Privacy Policy

AuraBar is operated by Blendhouse Holdings, Inc., a Delaware corporation ("we," "us," or "our"). We built AuraBar on a simple principle: your wellness data belongs to you. This policy explains what we collect, why we collect it, how we protect it, and how you stay in control.

1. Information We Collect

Information you provide directly

• Account & contact details — name, email address, phone number, and any profile information you add to your AuraID.
• Glow Score quiz responses — wellness goals, lifestyle habits, energy patterns, dietary preferences, and other inputs you share when taking our quiz.
• Purchase history — blends ordered, visit frequency, and payment information (processed by our third-party payment provider; we do not store full card numbers).
• Communications — messages you send us via email, chat, or social media.

Information from connected devices (only when you opt in)

• Wearable data — if you choose to connect Apple Health, Oura, WHOOP, or other supported platforms, we receive the specific metrics you authorize (e.g., sleep, heart-rate variability, activity). You can disconnect at any time.

Information collected automatically

• In-store visit data — when you scan your AuraBar QR code at one of our retail locations, we record the time, location, the drink/blend ordered, and the supplements it contained.
• Usage data — pages visited, features used, session duration, and general interaction patterns within our website and app.
• Device & browser data — device type, operating system, browser type, IP address, and approximate location (city level).
• Cookies & similar technologies — we use essential cookies to keep the site functioning and optional analytics cookies to understand how people use our platform. You can manage cookie preferences at any time.

2. How We Use Your Information

• Calculate and refine your Glow Score and personalized blend recommendations.
• Process orders and manage your account.
• Send transactional communications (order confirmations, score updates) and, with your consent, marketing messages you can unsubscribe from at any time.
• Improve our products, formulations, and platform experience through aggregated, de-identified analytics.
• Process in-store orders by charging the payment method on file when you scan your QR code at the bar.
• Send push notifications you've opted into — daily check-in reminders, streak protection, score milestones, and order updates.
• Generate aggregated, de-identified insights for our retail merchandising decisions.
• Comply with legal obligations.

3. What We Never Do

• We never sell your personal data.
• We never share identifiable health or wellness data with advertisers.
• We never use your data to deny you services or discriminate in any way.

4. When We Share Information

We share personal information only in these limited circumstances:

• Service providers — companies that help us operate, bound by contract to use your data only on our behalf. These include:
  • Payment processing: Stripe
  • SMS authentication and notifications: Supabase / Twilio
  • Push notification delivery: Expo and Apple Push Notification service
  • Database hosting: Supabase (data resides in US)
• With your consent — for example, if you choose to share your Glow Score in a Glow Circle or on social media.
• Legal requirements — if required by law, regulation, or valid legal process.
• Business transfers — in connection with a merger, acquisition, or sale of assets, with advance notice to you.

Aggregated Marketing Insights for Partners

We may share aggregated, de-identified data (e.g., "users who purchase Rise Up blends are most active in the morning") with select partner brands so they can advertise products that may benefit you. Partner brands never receive your name, email, phone, or any data that could identify you, unless you separately and explicitly opt in to receive offers from a specific partner. You may opt out of all aggregated-data sharing at any time in Profile → Privacy & Marketing.

5. Your Rights & Choices

Regardless of where you live, we extend these rights to every AuraBar user:

• Access — request a copy of the personal data we hold about you.
• Correction — update or correct inaccurate information.
• Deletion — ask us to delete your account and associated data.
• Portability — receive your data in a commonly used, machine-readable format.
• Opt out — unsubscribe from marketing emails, disconnect wearable integrations, or disable optional cookies at any time.
• Withdraw consent — where we rely on consent, you can withdraw it at any time without affecting prior processing.
• Delete in-app — you can permanently delete your account and all associated data directly from the app at Profile → Delete Account. Deletion is immediate and irreversible.

To exercise any of these rights, contact us at privacy@aurabar.io. We respond within 30 days.

6. Data Retention

We keep your data only as long as your account is active or as needed to provide our services. If you delete your account, we remove your personal data within 30 days, except where retention is required by law (e.g., financial transaction records).

7. Security

We use industry-standard measures to protect your data, including encryption in transit (TLS) and at rest, access controls, and regular security reviews. No system is perfectly secure, but we treat the protection of your wellness data as a core responsibility.

• Card numbers are never stored on AuraBar servers; payment data is tokenized by Stripe and held in their PCI-DSS Level 1 environment.
• QR scan tokens used in-store rotate every 5 minutes and can only be used once.
• Friends connected via Glow Circles can see your display name and Glow Score but never your email, phone, or payment information.

8. Children's Privacy

AuraBar is not intended for anyone under 16 years of age. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us and we will promptly delete it.

Users between the ages of 13 and 17 may use AuraBar only with verifiable parental consent. Account creation requires confirming you are 16 or older.

9. State-Specific Rights

California (CCPA/CPRA): California residents may request disclosure of the categories and specific pieces of personal information collected, request deletion, and opt out of any "sale" or "sharing" of personal information. We do not sell personal information. To make a request, email privacy@aurabar.io.

Residents of other U.S. states with consumer privacy laws (Colorado, Connecticut, Virginia, and others) have similar rights as described in Section 5.

10. Changes to This Policy

We may update this policy from time to time. When we do, we will revise the effective date at the top. For material changes, we will notify you via email or a prominent notice on our website before the changes take effect.