← Back to Aurial

Privacy Policy — Aurial

Effective date: April 19, 2026

Publisher / data controller: Janardan Ayachi (“we,” “us,” “our”), based in Gujarat, India

Product: Aurial — mood journal and AI-assisted wellness features (the “App”).

Contact (privacy & data requests): aurialoffical@gmail.com

Outbound email (transactional / waitlist): Messages we send you may originate from hello@getaurajournal.com (sending address only). To reach a human, please use aurialoffical@gmail.com.

Website: https://www.getaurajournal.com

Summary (privacy-first)

  • Your mood journal entries (text you write in the journal), tags, and routine journaling metadata are stored on your device using local app storage. We do not operate a central server copy of your journal and cannot read your entries from the App simply because they exist on your phone.
  • If you use optional features that send information to us or to our processors (for example, AI insights, in-app feedback, waitlist or promo verification, or subscription receipts through Apple), we process only what those features require, as described below.
  • AI features are stateless. When you trigger an AI feature, the relevant text is sent over an encrypted (HTTPS) connection only to generate your response. We do not store your prompts or AI outputs on our servers, and we do not use your content to train any AI model.
  • We do not sell your personal information. We do not use your journal content for cross-context behavioral advertising.

This policy describes the Aurial mobile application and related web properties (such as our marketing site and waitlist) where practices may differ slightly. When they differ, we say so plainly.

1. Who this policy applies to

If you use Aurial or interact with our website or APIs, this policy applies to you.

Age requirement: Aurial is intended for users 13 years of age or older. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us personal information, contact us and we will take appropriate steps to delete it.

2. Information we process

2.1 Journal content and on-device data (App)

The App stores mood entries, notes, tags, photos you attach, voice transcripts, and related journaling data locally on your device (via the platform’s standard local storage mechanisms — for iOS, this is sandboxed app storage protected by your device passcode/biometrics).

Unless you use a feature that explicitly transmits text or derived content (see AI features and exports below), that journal content does not leave your device.

We may also store non-journal app preferences on your device (for example, theme, reminder settings, optional display name you choose to save in settings, app-lock preferences, custom tags, and similar configuration).

2.2 Optional AI features (network transmission, no retention)

When you request AI-generated summaries, insights, reflections, or Deep Dives, the App sends only the text or context needed to fulfil that specific request to our backend service at getaurajournal.com/api/ai. Our backend forwards the prompt to an AI inference provider (currently Groq) and streams the response back to your device.

What we do NOT do with your AI requests:

  • We do not persist the prompt or the AI response to any database or log file beyond what is required to return the response in real time.
  • We do not use your prompts or AI outputs to train, fine-tune, or improve any AI model — ours or anyone else’s.
  • We do not share AI prompt content with advertisers or any third party other than the AI provider that generates the response.
  • We do not associate AI requests with any account, because Aurial has no account system.

What is technically transmitted with each AI request: the prompt text, a task identifier (e.g. mood_insight, deep_dive), and a non-personal install identifier (see §2.7) used only for rate limiting and abuse prevention. Our request to the AI provider includes a zero-retention header so the provider does not store the request or response on its side either.

You can disable or avoid AI features at any time in Settings if you do not want journal text processed by remote systems.

2.3 In-app feedback and support messages

If you submit feedback through the App, we collect:

  • the message content you write,
  • an email address if you choose to include one (if you leave it blank, we record the placeholder anonymous@aurial.app so we know not to email back),
  • a source label (e.g. mobile_app),
  • limited device information (device_info) such as device model, OS version, and app version, used for debugging your report.

This data is stored in our feedback database (Supabase) so we can read and respond to your feedback. If you contact us by email instead, your message is delivered to our Gmail mailbox at aurialoffical@gmail.com.

2.4 Waitlist, email, and website interactions

On getaurajournal.com, you may provide an email address to join a waitlist or receive updates. We may also collect optional feedback content, promo or referral metadata, and basic request information (such as timestamps and IP-derived approximate region for security) as needed to operate those features.

To make features like “did you already join?” and “your promo code” work without requiring a login, our website stores small items in your browser’s local storage — for example, aurial_user_email, aurial_waitlist_promo, and feedback-submitted flags. These are accessible only to your browser and are not tracking cookies.

Our website may use privacy-oriented analytics provided by our hosting platform (Vercel Analytics) to understand aggregate traffic. This is not journal content and is not tied to your private entries in the App.

2.5 Purchases and subscriptions

Subscriptions handled through Apple In-App Purchase involve Apple processing payment and providing transactional identifiers to the app for entitlement verification. We do not receive your full payment card number from Apple.

2.6 Notifications, media, and optional files

If you enable reminders, your device may store scheduling tokens or related data required by the operating system’s notification services.

If you import data (for example, CSV) or export/share files (for example, PDF), those actions use local file handling on your device; sharing explicitly sends content through the sharing channel you choose.

2.7 Security-related identifiers

The App generates and stores a random install identifier on-device. This identifier is included as a header (x-aura-install-id) on requests to our backend (currently AI requests) so we can apply per-install rate limits and detect abuse. It is not linked to your name, email, or device account, and it is reset if you delete the App.

