About This Policy and Our Identity

This Privacy Policy ("Policy") describes how Aura Beauty App ("Aura", "we", "us", or "our") collects, processes, stores, and protects your personal data when you use our mobile and web application (the "App")..

1. Data Controller

.Company:Company: Aura Beauty App

  • Contact Email: privacy@aurabeautyapp.com
  • Primary Jurisdiction: United Arab Emirates

We are committed to protecting your privacy and ensuring that your personal data is handled in accordance with the UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data ("PDPL") and all applicable implementing regulations issued by the UAE Data Office.

2. Scope and Application

This Policy applies to:

  • All users of the Aura Beauty App, whether accessed via mobile (iOS or Android) or web browser
  • All personal data collected through the App, including data provided directly by you, collected automatically, or obtained through third parties
  • Data collected through facial scanning and skin analysis features
  • Data collected through beauty preference questionnaires, product interactions, and affiliate partner interactions

This Policy does not apply to third-party websites, applications, or services that may be linked from our App. We encourage you to review the privacy policies of any third-party services you visit.

3. Definitions

Personal DataAny information that directly or indirectly identifies a natural person, as defined under Article 1 of the UAE PDPL.

Sensitive Personal DataData relating to racial or ethnic origin, health, biometric data, genetic data, or any other category designated as sensitive under the PDPL.

Biometric DataPersonal data resulting from specific technical processing relating to physical or physiological characteristics that allows unique identification of a person, including facial scan data.

ProcessingAny operation performed on personal data, including collection, storage, use, disclosure, or deletion.

Data ControllerThe entity that determines the purposes and means of processing personal data — in this case, Aura Beauty App.

Data ProcessorA third party that processes personal data on behalf of the Data Controller.

UAE Data OfficeThe competent supervisory authority responsible for overseeing the application of the UAE PDPL.

4. Categories of Personal Data We Collect

4.1 Identity and Account Data

  • Full name
  • Email address
  • Username and password (encrypted)
  • Date of birth and age
  • Gender (optional)
  • Profile photograph (optional, user-uploaded)

4.2 Biometric and Skin Analysis Data Sensitive

Sensitive Data Notice

The following data is classified as Sensitive Personal Data under the UAE PDPL and requires your explicit consent before collection.

  • Facial scan images captured during skin analysis sessions
  • Skin tone and undertone measurements (derived from facial scan)
  • Skin type classification (e.g., oily, dry, combination, normal, sensitive)
  • Identified skin conditions and concerns (e.g., acne, hyperpigmentation, fine lines, redness, dark circles, enlarged pores)
  • Facial feature mapping data for personalised product placement recommendations
  • Skin hydration and texture analysis scores
  • Historical skin analysis records to track progress over time

4.3 Beauty Preferences and Behaviour Data

  • Stated product preferences and brand affinities
  • Skincare and make-up routine information you provide
  • Product ratings, reviews, and feedback
  • Wish lists, saved products, and shopping history
  • Allergy and ingredient sensitivity disclosures
  • Affiliate link click-throughs and purchase referral data

4.4 Device and Technical Data

  • Device type, model, and operating system
  • IP address and approximate geolocation (city-level)
  • App version and usage logs
  • Session duration, screen interactions, and feature engagement
  • Camera access and permissions data

4.5 Communications Data

  • Customer support inquiries and correspondence
  • Feedback, survey responses, and app store reviews
  • Marketing communication preferences and consent records

5. Biometric & Sensitive Data — Special Provisions

Given the nature of our App, we collect and process biometric data and sensitive personal data including facial scans, skin tone, and skin health information. Under the UAE PDPL, such data requires heightened protection.

5.1 Explicit Consent Requirement

We will only collect and process your biometric and sensitive personal data after obtaining your freely given, specific, informed, and unambiguous explicit consent. This consent is collected through a dedicated in-app consent screen presented before your first facial scan. You may withdraw this consent at any time.

5.2 Purpose Limitation

Your biometric and sensitive data will only be used for:

  • Conducting real-time skin analysis to provide personalised beauty and skincare product recommendations
  • Tracking changes in your skin condition over time (only if you enable this feature)
  • Improving the accuracy of our skin analysis AI models (only with your additional, separate consent)
  • Displaying personalised content, tutorials, and offers matched to your skin profile

We will not use your facial scan data for identity verification, advertising profiling unrelated to beauty, or any other purpose without obtaining further explicit consent.

