← Back

✦ Aura · Legal

Privacy Policy

Last Updated: 26 April 2026

1. Introduction

This Privacy Policy explains how Ink & Ivy Marketing Private Limited (“Aura,” “we,” “us,” or “our”), the entity operating the platform available at https://www.theauralabs.ai and its associated mobile experiences (collectively, the “Platform”), collects, uses, stores, shares, and protects your personal data when you use our AI-powered personal styling and grooming services.

By accessing or using the Platform, you agree to this Privacy Policy. If you do not agree, please do not use the Platform.

We are committed to compliance with the Digital Personal Data Protection Act, 2023 (India), the Information Technology Act, 2000 read with the SPDI Rules, 2011, the EU General Data Protection Regulation (GDPR) and UK GDPR for users in those jurisdictions, and all other applicable data protection laws.

2. Data Controller / Data Fiduciary

For the purposes of the GDPR and UK GDPR, the data controller is, and for the purposes of the DPDP Act, 2023, the data fiduciary is:

Ink & Ivy Marketing Private Limited

CIN: U73100HR2024PTC118970

Registered Office: Gurugram, Haryana, India

Email: hello@theauralabs.ai

3. Information We Collect

3.1 Information you provide directly

  • Account information: name, email address, phone number (if provided), password (stored as a one-way hash), gender selection, age range, and authentication identifiers from third-party login providers.
  • Profile and preferences: style preferences, occasion choices, occupation context, and other inputs you provide during onboarding or use.
  • Photos and images you upload: face photos, body photos, hair photos, and outfit photos that you submit to receive AI-generated styling, grooming, and try-on outputs (“User Photos”).
  • Communications: messages you send to our support team, including any attachments.

3.2 Information generated through your use

  • AI-generated outputs: styling recommendations, virtual try-on images, look variations, and other content generated by our AI systems based on your inputs.
  • Usage data: features accessed, generations performed, time spent, click patterns, and in-app navigation.
  • Reward data: XP earned, redemption history, and partner interaction logs.

3.3 Information collected automatically

  • Device and technical data: IP address, device type, operating system, browser type and version, device identifiers, language preference, and approximate location derived from IP.
  • Cookies and similar technologies: session cookies, authentication tokens, and analytics identifiers. See Section 11.

3.4 Information from third parties

  • Authentication providers: if you sign in via Google or another OAuth provider, we receive basic profile information (name, email, profile picture) as authorized by that provider.
  • Payment processors: transaction status and metadata. We do not receive or store full card numbers, CVV, or banking credentials.

4. Sensitive Personal Data — Photos and Biometric-Related Inputs

User Photos are central to the Aura experience. We treat them with heightened care.

  • We use User Photos solely to (a) generate the styling, grooming, and try-on outputs you request, (b) improve the quality of your personal results within your account, and (c) detect abuse or violations of our Terms.
  • User Photos are processed by our AI service providers (see Section 6) for the limited purpose of generating outputs. These providers are bound by contractual confidentiality and data processing obligations.
  • We do not use User Photos to identify you in any external database, sell them to third parties, share them with advertisers, or use them to train publicly released AI models.
  • Under GDPR / UK GDPR, where User Photos amount to special category data, we rely on your explicit consent (Article 9(2)(a)) given when you upload a photo. You may withdraw consent at any time by deleting the photo or your account.
  • Under the DPDP Act, 2023, your photos are processed on the basis of your consent given at the point of upload, and you retain the rights set out in Section 9 below.

5. How We Use Your Information

We use your data to:

  1. Provide, operate, and maintain the Platform and the AI features you request.
  2. Generate, deliver, and store your styling, grooming, try-on, and look outputs.
  3. Manage your account, subscription tier, billing, renewals, and rewards.
  4. Communicate with you about your account, service changes, security alerts, and support requests.
  5. Send you product updates and marketing messages (only where you have opted in or where lawful under applicable marketing rules; you can opt out at any time).
  6. Detect, investigate, and prevent fraud, abuse, security incidents, and violations of our Terms.
  7. Comply with legal obligations, respond to lawful requests from public authorities, and enforce our agreements.
  8. Conduct internal analytics, debugging, and quality improvement using aggregated or de-identified data wherever feasible.

