Privacy Policy

Effective date: 25 May 2026
Last updated: 25 May 2026

This Privacy Policy explains how Auras Network, Unipessoal Lda (“Auras”, “we”, “us” or “our”) collects, uses, stores and protects personal data when you use the Auras platform, website, mobile application, event tools, community features, paid services, organiser tools and related services.

We have written this Policy in a clear and practical way so you can understand what happens to your personal data, why we use it, and what rights you have under the General Data Protection Regulation, Regulation (EU) 2016/679 (“GDPR”), and applicable Portuguese data protection law.

1. Who we are

The controller responsible for the processing of your personal data is:

Auras Network, Unipessoal Lda
Portuguese company registration / NIPC: [●]
Registered address: Avenida Menéres, n.º 640, 4450-189 Matosinhos, Portugal
Contact email: hello@auras.network
Website: auras.network

For any privacy-related question or request, you can contact us at:

hello@auras.network

At this stage, we have not appointed a Data Protection Officer because we do not currently consider this legally mandatory for our activities. If this changes, we will update this Policy.

2. What Auras is

Auras is a digital platform for meaningful events, community, connection and intentional communication. It allows users to create accounts, build profiles, join or interact with communities, discover and participate in events, publish or interact with content, and, where available, use organiser and paid-service features.

Some features may allow users, facilitators, creators, venues or organisers to share personal information publicly or semi-publicly, including information about events, communities, interests, experiences, practices or emotional states. Please use these features consciously and only share information you are comfortable making available to the relevant audience.

3. Who this Policy applies to

This Policy applies to:

  • visitors to our website;
  • users who create an Auras account;
  • people who view, join, create or interact with communities, profiles, posts, events or other content;
  • event participants and RSVP users;
  • ticket buyers, once paid ticket features are launched;
  • organisers, facilitators, creators, venues and professional users;
  • people who contact us by email, forms, support channels or social media;
  • people whose data is provided to us by another user, for example when an organiser adds team members, collaborators or event information.

Auras accounts are intended for users aged 16 or older. Paid services, paid ticket purchases and organiser accounts are intended for users aged 18 or older.

4. Personal data we collect

The personal data we collect depends on how you use Auras.

4.1 Account and profile data

When you create or use an account, we may process:

  • name, display name, username or profile name;
  • email address;
  • password or authentication data;
  • profile photo, avatar, biography, interests and profile information;
  • language, city, country or approximate location information you choose to provide;
  • account settings and preferences;
  • verification, security and login information;
  • age-related confirmations, such as confirmation that you are at least 16 or 18 where required.

4.2 Content and community data

When you use Auras, we may process content and interaction data such as:

  • posts, comments, replies, messages or other user-generated content;
  • community or “Tribe” memberships, roles and interactions;
  • events you create, attend, RSVP to, save, follow or interact with;
  • profiles, communities, facilitators, creators, venues or events you follow or engage with;
  • reactions, reports, moderation requests and safety-related interactions;
  • emotional-state or presence-related features, where you choose to use them;
  • media you upload, such as images, audio or video, where supported.

Some of this information may be visible to other users depending on your privacy settings, the feature used and the audience of the space where you share it.

4.3 Event and organiser data

If you create, manage, join or participate in events, we may process:

  • event title, description, images, location, date, time and practical information;
  • organiser, facilitator, artist, therapist, venue or collaborator information;
  • RSVP status, attendance status and participation information;
  • ticket or entrance-control information, once paid ticketing is available;
  • check-in or QR-code validation data, where applicable;
  • organiser subscription status and professional-feature usage;
  • communications related to events, reminders, updates, cancellations or participant coordination.

4.4 Payment and billing data

For paid services, organiser subscriptions and paid tickets, where available, we may process:

  • payment status;
  • subscription status;
  • billing details;
  • invoice or transaction references;
  • VAT or tax-related information where required;
  • refund, chargeback or dispute information, where applicable.

Payment card, MB WAY or similar payment information is normally processed directly by our payment service providers, such as Stripe or another provider we may use. We do not intend to store full payment card details on our own systems.

Paid ticketing is planned as a future feature. When it launches, this Policy may be updated with more detailed payment and event-ticketing information.

