Privacy Policy

At AURA, we are committed to protecting your privacy and the privacy of children who use our services. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website and use our AI-powered autism therapy platform.

1. Information We Collect

1.1 Information You Provide

• Waitlist Registration: Email address and user type (Parent/Caregiver, Therapist/Clinician, or Educator/School)
• Account Information: Name, email, password, and profile information when you create an account
• Child Profile Data: Information about children using the platform, including age, therapy goals, and progress data (when the product launches)
• Communication Data: Messages, feedback, and support requests you send to us

1.2 Automatically Collected Information

• Usage Data: Information about how you interact with our website and services
• Analytics Data: We use Google Tag Manager to collect analytics information about website usage, including pages visited, time spent, and user interactions
• Device Information: Browser type, operating system, IP address, and device identifiers
• Cookies and Similar Technologies: We use cookies to enhance your experience and analyze website performance

1.3 Therapeutic Data (When Product Launches)

• Facial Expression Data: We analyze facial expressions for emotion recognition training. Important: No images are stored. Only anonymized data points are retained for therapeutic progress tracking
• Speech and Audio Data: Voice recordings for speech training and conversation practice
• Progress and Performance Data: Therapy session data, skill assessments, and learning progress
• AI Interaction Data: Conversations and interactions with our AI-powered tools

2. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve our therapy platform and services
• Personalize therapeutic experiences and track individual progress
• Send you updates, notifications, and information about AURA (you can opt out anytime)
• Respond to your inquiries and provide customer support
• Analyze usage patterns and improve our AI models and therapeutic approaches
• Ensure platform security and prevent fraud or abuse
• Comply with legal obligations and protect rights and safety
• Conduct research to advance autism therapy methodologies (with appropriate consent and anonymization)

4. How We Share Your Information

We do not sell your personal information. We may share information with:

4.1 Service Providers

• Clerk: Authentication and user management services
• OpenAI: AI models for conversation, image generation, and vision capabilities
• Google Tag Manager: Analytics and website performance tracking
• Cloud Infrastructure: Hosting and data storage providers

All service providers are bound by confidentiality agreements and are only permitted to use your information to provide services to AURA.

4.2 Healthcare Providers and Therapists

With your explicit consent, we may share therapeutic progress data with your child's healthcare providers, therapists, or educational institutions to support coordinated care.

4.3 Legal Requirements

We may disclose information when required by law or to protect the rights, safety, or security of AURA, our users, or others.

5. HIPAA and FERPA Compliance

5.1 HIPAA Compliance (Healthcare Settings)

For institutional users in healthcare settings, AURA offers HIPAA-compliant features:

• Business Associate Agreements (BAA) available upon request
• Encryption of protected health information (PHI) in transit and at rest
• Access controls and audit logs
• Secure data storage and transmission protocols

5.2 FERPA Compliance (Educational Settings)

For schools and educational institutions, AURA complies with the Family Educational Rights and Privacy Act (FERPA), protecting the privacy of student education records.

6. Data Security

We implement industry-standard security measures to protect your information:

• Encryption: All data is encrypted in transit (TLS/SSL) and at rest
• Access Controls: Strict role-based access controls limit who can access sensitive data
• No Image Storage: Facial expression analysis is performed in real-time without storing images
• Regular Audits: Security assessments and vulnerability testing
• Secure Infrastructure: Data stored on secure, compliant cloud infrastructure
• Employee Training: All staff are trained on data privacy and security best practices

While we strive to protect your information, no security system is impenetrable. We cannot guarantee absolute security but will notify you promptly in the event of any data breach affecting your information.

7. Data Retention

We retain your information for as long as necessary to:

• Provide our services and maintain your account
• Track therapeutic progress over time
• Comply with legal and regulatory requirements
• Resolve disputes and enforce our agreements

You may request deletion of your data at any time. Upon account deletion, we will delete or anonymize your personal information within 30 days, except where retention is required by law.

8. Your Privacy Rights

Depending on your location, you may have the following rights:

• Access: Request a copy of the personal information we hold about you
• Correction: Request correction of inaccurate or incomplete information
• Deletion: Request deletion of your personal information
• Portability: Request a copy of your data in a portable format
• Opt-Out: Unsubscribe from marketing emails (we respect your privacy - no spam)
• Restrict Processing: Request limitation on how we use your data
• Object: Object to certain uses of your information

To exercise these rights, please contact us at privacy@aura-therapy.com

9. International Users

AURA is based in the United States. If you are accessing our services from outside the U.S., please be aware that your information may be transferred to, stored, and processed in the United States or other countries where our service providers operate. We implement appropriate safeguards to protect your information in accordance with this Privacy Policy and applicable laws.

10. Third-Party Links

Our website may contain links to third-party websites. We are not responsible for the privacy practices of these external sites. We encourage you to review the privacy policies of any third-party sites you visit.

11. Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience, analyze usage, and improve our services. Types of cookies we use:

• Essential Cookies: Required for website functionality and authentication
• Analytics Cookies: Help us understand how visitors use our website (Google Tag Manager)
• Preference Cookies: Remember your settings and preferences

You can control cookies through your browser settings. Note that disabling cookies may affect website functionality.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of significant changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. We encourage you to review this Privacy Policy periodically.