Skip to main content

Privacy Policy

Your data. Your trust.

We value your privacy at AURA Fem Health. This policy explains how we collect, use, and safeguard your personal information in compliance with global regulations.

By using our services, you consent to our privacy practices. Please read this policy carefully.

1) Who we are & contact

Data Controller: AURA Fem Health Pte. Ltd., 2 Venture Drive, 608526, Singapore

Email (privacy/data rights): solutions@aurafemhealth.com

Email (support): solutions@aurafemhealth.com

If you are in the EEA/UK, AURA acts as a data controller for your personal data. We may appoint an EU/UK representative where required.

2) Scope

This Policy covers personal data processed when you:

  • browse our website or use the AURA app;
  • create an account, complete assessments, receive a Personalized Plan;
  • join programs (self-paced, coach-supported, group circles);
  • attend events (webinars/workshops);
  • message or book practitioners;
  • receive emails, nudges, reminders, or participate in research/feedback.

3) The data we collect

We collect personal data that you provide directly, data generated by your use, and limited data from third parties.

a) Data you provide

  • Account & identity: name, email, passwordless login details (magic link/OTP), profile photo (optional), timezone/language.
  • Assessment & plan inputs: symptoms, goals, wellness history, lifestyle info, preferences; optional files you upload (e.g., prior labs).
  • Program & event data: registrations, questions, chat submissions, feedback forms.
  • Messages & notes: in-app messages with practitioners, check-ins, journal entries.
  • Transactions: purchases, billing details (handled by payment processors), receipts.
  • Support requests: content of emails/chats with Support.

b) Data we generate/observe

  • Personalized outputs: your Personalized Letter, root-cause map, Daily Flow, recommendations.
  • Engagement & usage: app/web interactions, reminders sent, feature usage, completion metrics.
  • Device & log data: IP address, device type, OS/browser, app version, crash/diagnostic logs, device or installation IDs (e.g., push token, analytics instance ID).
  • Cookies & similar tech: pixels, local storage, and SDK events (see Cookies section).

c) Data from third parties (limited)

  • Payments: status/metadata from payment providers (e.g., Stripe).
  • Scheduling/Video: meeting links/status from Calendly/Zoom (or similar).
  • Attribution/Deep links: referral source from Firebase/Branch (or similar).

We do not buy third-party marketing lists.

Sensitive data (health/wellbeing):

When you enter symptoms or wellness history, you provide sensitive data. We process this only with your explicit consent to deliver your plan and care features.

4) How we use your data (purposes & legal bases)

We process personal data for:

Service delivery

Create your account; generate your plan; run programs/events; bookings; reminders; in-app messaging; customer support.

Legal bases: Contract (to provide the service), Consent (for sensitive data/features), Legitimate Interests (to run a secure, reliable service).

Recommendations

Show recommended practitioners and programs using fuzzy-logic matching of your assessment patterns to provider/program metadata.

Legal bases: Consent (for health data), Legitimate Interests (feature relevance).

No ads profiling: We do not use your health data for advertising.

Analytics & improvement

Aggregate/anonymous analysis of usage and outcomes; A/B tests; crash diagnostics.

Legal bases: Legitimate Interests; Consent where required (e.g., non-essential cookies).

Communications

Transactional emails (confirmations, reminders, receipts), service notices, security alerts.

Legal bases: Contract, Legitimate Interests.

Marketing emails only with Consent (you can opt out anytime).

Payments & fraud prevention

Process payments; prevent misuse; enforce policies.

Legal bases: Contract, Legitimate Interests, Legal Obligation.

Legal compliance

Respond to lawful requests, regulatory requirements, enforce terms.

Legal bases: Legal Obligation.

5) Cookies, SDKs & pixels

We use cookies and SDKs to operate and improve the Platform. Categories:

  • Strictly necessary (login/session, security).
  • Functional (preferences, timezone).
  • Analytics (e.g., GA4, privacy-safe configuration).
  • Marketing/attribution (e.g., Meta Pixel, Firebase/Branch for deep links).

You can manage preferences via our Cookie Banner/Settings and your device settings. Some features require essential cookies.

