settings
- User Content: income sources, financial goals, goal deposits, and notes you create within the app
- Photos: share cards saved to your device's photo library (stored locally on your device only)
We do not collect: credit card numbers, bank account details, or precise location data.
3. How We Use Your Data
We use your personal data to:
- Provide and maintain the Auralis app services (legal basis: contract performance under GDPR Art. 6(1)(b); business purpose under CCPA)
- Process subscription payments (legal basis: contract performance; business purpose)
- Authenticate your account and maintain security (legal basis: legitimate interest under GDPR Art. 6(1)(f); business purpose)
- Communicate with you about app updates and support (legal basis: legitimate interest; business purpose)
- Improve app functionality and user experience (legal basis: legitimate interest; business purpose)
- Comply with legal obligations (legal basis: legal obligation under GDPR Art. 6(1)(c))
4. Data Sharing and Third Parties
We do not sell your personal data to anyone.
We share data only with trusted service providers:
- Supabase Inc. - Database hosting in EU region (Frankfurt, Germany)
- RevenueCat Inc. - Subscription management (iOS only)
- Apple Inc. - Authentication services (only if you use Apple Sign In)
All service providers:
- Process data only on our instructions
- Maintain GDPR compliance and have signed Data Processing Agreements (DPAs)
- Use industry-standard security measures
International Transfers: Your data is stored on Supabase servers in the EU (Frankfurt). Any necessary transfers outside the EU are protected by Standard Contractual Clauses approved by the European Commission.
5. Data Retention
- Account Data: Deleted immediately when you delete your account
- App Content: Deleted immediately when you delete your account
- Technical Logs: 30 days
- Billing Records: 5 years (legal requirement for tax purposes)
- Support Communications: 3 years from last contact
- Photos/Share Cards: Stored only on your device, managed by you
Account Deletion: You can permanently delete your account at any time from the app settings. This action is immediate and irreversible. All your data will be permanently deleted from our servers.
6. Your Privacy Rights
For EU Users (GDPR Rights):
- Right to access your personal data
- Right to rectify inaccurate data
- Right to erase your data ("right to be forgotten")
- Right to restrict processing
- Right to data portability
- Right to object to processing
- Right to withdraw consent
- Right to lodge a complaint with a supervisory authority
For California Users (CCPA Rights):
- Right to know what personal data we collect, use, disclose, and sell
- Right to delete personal data
- Right to opt-out of the sale of personal data (note: we do not sell personal data)
- Right to non-discrimination for exercising your rights
To exercise your rights: Contact us at adrian.szablowski.kontakt@gmail.com. We will respond within 30 days (GDPR) or 45 days (CCPA).
7. Mobile App Permissions
Auralis may request the following device permissions:
- Photo Library (iOS/Android): Required to save generated share cards to your photo library. This permission is optional - you can use the app without granting it, but you won't be able to save cards to your photos.
- Push Notifications (optional): To notify you about goal progress (planned future feature)
You can revoke these permissions at any time in your device settings.
8. Data Security
We implement industry-standard security measures:
- Encrypted data transmission between the app and our servers
- Secure data storage on SOC 2 Type II certified servers (AWS Frankfurt)
- Password encryption using bcrypt hashing
- Access controls and authentication protection
- Regular security monitoring and backups
While we use best practices to protect your data, no system is 100% secure. We cannot guarantee absolute security.
9. Data Breach Notification
In case of a data breach:
- We will investigate within 24 hours
- Notify relevant authorities within 72 hours (as required by GDPR)
- Notify affected users if there is a high risk to their rights
- Take immediate steps to mitigate the breach
- Cooperate fully with regulatory authorities
10. Apple Sign In
If you use "Sign in with Apple":
- Apple may share your email address (or a private relay email) and optionally your name
- You can manage what information Apple shares in your Apple ID settings
- Apple Sign In is an alternative to email/password registration
- Data received via Apple Sign In is processed the same way as email registration data
11. Subscription and Payments
Payment processing is handled by RevenueCat Inc.:
- We do not store your credit card information
- RevenueCat only provides us with subscription status and transaction identifiers
- Actual payment processing is handled by Apple App Store (iOS)
- For payment details, see RevenueCat's privacy policy: <https://www.revenuecat.com/privacy>
12. Children's Privacy
Auralis is intended for adults 18 years or older. We do not knowingly collect data from children under 18 (or 16 in the EU). If you are a parent and believe your child has provided us with personal data, please contact us and we will delete it immediately.
13. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. For material changes:
- We will notify you 30 days in advance via email or in-app notification
- Minor changes will be posted in the app with an updated effective date
- Continued use of the app after changes means you accept the updated policy
14. International Users
Auralis is available worldwide. Your data is stored in the EU (Frankfurt, Germany) regardless of where you are located. By using the app, you consent to the transfer and processing of your data in the EU.
15. Do Not Sell My Personal Information (CCPA)
We do not sell, rent, or trade your personal information to third parties for monetary or other valuable consideration.
16. Contact Us
For privacy questions, concerns, or to exercise your rights:
Email: adrian.szablowski.kontakt@gmail.com
Mailing Address:
Softnest
ul. Ludwika Zamenhofa 2/33
33-300 Nowy Sącz
Poland