3. How we use information

We use information to:

  • Provide and improve Aurial’s features
  • Operate AI inference where you request it (without retention or training, see §2.2)
  • Handle waitlist communications and transactional email (sent from hello@getaurajournal.com)
  • Respond to feedback and support requests (received at aurialoffical@gmail.com)
  • Maintain security, prevent abuse, and apply rate limits
  • Comply with law and enforce our terms

4. Legal bases (GDPR / UK GDPR)

If European data protection law applies, we rely on one or more of the following:

  • Consent, where required (for example, optional marketing communications where applicable)
  • Performance of a contract (providing the service you requested)
  • Legitimate interests that are not overridden by your rights (for example, securing our services, understanding aggregate site usage, improving reliability), or
  • Legal obligation

5. Sharing with service providers (“processors”)

We use trusted service providers to run Aurial. They may process personal information only on our instructions and not for their own independent marketing:

  • Vercel — website hosting and privacy-oriented analytics for getaurajournal.com
  • Supabase — database for waitlist records and in-app feedback
  • Resend — outbound transactional email delivery (e.g. waitlist updates) sent from hello@getaurajournal.com
  • Groq — AI inference provider used by the backend AI route, configured for zero retention
  • Apple — App distribution, in-app purchase processing, push notification delivery

We do not sell personal information and do not share personal information for cross-context behavioral advertising as those terms are commonly understood in U.S. state privacy laws.

6. International transfers

We may process information in India, the United States, the European Union, and other countries where our providers operate. Where required, we use appropriate safeguards (such as Standard Contractual Clauses) for transfers of personal data subject to GDPR/UK GDPR.

7. Retention and deletion

7.1 Journal data on your device

Your journal entries remain on your device until you delete them or remove the App (subject to your device backups). We do not maintain a server-side copy of your journal simply because you journaled locally. Settings → Delete All Data wipes all local entries, settings, Deep Dive history, collections, and saved quotes.

7.2 AI prompt and response data

As described in §2.2, AI prompts and responses are not stored on our servers or by our AI provider beyond the moment needed to return your response.

7.3 Data you send us (waitlist, feedback)

We retain information such as waitlist emails, feedback records, and server logs only as long as needed for the purposes described in this policy, unless a longer retention period is required by law.

Deletion requests: Email aurialoffical@gmail.com with “Privacy Request” in the subject. We will verify and respond consistent with applicable law. For App-local data, the fastest way to remove journal content is through in-app deletion (Settings → Delete All Data) and/or deleting the App.

8. Security

We implement reasonable administrative and technical safeguards appropriate to the nature of the services, including encrypted (HTTPS/TLS) transport for all network requests, request signing for AI requests, and platform sandboxing for on-device storage. No method of transmission or storage is completely secure. You can further protect yourself by enabling device passcodes/biometrics offered by the App and your operating system.

9. Your rights

Depending on where you live, you may have rights to access, correct, delete, port, or object to certain processing, and/or to withdraw consent where processing is consent-based.

To exercise rights, contact aurialoffical@gmail.com. You may also have the right to lodge a complaint with your local supervisory authority.

10. California Privacy Rights (CCPA / CPRA)

If you are a California resident, California law may provide you with additional rights regarding personal information.

Categories of personal information we may collect (depending on your use of the App and website) include:

  • Identifiers (such as email address, if you provide it; install identifier)
  • Internet or other electronic network activity (such as basic website analytics, request timestamps)
  • Commercial information (such as subscription status inferred from app functionality; payments are processed by Apple)
  • User-generated content you voluntarily submit (such as feedback text and AI prompts, the latter not retained)

We do not sell or share personal information for cross-context behavioral advertising. We do not knowingly sell personal information of minors under 16.

California residents may request:

  • Access to certain details about personal information we collect, use, and disclose
  • Deletion of personal information we collected from you (subject to exceptions)
  • Correction of inaccurate personal information

We will not discriminate against you for exercising these rights.

To submit a request, email aurialoffical@gmail.com with “California Privacy Request” in the subject.

11. GDPR / European privacy rights

If GDPR (or UK GDPR) applies to you, you have rights including, where applicable:

  • Access to your personal data
  • Rectification of inaccurate data
  • Erasure (“right to be forgotten”)
  • Restriction of processing
  • Data portability
  • Objection to processing based on legitimate interests
  • Withdrawal of consent at any time (where we rely on consent)
  • Lodge a complaint with a supervisory authority

We do not sell your personal data.

To exercise these rights, contact aurialoffical@gmail.com.

12. Children’s privacy (COPPA alignment)

Aurial is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child under 13 provided us personal information, contact us and we will promptly delete such information where required.

13. Changes to this policy

We may update this policy from time to time. We will post the updated version with a new effective date. If changes are material, we will provide additional notice where appropriate (for example, in-app notice or email for affected users).

14. Contact

Janardan Ayachi — Aurial
Gujarat, India

Privacy / support email (received): aurialoffical@gmail.com
Outbound email address (transactional only): hello@getaurajournal.com
Website: https://www.getaurajournal.com