Privacy
Statement.
At Aura, we believe your data belongs to you. Our commitment to privacy is absolute and built into the core of the application’s architecture.
Location Services
When you grant Aura access to your location, the data is used strictly to fetch real-time weather conditions for your current coordinates. This data is transmitted directly to our trusted weather API provider (Open-Meteo) and never passes through any "Aura" server.
We do not store your location history, and we have implemented Zero-Leak Logging in production to ensure your coordinates never appear in system console logs.
Hardware-Locked Security
All weather data and saved locations are encrypted at the app level using AES-GCM (256-bit). The encryption keys are generated and stored exclusively in your device's Secure Enclave (Apple Keychain). This ensures that your data is mathematically inaccessible to anyone else—even if they have physical access to your device while it is locked.
Identity Verification (SPKI)
Aura uses OS-level Public Key Pinning (SPKI) to verify the cryptographically signed identity of the weather servers. This "hardened" connection prevents middle-man attacks, ensuring that the forecast you see is authentic and has not been intercepted or forged.
Personal Data & Sovereignty
We do not require accounts, email addresses, or any form of registration. Your settings and preferences are synced securely through Apple's Private CloudKit, ensuring that your data remains end-to-end encrypted within your own iCloud ecosystem. As developers, we have zero visibility into your saved locations, search history, or app usage.
Third-Party SDKs
Aura contains zero third-party SDKs. We have refused to include any external analytics, crash-reporting tools, or advertising code. If we didn't build it ourselves, it isn't in this app.