aura.med
Get the app

Last updated: April 2026 (A0b revision)

Privacy Policy

This Privacy Policy explains how Auramedical Tecnologia da Informação Ltda ("Aura Med", "we") handles personal data — including sensitive health data — collected by the iOS application Aura Med and the website aura.med. Aura Med is a health-tech platform regulated by Brazil's CFM, ANVISA and LGPD.

1. Data controller

Legal name
Auramedical Tecnologia da Informação Ltda
CNPJ
58.107.486/0001-41
Address
São Paulo, SP — Brasil
DPO
dpo@aura.med
General support
suporte@aura.med

2. Personal data we collect

We only collect what's necessary to deliver our telemedicine and preventive-care service. Four categories:

a) Account data

Full name, CPF (Brazilian taxpayer ID), date of birth, biological sex, ID document photo (KYC via Didit), selfie. Required for the identity verification mandated by Brazil's Federal Council of Medicine (CFM).

b) Contact data

Email, mobile phone. Used for transactional communications (appointment confirmation, password recovery, payment receipt).

c) Sensitive health data

Detailed in section 3 below. Includes intake, medical record, prescriptions, lab results and wearable metrics (when you authorize them).

d) Navigation data

IP, device model, app/iOS version, technical identifiers for fraud detection (Apple's App Attest). We do not use marketing cookies or third-party trackers in the application.

3. Sensitive health data

As a regulated health application, we process sensitive data per LGPD (Art. 5, II) definition. Categories:

  • Intake and medical record: medical history, symptoms, habits, current medications, allergies, past surgeries. Generated by your use of the application and by consultations with our physicians.
  • Apple HealthKit: metrics you authorize at connection time (heart rate, sleep, activity, weight, optional glucose, optional menstrual cycle). Aura never reads categories you have not explicitly authorized. Revocation is done in iOS Settings > Privacy > Health at any time.
  • Garmin Connect: equivalent metrics via Connect IQ (limited OAuth scopes). Revocable at any time in your Garmin Connect account.
  • Lab results: results you upload to the app (photos taken with the in-app document scanner (camera), or images/PDFs from your photo library) or that integrated lab partners (future) send with your authorization.
  • Consultation content: medical summary (not raw audio), digitally-signed prescriptions and chat messages with your physician.

Access to this data is restricted to you and the physician(s) treating you. Every view is logged in an audit trail.

4. Purpose and LGPD legal basis

We process your data on the basis of LGPD Articles 7 and 11:

  • Express consent (Art. 11, I): for processing health data, wearables integration, optional marketing. Revocable at any time.
  • Contract performance (Art. 7, V): to deliver the medical consultation, process payment, issue prescription.
  • Legal/regulatory obligation (Art. 7, II and Art. 11, II "a"): medical-record retention for 20 years (CFM 1.821/2007), tax documents, compliance with CFM 2.314/2022.
  • Health protection (Art. 11, II "f"): use of assistive AI (Aura+) to support the physician's clinical decision.

5. Sharing with third parties (data processors)

We share strictly necessary data with the following processors. Each one has a Data Processing Agreement (DPA) preventing use for any other purpose:

Supabase

Privacy policy ↗

Medical-record database, authentication and clinical-file storage.

Jurisdiction: EUA / União Europeia

Stripe

Privacy policy ↗

Payment processing for one-off consultations (first consultation + re-evaluations). Aura never stores your card.

Jurisdiction: Estados Unidos (operação global; entidade Brasil)

Apple In-App Purchase

Privacy policy ↗

Aura+ subscription processing and auto-renewal (R$ 39.90/mo). Charges appear as an Apple line item on your card statement. Subscription management is handled entirely by Apple (Settings > Apple ID > Subscriptions).

Jurisdiction: Apple Inc. (EUA / Brasil)

Apple HealthKit

Privacy policy ↗

Optional sync of wearable metrics (heart rate, sleep, activity) you authorize.

Jurisdiction: Apple Inc. (EUA / Brasil)

Garmin Connect

Privacy policy ↗

Optional sync of Garmin device metrics via Connect IQ.

Jurisdiction: Estados Unidos

Agora.io

Privacy policy ↗

Real-time video for the telemedicine consultation required by CFM 2.314/2022.