5.3 Data Minimisation

We collect only the minimum biometric data necessary to deliver our services. Facial scan images used for analysis are processed on-device where technically feasible, and only the derived skin analysis outputs (not the raw image) are transmitted to our servers, unless you expressly consent to cloud-based image storage for progress tracking.

5.4 No Sale of Biometric or Sensitive Data

Our Commitment

We do not and will never sell, rent, or trade your biometric data, facial scan images, or derived skin analysis data to any third party for commercial gain.

5.5 Racial and Ethnic Origin Considerations

Skin tone data may be considered indicative of racial or ethnic origin under the PDPL. We treat this data as sensitive data accordingly. Skin tone data is used exclusively for the purpose of matching cosmetic products (such as foundation shades) to your complexion, and is never used to make inferences about your racial or ethnic background for any other purpose.

6. Legal Basis for Processing (UAE PDPL)

We process your personal data only where we have a valid legal basis to do so under the UAE PDPL:

ConsentFor all biometric and sensitive personal data; for marketing communications; and for optional features such as progress tracking. You may withdraw consent at any time without affecting the lawfulness of prior processing.

Contract PerformanceFor processing necessary to provide the core services of the App, including account management, skin analysis, and personalised recommendations.

Legitimate InterestsFor improving App functionality and security, fraud prevention, and aggregated analytics, where such interests are not overridden by your rights and interests.

Legal ObligationWhere processing is necessary for compliance with applicable UAE law, regulatory requirements, or court orders.

7. How We Collect Your Data

7.1 Data You Provide Directly

  • Account registration forms
  • Beauty profile and preference questionnaires
  • Facial scan sessions initiated by you within the App
  • Product reviews, ratings, and user-generated content
  • Customer support interactions
  • Survey participation (optional)

7.2 Data Collected Automatically

  • Device and technical data collected via your device and App usage
  • Usage analytics through first-party analytics tools
  • Cookies and similar tracking technologies (see Section 16)

7.3 Data From Third Parties

  • Affiliate partner networks (such as DCM Network) — purchase and referral tracking data
  • Social media platforms, if you choose to connect your social account to the App
  • App stores (Apple App Store, Google Play) — limited purchase and rating information

8. How We Use Your Data

8.1 Providing Core Services

  • Creating and managing your user account
  • Performing facial and skin analysis to generate your personalised Skin Profile
  • Recommending skincare, make-up, and beauty products matched to your Skin Profile
  • Enabling product search, filtering, and comparison features

8.2 Personalisation and Improvement

  • Customising your in-app experience based on your preferences and history
  • Tracking your skin health progress over time (with your consent)
  • Improving the accuracy of our AI skin analysis algorithms using anonymised and aggregated data
  • Conducting internal research and product development

8.3 Commercial and Affiliate Operations

  • Processing affiliate link clicks and attributing referrals to our affiliate partners (including via DCM Network)
  • Managing product catalogue recommendations sourced from brand partners
  • Providing personalised promotional offers and discounts

8.4 Communication

  • Sending transactional messages (account confirmation, password resets, security alerts)
  • Sending marketing communications where you have provided consent
  • Responding to customer support requests

8.5 Legal and Security

  • Complying with applicable UAE law and regulatory obligations
  • Detecting, investigating, and preventing fraudulent or unauthorised activity
  • Enforcing our Terms of Service
  • Protecting the rights and safety of our users and third parties

9. Facial Scanning Technology — Detailed Disclosure

We want to be fully transparent about how facial scanning technology works within Aura Beauty App.

9.1 How the Scan Works

When you initiate a skin scan, your device camera captures a series of images or a short video of your face. Our AI model analyses these to detect and measure:

  • Overall skin tone (using a standardised beauty colour scale) and undertone (warm, cool, neutral)
  • Skin type: oily, dry, combination, normal, or sensitive
  • Visible skin concerns: acne and blemishes, dark spots and hyperpigmentation, fine lines and wrinkles, redness and irritation, under-eye circles, enlarged pores, and uneven skin texture
  • Facial zones for targeted product recommendations (T-zone, cheeks, eye area, forehead)

9.2 Where Processing Occurs

Initial image processing is performed on your device where technically feasible. Derived data outputs (your Skin Profile scores) are transmitted to and stored on our secure servers. Raw facial images are not stored on our servers unless you explicitly opt in to the Progress Photo feature.