4.5 Technical, device and usage data

When you use our website, app or services, we may process:

  • IP address;
  • device type, operating system, browser type and app version;
  • language and region settings;
  • log data, error reports and diagnostic information;
  • approximate location derived from your IP address;
  • security events, login attempts and session information;
  • pages, screens, features and interactions within the service;
  • cookie or similar technology data, where applicable.

4.6 Support and communication data

When you contact us, we may process:

  • your name and contact details;
  • the content of your message;
  • support history;
  • information needed to understand and respond to your request;
  • records of complaints, reports, legal notices or rights requests.

4.7 Data from third parties

We may receive personal data from third parties, for example:

  • authentication providers, if you log in through a third-party service;
  • payment providers, for payment status and transaction references;
  • event organisers, when they add information about collaborators, venues or participants;
  • other users, when they tag, mention, report or interact with you;
  • external ticketing or event platforms, where integrations or links are used;
  • public sources, where necessary to verify publicly available organiser, venue or event information.

5. Sensitive or special-category data

Auras is designed for authentic expression, community and intentional connection. This means users may choose to share information that could reveal sensitive aspects of their life, such as spiritual interests, personal experiences, emotional states, health-related experiences, philosophical beliefs, relationships or similar information.

Under GDPR, some types of data are considered “special categories of personal data”, including data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data used for identification, health data, and data concerning sex life or sexual orientation.

We do not require you to share special-category data to use Auras. If you choose to include such information in your profile, posts, communities, events, messages or other content, you should understand that:

  • the information may be visible to the audience of the space where you share it;
  • we may need to process it technically in order to host, display, transmit, moderate, protect and operate the service;
  • where you deliberately make such information public, GDPR may treat it as information manifestly made public by you;
  • where we rely on your consent for specific sensitive-data features, you may withdraw that consent at any time, without affecting prior lawful processing.

Please do not share sensitive information about other people unless you have a lawful basis and their permission to do so.

6. Why we use your personal data and our legal bases

We only process personal data when we have a lawful basis under GDPR.

Purpose Examples Legal basis
To create and manage your account registration, login, profile settings, authentication performance of a contract; legitimate interests in account security
To provide the Auras platform profiles, communities, posts, events, RSVPs, participation features, organiser tools performance of a contract
To show content to relevant audiences displaying posts, events, communities, profiles and user interactions according to settings performance of a contract; legitimate interests in operating a community platform
To process event participation RSVP, reminders, attendance, check-in, entrance-control tools performance of a contract; legitimate interests; legal obligations where applicable
To process payments and subscriptions paid services, organiser subscriptions, future paid tickets, billing and payment status performance of a contract; legal obligations; legitimate interests in fraud prevention and accounting
To communicate with you service emails, support replies, account notices, event updates, security alerts performance of a contract; legitimate interests; legal obligations
To send optional marketing communications newsletters, launch updates, product news, community updates consent, or legitimate interests where permitted by law and with opt-out rights
To improve the service debugging, analytics, usability improvements, product development legitimate interests in improving and securing the service
To keep Auras safe moderation, reports, abuse prevention, spam prevention, fraud detection, enforcement of terms legitimate interests in safety and trust; legal obligations where applicable
To comply with law accounting, tax, legal requests, regulatory obligations, dispute handling legal obligations; legitimate interests in legal defence
To protect rights and enforce agreements investigating violations, responding to claims, enforcing Terms and Conditions legitimate interests; legal claims

Where we rely on legitimate interests, we assess whether our interests are overridden by your rights and freedoms. You may object to processing based on legitimate interests in certain circumstances.

Where we rely on consent, you may withdraw your consent at any time. Withdrawal does not affect processing that took place before consent was withdrawn.

7. Public, community and semi-public spaces

Auras includes spaces where information can be visible to others. Depending on the feature, your data may be visible to:

  • the public;
  • registered Auras users;
  • members of a specific community or Tribe;
  • event organisers or participants;
  • collaborators, crew or team members linked to an event;
  • facilitators, creators, venues or professional users;
  • Auras staff or service providers who need access to operate, support, moderate or secure the service.

You are responsible for the content you choose to publish or share. Please think carefully before sharing personal data, especially sensitive information, information about other people, or information you would not want to be seen by the relevant audience.

8. Moderation, safety and AI-assisted tools

To protect users and maintain a safe platform, we may use moderation tools, including automated or AI-assisted systems, to help detect spam, abuse, harmful content, fraud, security risks or violations of our Terms and Conditions.