Jurisdiction: Brasil (data residency Agora SD-RTN BR)

Anthropic Claude

Privacy policy ↗

Language model powering Aura+ (assistive AI). Accessed via Aura authenticated proxy — your data does not train the model.

Jurisdiction: Estados Unidos

Resend

Privacy policy ↗

Transactional emails (signup confirmation, consultation receipt, password recovery).

Jurisdiction: Estados Unidos

Render

Privacy policy ↗

Hosting for the application server (API) that connects the iOS app to other services.

Jurisdiction: Estados Unidos

We do not sell your data. We do not share it with advertisers or marketing intermediaries. We do not use your data to train third-party AI models.

6. International data transfer

Some processors listed in section 5 are headquartered outside Brazil (mostly in the US). The transfer follows LGPD Art. 33 via standard contractual clauses and processor-specific guarantees (SOC 2, ISO 27001 where applicable).

The medical-record server (Supabase) runs on infrastructure with configurable residency; the telemedicine video (Agora.io) uses Brazil data residency to comply with CFM 2.314/2022.

7. Data retention

We apply the following retention matrix:

Intake and medical record
20 years (CFM Resolution 1.821/2007)
Prescriptions and reports
20 years (same basis)
Wearable metrics
5 years rolling (most recent)
Clinical chat messages
20 years (part of the medical record)
Navigation and security logs
12 months
Access audit logs
5 years
Financial data (invoice, receipt)
5 years (Brazilian tax law)

After the retention period, data is securely deleted or irreversibly anonymized for statistical research.

8. Technical security

Technical and organizational measures we apply:

  • • Encryption in transit (TLS 1.3) with certificate pinning in the iOS app to prevent man-in-the-middle interception.
  • • Encryption at rest in the Postgres database on Supabase (AES-256).
  • • Row-level security — you can only read/write your own data; physicians can only access patient data during an active consultation.
  • • Apple's App Attest to verify device authenticity before any sensitive request.
  • • Short-lived authentication tokens (JWT) with automatic rotation.
  • • MFA mandatory for the administrative team and physicians.
  • • Immutable audit logs — every view of the medical record is recorded with timestamp, user and IP.

9. Your LGPD rights and how to delete your data

You have all LGPD Article 18 rights: confirmation, access, correction, anonymization, portability, deletion, consent revocation and information about sharing.

How to delete your account and data

The fastest way is directly in the app:

  1. Open the Aura Med app on your iPhone.
  2. Tap the You tab.
  3. Tap Account, then Delete account.
  4. Confirm with Face ID/Touch ID.

Deletion immediately removes your account data, settings and wearable metrics. The medical record (intake, consultations, prescriptions) remains archived for the 20 years required by CFM 1.821/2007 — after which it is automatically deleted. During that period, access is restricted to you (on request for a copy) and to competent authorities in case of legal proceedings.

If you can't access the app

Email dpo@aura.med. Response within 5 business days.

Other rights

To access, correct, port or anonymize your data, or to revoke consent for specific integrations (Apple HealthKit, Garmin), use the same DPO email. We do not charge a fee.

10. Apple Privacy Labels and changes

Our App Privacy declarations on App Store Connect faithfully reflect what is described above. Declared categories:

  • Health & Fitness: wearables and medical-record data.
  • Contact Info: full name, email, phone (account).
  • Identifiers: internal user ID, App Attest device ID.
  • Diagnostics: technical crash reports for bug fixing and anonymized performance metrics.
  • User Content: intake, clinical chat messages.
  • Photos or Videos: ID document and selfie photos for KYC verification (via Didit); photos of lab results you upload via the in-app document scanner (camera) or the photo library.

We do not declare: Browsing History, Search History, precise Location, Sensitive Info beyond the health scope, cross-app Tracking. Aura never invokes Apple'sApp Tracking Transparency prompt (we don't ask for tracking permission because we don't track).

Policy changes

Material updates (purpose change, new processor, new data type) are communicated in the application 30 days in advance and require new consent. Editorial updates or minor corrections are published here without individual notification.

Contact

DPO: dpo@aura.med
Support: suporte@aura.med

You may also file a complaint directly with the Brazilian Data Protection Authority (ANPD) at www.gov.br/anpd.