AuraPost

Legal

PRIVACY POLICY

AuraPost is built to create, save, and deliver digital postcards. This policy explains what we collect, why we collect it, how we use it, and the choices you have.

Last updated: March 18, 2026

1. Summary

We use your data only to operate AuraPost: to create postcards, save postcard history, authenticate your account, and send delivery-related emails.

We do not sell your personal data. We do not use your photos, messages, or postcard content for advertising, unrelated profiling, or unrelated marketing purposes.

We do not use your uploaded content to train AI models for generalized use.

2. Information We Collect

Depending on how you use AuraPost, we may collect and process:

  • Uploaded photos and transformed postcard images.
  • Postcard content, including message, sender name, and receiver name.
  • Sender and receiver email addresses.
  • Location selections and routing-related metadata you choose in the product.
  • Account information associated with sign-up and sign-in.
  • Operational records such as send status, delivery status, and related logs.

3. How We Use Information

We use the information above only to provide and operate AuraPost, including to:

  • Create and display your digital postcard.
  • Send in-transit and delivered postcard emails.
  • Save postcard history to your account when applicable.
  • Authenticate your sign-in and protect account access.
  • Support delivery tracking, service reliability, fraud prevention, and debugging.
  • Respond to support, legal, or deletion requests.

4. What We Do Not Do

We do not:

  • Sell your personal data.
  • Use your postcard content for behavioral advertising.
  • Share your content with data brokers.
  • Use your photos or messages for unrelated commercial purposes.
  • Use your uploads to train general-purpose AI models.

5. Service Providers and Infrastructure

To operate AuraPost, we rely on service providers that process data on our behalf for service delivery. Based on the current product setup, these providers may include:

  • Supabase for database storage, authentication, and related backend services.
  • Resend for transactional email delivery.
  • Hosting and infrastructure providers used to run the web application.

These providers may process data only as needed to provide their services to AuraPost, subject to their own terms and data protection commitments.

6. Data Retention

We retain postcard records, account associations, and delivery logs for as long as reasonably necessary to operate the service, maintain postcard history, investigate abuse, and comply with legal obligations.

Retention periods may vary depending on the type of data, whether you create an account, whether a postcard was sent, and whether we need the data for security, dispute resolution, or legal compliance.

7. Your Choices and Requests

You may contact us to request help with privacy-related matters, including:

  • Requesting deletion of your account data or postcard data.
  • Requesting access to the personal data we hold about you.
  • Requesting correction of inaccurate account information.
  • Asking questions about how your data is used.

8. Data Sharing

We share data only when necessary to operate AuraPost, comply with law, protect the service, or respond to valid legal requests. We do not share personal data for unrelated third-party marketing.

9. Security

We use reasonable administrative, technical, and organizational measures to protect personal information. No method of storage or transmission is completely secure, so we cannot guarantee absolute security.

10. Children's Privacy

AuraPost is not intended for children under 13, and we do not knowingly collect personal information directly from children under 13.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the “Last updated” date on this page. Material changes may also be communicated through the product or by other appropriate means.

12. Contact

For privacy requests, contact info@aurapost.app. If you contact us, please include enough information for us to identify the relevant account or postcard request.