These tools may flag content or behaviour for review. Important moderation decisions, such as significant account restrictions, may involve human review where appropriate. We do not use automated decision-making that produces legal or similarly significant effects on you without appropriate safeguards.

We may process content, metadata, reports and account information for safety, moderation and legal compliance purposes.

9. Cookies and similar technologies

We may use cookies, local storage, SDKs or similar technologies to:

  • keep you logged in;
  • remember your preferences;
  • secure the platform;
  • understand basic usage and performance;
  • improve the service;
  • support payment, authentication or security functions.

We do not currently intend to use intrusive advertising cookies, third-party behavioural advertising cookies or tracking technologies for selling your personal data.

Where legally required, we will ask for your consent before using non-essential cookies or similar technologies. You can control cookies through your browser or device settings. Some essential features may not work properly if essential cookies or storage are disabled.

A separate Cookie Policy may be published if required or useful.

10. Analytics and product improvement

We may use privacy-conscious analytics to understand how Auras is used, diagnose problems and improve the platform. Analytics may include aggregated or pseudonymised information such as feature usage, screen views, performance events, device type, approximate region or error logs.

Where analytics require consent under applicable law, we will request consent before using them.

11. Marketing communications

We may send you service-related communications that are necessary for your account or use of Auras, such as security alerts, account notices, event updates, policy changes or transactional emails.

We may also send optional marketing communications, such as newsletters, launch updates or community news, where we have a lawful basis to do so. You can unsubscribe from optional marketing emails at any time by using the unsubscribe link or contacting us at hello@auras.network.

You cannot opt out of essential service, security or legal communications while you continue to use the relevant service.

12. Who we share personal data with

We may share personal data with the following categories of recipients where necessary:

12.1 Service providers

We may use trusted service providers for hosting, storage, security, analytics, email delivery, customer support, payments, authentication, infrastructure, development, monitoring and similar services.

These providers may only process personal data according to our instructions and must protect it under appropriate contractual and technical safeguards.

12.2 Payment providers

For paid services, subscriptions and future paid tickets, payment-related data may be processed by payment providers such as Stripe or equivalent providers. These providers may act as independent controllers for certain payment, regulatory, anti-fraud or compliance activities.

12.3 Event organisers and collaborators

When you RSVP to, attend, buy a ticket for, or otherwise participate in an event, relevant information may be shared with the event organiser, facilitator, venue, crew or collaborator so the event can be managed.

This may include your name, RSVP or ticket status, check-in status, participant communication data and other information necessary for the event.

12.4 Other users

Information you share in public, community or event spaces may be visible to other users according to the feature and privacy settings.

12.5 Legal, safety and compliance recipients

We may disclose personal data when necessary to:

  • comply with legal obligations;
  • respond to lawful requests from courts, regulators or public authorities;
  • protect the rights, safety and property of Auras, users or third parties;
  • investigate fraud, security incidents, abuse or violations of our Terms and Conditions;
  • defend or establish legal claims.

12.6 Business transfers

If Auras is involved in a merger, acquisition, restructuring, financing, sale of assets or similar transaction, personal data may be disclosed or transferred as part of that transaction, subject to appropriate safeguards.

13. International transfers

We are based in Portugal. Some of our service providers may process personal data outside Portugal, the European Union or the European Economic Area.

Where personal data is transferred outside the European Economic Area to a country that has not been recognised as providing an adequate level of protection, we will use appropriate safeguards, such as the European Commission’s Standard Contractual Clauses, supplementary safeguards where required, or another lawful transfer mechanism under GDPR.

14. How long we keep personal data

We keep personal data only for as long as necessary for the purposes described in this Policy, including to provide the service, comply with legal obligations, resolve disputes, enforce agreements and protect our legitimate interests.

Typical retention criteria include:

  • account data: for as long as your account remains active, and for a reasonable period after deletion where needed for security, legal or backup purposes;
  • profile and content data: for as long as it remains published or your account remains active, unless deleted earlier or retained for legitimate/legal reasons;
  • event participation data: for as long as necessary to manage the event and for reasonable administrative, legal, accounting or dispute periods;
  • payment and invoice data: for the period required under applicable accounting and tax laws;
  • support communications: for as long as necessary to handle your request and maintain records of our response;
  • security logs: for a limited period necessary to protect the platform, investigate incidents and prevent abuse;
  • legal or dispute-related data: for as long as necessary to establish, exercise or defend legal claims.