6. Service Providers and Sharing

We share personal data only with the following categories of recipients, and only to the extent necessary:

  • AI model providers that process inputs to generate outputs you request, including Anthropic (Claude API) and Google (Gemini API). Inputs sent to these providers are governed by their respective enterprise/API data terms, which restrict use of inputs for model training.
  • Cloud and infrastructure providers including Supabase (database, authentication, storage) and Vercel (application hosting and analytics).
  • Payment processors that handle subscription transactions on our behalf.
  • Communication and support tools used to respond to your queries.
  • Reward redemption partners when you choose to redeem XP for a partner offer; in this case we share only the minimum information required to fulfill the redemption (such as a redemption code or your declared preference).
  • Professional advisors (legal, accounting, audit) under confidentiality obligations.
  • Authorities where required by law, court order, or to protect our rights, users, or the public.
  • Successors in the event of a merger, acquisition, restructuring, or sale of assets, subject to equivalent privacy protections.

We do not sell your personal data.

7. International Data Transfers

The Platform is operated from India and may be accessed globally. Your data may be transferred to, and processed in, jurisdictions outside your country of residence, including the United States and other countries where our service providers operate.

For users in the European Economic Area or the United Kingdom, where we transfer personal data outside the EEA or the UK, we rely on appropriate safeguards such as the EU Standard Contractual Clauses or the UK International Data Transfer Addendum, and we take reasonable steps to ensure equivalent protection.

8. Data Retention

  • Account data: retained while your account is active and for up to 24 months after account deletion, unless a longer period is required by law (for example, tax or accounting records).
  • User Photos: retained while associated with your account or until you delete them, whichever is earlier. Deleted photos are removed from active systems within 30 days; encrypted backups may persist for up to 90 days before being overwritten.
  • AI-generated outputs: retained for the same duration as the inputs they were generated from, unless you delete them earlier.
  • Payment and transaction records: retained for at least 8 years to meet statutory accounting and tax obligations under Indian law.
  • Logs and security records: retained for up to 12 months.

9. Your Rights

Subject to applicable law, you have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate or incomplete data.
  • Delete your data and your account (“right to erasure”).
  • Restrict or object to certain processing.
  • Data portability — receive a copy of your data in a structured, commonly used format.
  • Withdraw consent at any time, where processing is based on consent.
  • Nominate a person to exercise rights on your behalf in the event of death or incapacity (DPDP Act).
  • Lodge a complaint with a supervisory authority — for India, the Data Protection Board; for the EU, your local Data Protection Authority; for the UK, the Information Commissioner’s Office (ICO).

To exercise any of these rights, write to us at hello@theauralabs.ai. We will respond within the timelines required by applicable law (typically within 30 days).

10. Grievance Officer (India)

In accordance with the Information Technology Act, 2000 and the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, the contact details of our Grievance Officer are:

Grievance Officer

Ink & Ivy Marketing Private Limited

Email: hello@theauralabs.ai

Phone: +91-7303300107

Address: Gurugram, Haryana, India

Hours: Monday to Friday, 10:00 AM to 6:00 PM IST (excluding public holidays)

The Grievance Officer will acknowledge your complaint within 24 hours and resolve it within 15 days from the date of receipt.

11. Cookies and Tracking

We use cookies and similar technologies to keep you signed in, remember your preferences, secure the Platform, and measure performance. You can control cookies through your browser settings, but disabling them may affect functionality such as authentication.

We do not use cookies for cross-site advertising.

12. Children’s Privacy

The Platform is intended for users aged 18 years or older. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us at hello@theauralabs.ai and we will take steps to delete it.

For users in the EU/UK who are between 13 and 18, additional parental consent requirements may apply under local law; we currently do not direct the service to such users.

13. Security

We implement reasonable administrative, technical, and physical safeguards designed to protect your information, including encryption in transit (TLS), encryption at rest for sensitive fields, access controls, and routine security reviews. No system is perfectly secure, however, and we cannot guarantee absolute security. You are responsible for keeping your account credentials confidential.

14. Changes to this Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email or through the Platform and update the “Last Updated” date above. Continued use of the Platform after changes take effect constitutes acceptance of the updated Policy.

15. Contact Us

For any questions about this Privacy Policy or our data practices:

Email: hello@theauralabs.ai

Phone: +91-7303300107

Address: Ink & Ivy Marketing Private Limited, Gurugram, Haryana, India

CIN: U73100HR2024PTC118970