9.3 Progress Photo Feature

If you opt in to the Progress Photo feature, we will store timestamped facial images on our secure cloud servers to enable side-by-side comparisons over time. You may delete these images at any time via Account Settings. Opting out will not affect your ability to use the core skin analysis functionality.

9.4 AI Model Training

We may use anonymised and aggregated skin analysis data to improve the accuracy of our AI models. Your identifiable facial images will not be used for AI training without your separate, explicit consent, presented as a distinct opt-in request.

9.5 No Facial Recognition for Identity

Important Clarification

The facial scan feature is used exclusively for skin analysis and beauty recommendations. We do not use it to identify you, verify your identity, or match your face against any external database or government identity system.

10. Data Sharing and Third-Party Disclosures

We do not sell your personal data. We may share your data only in the following limited circumstances:

10.1 Service Providers and Data Processors

We engage trusted third-party companies to support our operations. These processors act on our instructions and are bound by data processing agreements compliant with the UAE PDPL. Categories include cloud hosting, analytics, customer support, email/notification services, and payment processing. All service providers are prohibited from using your data for their own purposes.

10.2 Affiliate and Commercial Partners

Aura Beauty App participates in affiliate marketing programmes including through DCM Network. The following may be shared with affiliate partners:

  • Anonymised or pseudonymised product interaction data (clicks, views, and purchases through affiliate links)
  • Aggregated and non-identifiable skin profile data for product catalogue matching — never linked to any individual

Your identifiable personal data, including your name, email address, facial scan data, or detailed skin analysis, is not shared with affiliate or brand partners without your explicit consent.

10.3 Legal Disclosures

  • In response to a lawful request from a UAE government authority, law enforcement agency, or court
  • To protect the rights, property, or safety of Aura Beauty App, our users, or the public
  • In connection with the enforcement of our Terms of Service

10.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your personal data may be transferred to a successor entity. We will notify you via in-app notification and email prior to such a transfer.

11. International Data Transfers

Aura Beauty App operates primarily within the UAE. Where your personal data is transferred internationally, we ensure such transfers are made only to countries recognised by the UAE Data Office as providing adequate data protection, or subject to appropriate safeguards such as standard contractual clauses or equivalent mechanisms.

Biometric data and facial scan images are stored on servers located within the UAE or in jurisdictions with equivalent data protection standards. We do not transfer raw biometric data to jurisdictions without adequate protection unless compelled by law.

You may request information about the safeguards in place for any specific international transfer by contacting our Data Protection Officer (see Section 19).

12. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by applicable law.

Data CategoryRetention PeriodAccount DataDuration of account + 12 months after deletion (for legal obligations)Skin Analysis Profile DataDuration of account, or until you delete your Skin ProfileFacial Scan Images (Progress Photos)Until you delete them or close your account; deleted within 30 days of closureRaw Facial Scan Processing DataNot retained after analysis is complete (unless Progress Photo is enabled)Affiliate and Purchase Data3 years from date of interactionCommunication and Support Records3 years from date of interactionLegal Compliance RecordsAs required by UAE law (typically 5–7 years)Consent RecordsDuration of account + 5 years

Upon expiry of the applicable retention period, your data will be securely deleted or anonymised in a manner that prevents re-identification.

13. Your Rights Under the UAE PDPL

As a data subject under the UAE PDPL, you have the following rights. Exercise any right by contacting our Data Protection Officer (Section 19). We will respond within 30 days.

📋

Right of Access

Request a copy of the personal data we hold about you, including your Skin Profile and account information.

✏️

Right to Rectification

Request correction of any inaccurate or incomplete personal data we hold about you.

🗑️

Right to Erasure

Request deletion of your personal data where it is no longer necessary, where you withdraw consent, or where processing is unlawful.

↩️

Withdraw Consent

Withdraw consent at any time, including for biometric data. Manage consents in your Account Settings.

⏸️

Restrict Processing

Request that we restrict processing of your data in certain circumstances, such as where you contest its accuracy.

📤

Data Portability

Receive your personal data in a structured, machine-readable format and transmit it to another controller where feasible.