When personal data is no longer needed, we will delete it, anonymise it or securely archive it where legally required.

15. Your GDPR rights

Subject to the conditions and limits set by GDPR, you have the following rights:

15.1 Right of access

You can ask whether we process your personal data and request a copy of that data.

15.2 Right to rectification

You can ask us to correct inaccurate or incomplete personal data.

15.3 Right to erasure

You can ask us to delete your personal data in certain circumstances, for example where the data is no longer necessary or where you withdraw consent and there is no other legal basis for processing.

15.4 Right to restriction

You can ask us to restrict the processing of your personal data in certain circumstances.

15.5 Right to data portability

Where processing is based on consent or contract and carried out by automated means, you can ask to receive certain personal data in a structured, commonly used and machine-readable format, or request transmission to another controller where technically feasible.

15.6 Right to object

You can object to processing based on legitimate interests, including profiling based on legitimate interests, where applicable. You can also object at any time to direct marketing.

15.7 Right to withdraw consent

Where processing is based on consent, you can withdraw consent at any time. This does not affect the lawfulness of processing before withdrawal.

15.8 Rights related to automated decision-making

You have rights in relation to decisions based solely on automated processing that produce legal or similarly significant effects. We do not currently carry out such decision-making without appropriate safeguards.

16. How to exercise your rights

To exercise your rights, contact us at:

hello@auras.network

Please clearly describe the right you want to exercise and provide enough information for us to identify your account or request. We may ask you to verify your identity before responding, especially where the request concerns access, deletion or sensitive account information.

We will respond within the timeframe required by GDPR, normally within one month. This period may be extended where permitted by law for complex or multiple requests.

17. Complaints

If you believe we have not handled your personal data properly, please contact us first so we can try to resolve the issue.

You also have the right to lodge a complaint with a supervisory authority. In Portugal, the supervisory authority is:

CNPD – Comissão Nacional de Proteção de Dados
Av. D. Carlos I, 134, 1.º
1200-651 Lisboa
Portugal
Website: www.cnpd.pt
Email: geral@cnpd.pt

You may also contact the supervisory authority in the EU/EEA country where you live, work or where you believe an infringement occurred.

18. Security

We use appropriate technical and organisational measures to protect personal data against unauthorised access, loss, misuse, alteration or disclosure. These measures may include access controls, encryption, authentication, logging, backups, monitoring and internal security procedures.

No online service can be guaranteed to be completely secure. You are responsible for keeping your login details confidential and for using a strong password.

If we become aware of a personal data breach that must be notified under GDPR, we will notify the competent supervisory authority and, where legally required, affected users.

19. Children and age limits

Auras accounts are intended for users aged 16 or older.

Users under 18 may not purchase paid tickets, use paid services, create organiser accounts or enter into paid organiser subscriptions.

We do not knowingly allow users under 16 to create accounts. If we become aware that a user under 16 has created an account, we may delete the account and related personal data, unless there is a lawful reason to retain certain information.

Parents or guardians who believe that a child has provided personal data to us can contact us at hello@auras.network.

20. External links and third-party services

Auras may include links to external websites, event pages, ticketing platforms, payment providers, social media pages, maps or other third-party services.

We are not responsible for the privacy practices of third parties. When you leave Auras or use a third-party service, that third party’s own privacy policy and terms apply.

Where events use external ticket links, the external ticketing provider or organiser may independently process your personal data.

21. User responsibilities

When using Auras, you should:

  • keep your account information accurate and secure;
  • avoid sharing unnecessary sensitive information;
  • respect the privacy of other users;
  • avoid publishing personal data about others without permission or another lawful basis;
  • use privacy settings carefully;
  • report privacy or safety concerns to us.

22. Changes to this Policy

We may update this Privacy Policy from time to time, for example when we launch new features, change service providers, update legal requirements or improve our privacy practices.

If changes are material, we will take reasonable steps to notify you, such as by email, in-app notice or website notice. The updated version will apply from the effective date stated at the top of the Policy.

23. Contact

For privacy questions, rights requests or complaints, contact:

Auras Network, Unipessoal Lda
Avenida Menéres, n.º 640
4450-189 Matosinhos
Portugal
Email: hello@auras.network
Website: auras.network