Aura

Privacy Policy

Effective Date: 2026-03-13 · Last Updated: 2026-03-13

1. Scope

Welcome to Aura. EchoAI Digital Limited ("we," "us," or "our") values your privacy. This Privacy Policy explains how we collect, use, store, share, and protect your personal information, and the rights available to you.

This Policy applies to Aura websites, apps, and related services (collectively, the "Services"), for both registered and unregistered users.

2. Age and Content Notice

The Services are for users who are at least 18 years old, or the age of majority in their jurisdiction.

The Services may include adult/sexual content. If you do not meet the age requirement, or such content is unlawful where you are located, stop using the Services immediately.

3. Information We Collect

3.1 Information You Provide

• Account information: email, nickname, password, login credentials. • Profile and preferences: character settings, voice preferences, interaction settings. • User content: chat text, prompts, uploads, feedback, customer support communications. • Transaction information: order details, payment status, billing records (payment card data is processed by third-party payment providers).

3.2 Information Collected Automatically

• Device and network data: device model, OS version, IP address, device identifiers, logs. • Usage data: access time, clicks, session duration, crash/performance data. • Control and sync data: remote-control commands, connection status, sync metadata.

3.3 Sensitive Information

Given the nature of the Services, you may provide or generate information related to sex life, sexual preferences, or sexual orientation. We process such data in accordance with applicable law and obtain required consent where legally necessary.

4. How We Use Information

We may use personal information to:

• Provide and maintain the Services (accounts, AI interaction, device control, support); • Protect safety and security (anti-fraud, abuse prevention, auditing); • Improve products and user experience (debugging, quality analysis, optimization); • Conduct analytics and operations (aggregated or de-identified where appropriate); • Meet legal obligations and handle disputes; • Send service and marketing communications (you may opt out of marketing at any time).

5. AI and Third-Party Capabilities

We may use proprietary and third-party AI/cloud services to provide reply generation, content generation, moderation, safety, and optimization features.

Where permitted by law, related data may be used for service quality improvement, model capability optimization, and safety governance. Where required by law, we will provide additional notice and obtain consent.

6. Sharing and Disclosure

We do not sell your personal information.

We may share information:

• At your direction (for example, remote connection features); • With service providers (cloud, AI, payment, analytics, support); • In corporate transactions (merger, acquisition, restructuring, asset sale); • To comply with law or to protect legal rights, safety, and security.

7. International Data Transfers

Your information may be transferred to and stored outside your country/region. We implement reasonable safeguards as required by applicable law.

8. Data Retention

We retain information based on business need and legal obligations, generally:

• Account data: during account life and up to 180 days after closure; • Conversation/user content: up to 12 months (deletion requests enter cleanup workflow); • Security logs: up to 12 months; • Support records: up to 5 years; • Transaction/financial records: up to 10 years, or longer if legally required; • Risk-control records: up to 2 years, or longer if legally required.

9. Your Rights

Subject to applicable law, you may request access, correction, deletion, restriction, portability, objection, withdrawal of consent, and account closure.

Request channel: echoai@realaura.ai

10. California Notice (CCPA/CPRA)

• We may collect categories of personal information, including sensitive personal information as defined by law. • Purposes include service delivery, security/risk control, improvement, support, and legal compliance. • We do not sell or share personal information for cross-context behavioral advertising. • California residents may exercise rights to know, access, correct, delete, data portability, and non-discrimination. • Request channel: echoai@realaura.ai

11. EEA/UK/Switzerland Users

Where applicable, you may exercise GDPR rights and lodge a complaint with your local data protection authority.

12. Security

We use reasonable technical and organizational safeguards, including encryption in transit, access controls, least-privilege controls, and security monitoring. No system can be guaranteed absolutely secure.

13. Updates and Contact

We may update this Policy from time to time. Material changes will be notified by in-app notice, email, or other reasonable means.

Contact: echoai@realaura.ai