🚫

Right to Object

Object to processing based on legitimate interests or for direct marketing purposes.

🏛️

Lodge a Complaint

If dissatisfied, lodge a complaint with the UAE Data Office at www.dataoffice.gov.ae.

14. Data Security

14.1 Technical Measures

  • End-to-end encryption for data transmission (TLS 1.2 / 1.3)
  • Encryption at rest for all stored personal data, including Skin Profile data and facial images
  • On-device processing of facial scan data where feasible, minimising server exposure
  • Role-based access controls limiting employee access on a need-to-know basis
  • Multi-factor authentication for administrative system access
  • Regular vulnerability assessments and penetration testing
  • Automated monitoring and alerting for suspicious access patterns

14.2 Organisational Measures

  • Data protection training for all staff who handle personal data
  • Data Protection Impact Assessments (DPIAs) conducted prior to new sensitive data processing activities
  • Documented data breach response procedures compliant with UAE PDPL notification requirements
  • Regular review and audit of data processing activities

14.3 Data Breach Notification

In the event of a personal data breach that poses a risk to your rights and interests, we will notify the UAE Data Office within the timeframe required by the PDPL and will notify affected users without undue delay where the breach is likely to result in a high risk to their rights.

15. Children's Privacy

Aura Beauty App is not directed at children under the age of 13. We do not knowingly collect personal data from children under 13 without verifiable parental or guardian consent.

Users aged 13 to 17 may use the App only with the consent of a parent or legal guardian. Biometric data of minors requires explicit parental or guardian consent in addition to the minor's assent.

If you believe we have inadvertently collected data from a child under 13 without appropriate consent, please contact us immediately at privacy@aurabeautyapp.com and we will take prompt steps to delete that data

16. Children's Privacy

Cookies and Tracking Technologies

We use cookies and similar tracking technologies in the web version of the App. The types of cookies we use:

Strictly NecessaryRequired for the App to function correctly (e.g., session management, security). These cannot be disabled.

AnalyticsUsed to understand how users interact with the App to improve performance and user experience. Used with your consent.

PreferenceStore your settings and preferences, such as language and display options.

Affiliate & MarketingUsed to track affiliate referrals and measure the effectiveness of affiliate campaigns (e.g., via DCM Network). Used with your consent.

You can manage your cookie preferences at any time through the Cookie Settings panel in the App or your browser settings.

17. Affiliate Marketing and Commercial Partners

Aura Beauty App operates an affiliate marketing model. When you click on product links within the App, you may be redirected to third-party retailer websites. If you make a purchase following such a click, we may receive a commission from the retailer or through our affiliate network, including DCM Network.

  • We use tracking cookies and pixel technologies to attribute referrals and purchases to the App
  • Affiliate tracking data is processed through DCM Network and applicable brand partner systems
  • We share only anonymised, non-identifiable data with affiliate partners for commission tracking
  • Product recommendations are made on the basis of your Skin Profile, not commercial arrangements with brands — sponsored product placements will be clearly labelled

Your personal data is not shared with brand partners or retailers for their independent marketing purposes without your explicit consent.

18. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our data practices, the services we offer, or applicable law. Where we make material changes, we will:

  • Notify you via in-app notification and email at least 14 days before the changes take effect
  • Update the "Last Updated" date at the top of this Policy
  • Where required by law, seek your renewed consent for any new processing activities

Your continued use of the App after the effective date of any updated Policy constitutes your acknowledgement of the changes. If you do not agree, you may close your account at any time.

19. Contact Us & Data Protection Officer

If you have any questions, concerns, or complaints about this Policy or the way we handle your personal data, please contact us:

Data Protection Officer

DPO Email privacy@aurabeautyapp.com

Subject Line"Data Protection Inquiry — [Your Name]"

Response TimeAcknowledgement within 5 business days; substantive response within 30 calendar days

App Support support@aurabeautyapp.com

Website www.aurabeautyapp.com

UAE Data Office www.dataoffice.gov.ae

AddressIFZA Business Park, DDP, Dubai, UAE

Terms and Conditions
|
Privacy Policy
Contact
Copyright Aura Beauty© 2025. All Rights Reserved.
Launched with
The best way to fund and launch your app.
Celebrating over £170m raised for our founders.