Privacy Policy — AuraFlow

1. Information We Collect

AuraFlow collects minimal data necessary to provide our service. Here is a breakdown of the data we collect:

Data Type	Details
Google Account Info	Email address, display name, and profile picture — obtained via Google OAuth 2.0 sign-in.
Usage Metrics	Number of generations, engine used, subscription tier, and token counts — used for rate limiting and analytics.
Generated Plugin Data	Plugin code generated during a session. This data is not stored permanently and exists only for the duration of your active session.

2. Authentication

AuraFlow uses Google OAuth 2.0 for authentication. We do not create or manage passwords. When you sign in with Google, we receive a limited-access token and your basic profile information. We do not access your Google Drive, Gmail, contacts, or any other Google services.

3. Payment Processing

Subscription payments are processed entirely by Polar.sh, our third-party payment provider. AuraFlow does not store, process, or have access to your credit card numbers, bank account details, or other payment credentials. All payment data is handled securely by Polar.sh in accordance with their own privacy policy.

4. Cookies & Local Storage

AuraFlow uses localStorage exclusively for storing session authentication tokens. We do not use tracking cookies, analytics cookies, or any third-party cookie-based services. No cookie consent banner is required because we do not set any cookies for tracking or advertising purposes.

5. Third-Party Tracking & Advertising

AuraFlow does not:

Use any third-party tracking scripts (Google Analytics, Meta Pixel, etc.).
Display advertisements of any kind.
Sell, trade, or share your personal data with advertisers or data brokers.
Participate in any ad retargeting networks.

6. Data Retention

Your account data (email, name, subscription status) is retained for as long as your account remains active. Generated plugin code is transient and is not stored beyond your active session. If you request account deletion, all associated data will be permanently removed within 30 days.

7. GDPR Compliance

If you are located in the European Economic Area (EEA), you have the following rights under the General Data Protection Regulation (GDPR):

Right to Access — You may request a copy of the personal data we hold about you.
Right to Rectification — You may request correction of inaccurate data.
Right to Erasure — You may request deletion of your personal data ("right to be forgotten").
Right to Data Portability — You may request your data in a structured, machine-readable format.
Right to Restrict Processing — You may request that we limit how we use your data.

To exercise any of these rights, please contact us at [email protected]. We will respond to all requests within 30 days.

8. Data Security

We take reasonable measures to protect your data, including:

HTTPS encryption for all data in transit.
Secure token-based authentication (no passwords stored).
Infrastructure hosted on Cloudflare Workers and Google Cloud Run with industry-standard security practices.

9. Children's Privacy

AuraFlow is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal data, please contact us and we will promptly delete it.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated revision date. Continued use of AuraFlow after changes are posted constitutes acceptance of the revised policy.

11. Contact

For questions, concerns, or data requests related to this Privacy Policy, please contact us at:

[email protected]