Legal

privacy policy.

Last updated: 8 June 2026 · v1.0

◆ The short version

your camera feed is processed in your browser. we never see your photo. the only things we ever store are emails you intentionally hand us (waitlist, applications, tip receipts) and a hashed IP for spam protection. that's it.

◆ Contents

what we collect
your camera & photos
why we collect what we do
who we share with
cookies & tracking
your rights
how long we keep things
security
children
international users
changes to this policy
contact

1. what we collect

three categories, and that's the whole list:

your email — only when you give it to us. waitlist signups, operator applications, brand activation inquiries, the aura+ waitlist, field notes subscriptions, tip receipts via stripe.
basic application data — for operator and brand applications, you also give us a name, city, and a couple of paragraphs about what you do. that's the form. nothing else.
operational metadata — your IP address (hashed before storage, used for spam and rate-limit protection), and your browser's user agent string (so we can debug if something breaks). we never tie these to a real-world identity.

we don't collect your name, address, phone number, location, browsing history, or any third-party data brokers' info about you. we don't run analytics that follow you across the web. we don't use facebook pixel, google ads tags, or anything similar.

2. your camera & photos.

this is the one that matters most, so it gets its own section.

when you open the reader at aura.refractventures.co/reader and grant camera permission, your browser hands the camera feed to the page. all processing happens locally on your device. the page reads pixels from your camera frame, extracts a dominant color band, and renders the aura portrait — all in your browser, using your machine's processor.

the camera frame itself is never uploaded. we don't have a server that sees your face. when you click "save aura," the resulting PNG is downloaded directly to your device from the canvas in your browser. it never touches our infrastructure.

two exceptions, both opt-in:

"send to my email" — if you use the share-by-email feature, the rendered aura PNG is uploaded once to our serverless function, attached to an email, and sent to the address you typed. we don't keep a copy after sending.
"scan QR to my phone" — if you use the QR share feature, the rendered aura PNG is uploaded to temporary storage (vercel blob) so your phone can download it. these files auto-delete within 7 days.

both share features are opt-in, only triggered when you tap their buttons, and surfaced clearly in the interface. if you only use the default "save aura" button, your image never leaves your device.

3. why we collect what we do.

each thing has a job:

emails — to send you what you asked for (a waitlist invite, an event RSVP confirmation, a response to your application, a tip receipt).
application details — to evaluate operator and brand-partner fit and reply to you about it.
hashed IP + user agent — to prevent spam, debug errors, and keep the forms from being abused by bots.

that's the complete list. we don't sell or rent any of this. we don't share it for marketing purposes. we don't use it to build profiles of users.

we use a small set of third-party services to operate the site. each one only sees the minimum data needed to do its job:

vercel — hosts the site and runs our serverless functions. sees standard request logs (URL, IP, user agent).
vercel blob — temporary storage for the QR-share feature only. holds PNG files for up to 7 days, then auto-deletes.
stripe — processes tips and (eventually) print orders and aura+ subscriptions. when you tip, stripe sees your name, payment method, and email. we see only that a tip happened, the amount, and your email if you opted to share it on the receipt.
formspree — handles operator applications, brand-partner inquiries, and field notes newsletter signups. they see the form fields you submitted and your email.
resend — sends the email when you use the "send aura to my email" share feature. sees the recipient email, the PNG attachment, and the subject line.
google fonts — serves the fonts the site uses. they see your IP and user agent (standard for any web font CDN).

we have no other third-party integrations. no analytics, no ad networks, no tag managers, no chat widgets.

5. cookies & tracking.

we don't set tracking cookies. the only things stored in your browser are functional: your selected social-format preference in the reader (so it remembers between sessions), and stripe's checkout session cookies when you complete a tip. neither is shared with anyone.

we don't use google analytics. we don't use facebook pixel. we don't follow you across the web.

6. your rights.

regardless of where you are, you can:

ask what we have on you — email privacy@refractventures.co and we'll send back everything tied to your email within 30 days.
ask us to delete it — same email. we'll remove your record from our database and confirm within 30 days.
ask us to correct it — let us know what's wrong and we'll fix it.
withdraw consent — unsubscribe from any list you joined, or ask us to remove you. links are in every email.

if you're in the EU, UK, EEA, or California, you have additional rights under GDPR, UK-GDPR, or CCPA respectively. we honor all of them — including the right to lodge a complaint with your local data protection authority if you think we've handled your data badly.

7. how long we keep things.

email signups (waitlist, newsletter, aura+) — until you ask us to delete them or unsubscribe (which auto-deletes after 30 days).

operator and brand applications — for 24 months from submission, then deleted.

tip receipts — kept as long as legally required for tax purposes (typically 7 years in the US), then deleted.

QR-share image uploads — auto-deleted after 7 days.

email-share PNGs — not stored after sending.

request logs — 30 days, then rotated out.

8. security.

we use industry-standard practices: HTTPS everywhere, encrypted database storage, environment-variable secrets management, and no plaintext credentials in code. no system is unbreakable. if a breach happens, we'll notify affected users within 72 hours of discovery, as required by law.

9. children.

aura.refract is for people 13 and over. we don't knowingly collect data from children under 13. if you're a parent who believes your child has shared data with us, email privacy@refractventures.co and we'll delete it.

10. international users.

aura.refract is operated from the united states. by using the site, you understand that any data we do collect is processed in the US. if you're in the EU, UK, or another jurisdiction with stricter data protection laws, our practices are designed to meet those standards (minimal collection, explicit purpose, opt-in consent for anything beyond strictly necessary).

11. changes to this policy.

if we materially change how we handle data, we'll update this page and the "last updated" date at the top, and post a notice on the homepage for at least 30 days. for users who've given us an email, we'll send a notification.

12. contact.

privacy questions, deletion requests, anything else: privacy@refractventures.co

operating entity: refract ventures, LLC (USA).

if you'd prefer a postal address, email first and we'll provide one.