Privacy Policy

Last updated: April 2026

This document explains what information Aura by Afrilingua AI ("Aura", "we") collects, how we use it, and the controls you have over it. It applies to all Aura surfaces — mobile, web, desktop, browser companion, VS Code extension, sandbox VM, and Gist (the social surface).

1. What We Collect

Account information

Your email address and Google profile data (name, avatar) when you sign in.
Your Gist handle (@you.afrilingua.ai) and the associated portable identity ID, if you set up your Gist profile.

Connected services

When you connect a service (Google Calendar, Gmail, GitHub, Plaid, Spotify, Home Assistant, Slack, Microsoft Teams, etc.) Aura stores the access tokens and refresh tokens needed to call that service on your behalf. All tokens are encrypted at rest with Fernet symmetric encryption.

Personal context

Aura builds a personal knowledge graph from the information you connect or share. This may include calendar events, emails, messages, contacts, files, locations, browsing context (when you opt in via the Aura Companion browser extension), health metrics (when you opt in on iOS), and the conversations you have with the assistant.

Usage telemetry

We log request IDs, tool names, durations, error types, and a truncated user identifier. We do not log message bodies, email contents, contact details, or other personally-identifying content in our application logs.

2. How We Use It

To run the assistant: retrieve context, call your connected services, render results.
To improve your personal Aura: build memory, detect patterns, surface what matters.
To operate the service: monitoring, abuse prevention, billing, customer support.

We do not sell your personal data, share it with advertisers, or use it to train foundation models without your explicit, separate consent.

3. Where Your Data Lives

Personal graph: a per-user FalkorDB graph isolated by your account ID. No query crosses user boundaries.
Files: Google Cloud Storage in the same region as the rest of your account.
Gist: records on a portable identity host. Movable to any compatible host on the open social network.
Aura Code sandbox: ephemeral container; destroyed when the sandbox stops.

Primary region: us-central1 on Google Cloud. Gist and other infrastructure may run in additional regions as we expand.

4. Third Parties

To deliver the product we use carefully chosen processors, including:

Model providers — Google Vertex AI (Gemini), and any provider you bring via Bring Your Own Key (Anthropic, OpenAI). Conversation content is sent to the provider you have configured.
Voice providers — Deepgram (STT), ElevenLabs (TTS), or any provider you configure via BYOK.
Service providers — Google Cloud Run, Google Cloud Storage, FalkorDB, Stripe, Plaid, Flutterwave.

You can swap most providers via Bring Your Own Key — your traffic then flows under your accounts.

5. Your Rights

Export — request a full export of your personal graph and connected data.
Delete — delete your account and we remove your graph, your tokens, and your Gist identity records.
Disconnect — revoke any connected service at any time. We delete the tokens immediately.
Inspect — Aura is built so you can see everything it knows about you. There is no hidden profile.

6. Children

Aura is not intended for children under 13 (or under 16 in jurisdictions where that's the relevant threshold). Do not create an account if you are under that age.

7. Changes

We will update this page when our practices change. Material changes will be announced in-product before they take effect.

8. Contact

Questions, requests, complaints: taiwo.raji@afrilingua.ai.