6) Sharing your data

We share data only with:

  • Processors who help us deliver the service (hosting, cloud infrastructure, email/SMS, payments, scheduling, video, analytics, support). Examples include: Stripe (payments), Calendly (scheduling), Zoom (video), SendGrid/SES (emails), Firebase/Branch (deep links/notifications), Sanity/Contentful (CMS), GA4 (analytics).
  • Practitioners you choose to work with (access is logged and consented).
  • Event co-hosts where clearly disclosed at registration.
  • Legal authorities where required by law or to protect rights/safety.

We do not sell your personal data. We do not allow third parties to use your health data for ads.

7) International transfers

We may process/store data in Singapore and other countries where we or our processors operate. Where required, we use safeguards (e.g., SCCs under GDPR) to protect your data across borders.

8) Retention

We keep data only as long as needed to provide the service and for legitimate business/legal purposes, then delete or anonymize it. Typical guidelines:

  • Account & plan data: while account is active and for a reasonable period after closure (e.g., 12–24 months) unless you request earlier deletion where applicable.
  • Transactions: 7 years (tax/audit).
  • Support tickets: up to 24 months.
  • Events/program chat: per program/event lifecycle, then archived/anonymized.

9) Your rights

Depending on your location (PDPA/GDPR and similar), you may have rights to:

  • Access your data;
  • Correct inaccurate data;
  • Delete your data (subject to legal holds);
  • Restrict or object to certain processing;
  • Data portability;
  • Withdraw consent at any time (this doesn't affect prior processing).

To exercise rights, contact solutions@aurafemhealth.com. We may need to verify your identity. We will respond within 30 days (or the statutory period). You can also contact your local data protection authority.

10) Children

The Platform is for users 18+. We do not knowingly collect personal data from children. If you believe a child has provided data, contact us to delete it.

11) Security

We use administrative, technical, and organizational safeguards, including encryption in transit, role-based access, audit logs, and least-privilege access. No method is 100% secure; please use strong, unique credentials and keep them confidential.

Incident response: If we detect a data breach that poses risk to you, we will notify you and/or authorities as required by law.

12) Account linkage: web & app

Your website and app access use one shared account. Actions on one surface (e.g., enrollment, bookings, plan updates) may be reflected on the other.

13) Practitioners & your data

If you engage a practitioner:

  • They may view your relevant information (with your explicit consent) to support care;
  • They are independent providers and must comply with AURA's policies and applicable law;
  • Messaging and notes should remain within AURA for privacy.

You can revoke practitioner access by ending your care relationship (subject to legal/clinical retention norms).

14) Events & recordings

Many events are recorded. If you register, you may receive access to a replay for a limited period. We ask participants not to share links publicly. Event chat/Q&A may be visible to co-hosts and used to improve content.

15) Third-party links

Our Platform may link to third-party sites. We are not responsible for their privacy practices. Please review their policies.

16) Changes to this Policy

We may update this Policy from time to time. We will change the "Last Updated" date and, where required, notify you of material changes. Continued use of the Platform means you accept the updated Policy.

17) Region-specific notices

Singapore (PDPA)

You may contact us to withdraw consent, access, or correct personal data. We will seek your consent for new purposes where required.

EEA/UK (GDPR)

Legal bases we rely on include Contract, Consent, Legitimate Interests, Legal Obligation. Where we rely on Legitimate Interests, we balance against your rights and expectations. You have the right to lodge a complaint with your supervisory authority.

California (CCPA/CPRA) – if applicable

We do not "sell" personal information as defined by CCPA. We may "share" limited data for measurement with your consent. You can submit access/deletion requests to solutions@aurafemhealth.com and manage cookie preferences in our banner.

18) Contact us

Questions or requests about this Policy or your data:

AURA Fem Health Pte. Ltd.
Email: solutions@aurafemhealth.com
Address: 2 Venture Drive, 608526, Singapore

For support: solutions@aurafemhealth.com

Questions About Your Privacy?

If you have any questions or concerns about how we handle your data, please don't hesitate to reach out.

Contact Us