AuraZ
Back to home

Privacy Policy

Last updated: June 11, 2026

App Name: Aura Z
Developer: Kyun Labs

This Privacy Policy explains how Kyun Labs (“we,” “us,” or “our”) collects, uses, and protects your information when you use our AI-powered beauty application, Aura Z.

1. Information We Collect

We believe in data minimization. We only collect the data necessary to provide the service, deliver personalized beauty insights, and ensure app stability.

A. Authentication & Account Data

  • Anonymous Access (Default): When you first use the app, we create an anonymous account via Firebase to store your data without requiring personal details such as your name or email address.
  • Referral Codes: If you participate in our referral program, a unique referral code is generated and associated with your anonymous account.

B. Biometric & Facial Data

  • Selfies & Photos: When you use our face analysis, glow-up transformation, or hairstyle features, you provide photos of your face. These images are processed by AI to generate beauty scores, analyses, and transformed images.
  • Facial Analysis Results: We store the results of your facial analyses, including beauty scores, feature-level assessments, and improvement suggestions.
  • Progress Photos: If you use the progress tracking feature, we store dated photos and corresponding scores to show your beauty journey over time.
  • Important: We do not use facial recognition technology to identify you. Facial data is used solely for the purpose of providing beauty analysis and transformation features within the app.

C. AI Conversations

  • Bella Chat History: Conversations with our AI beauty assistant, Bella, are stored to provide contextual and personalized responses within your current and future sessions.

D. User-Generated Content & Cloud Storage

  • Generated Images: AI-generated glow-up transformations, hairstyle previews, and other image outputs are stored in our cloud storage infrastructure (Cloudflare R2) and associated with your anonymous account.
  • Routine Data: Skincare routines you follow, daily completion logs, streak data, and achievement progress are stored to deliver the routine and gamification features of the app.

E. Transaction & Economy Data

  • Coin Balances & Transactions: We record your Coin balance, purchase history, earned rewards, referral redemptions, and feature spend to maintain your in-app economy.
  • Subscription Status: We record whether you have an active subscription, its type, and billing cycle to provide access to premium features. Payment processing is handled by Apple or Google; we do not store credit card or payment method details.

F. Automated Data Collection

  • Device Data: We collect device model, OS version, locale, app version, and IP address to troubleshoot bugs, ensure app security, and comply with regional pricing.
  • Usage Analytics: We collect anonymized usage data such as feature usage frequency, onboarding completion, and session length to improve the Service.
  • Attribution Data: We use third-party attribution tools (AppsFlyer) to understand how users discover and install the app. This data is used for marketing analytics and does not include the content of your photos or conversations.
  • Crash Reports: We use Firebase Crashlytics to collect crash logs and error reports to maintain app stability.

2. How We Use Your Information

We use the collected information for the following purposes:

  • Service Provision: To deliver facial analyses, generate beauty scores, create AI transformations, provide skincare routines, power the Bella AI assistant, manage your Coin economy, and track your progress.
  • Personalization: To tailor recommendations, routines, and AI responses based on your skin type, facial features, and usage patterns.
  • Analytics & Improvements: To understand how users interact with the app so we can improve features, optimize the user experience, and develop new functionality.
  • Fraud Prevention: To detect and prevent abuse of the Coin economy, referral system, and other features.

3. Data Processing & Infrastructure

When you use the app, your data is transmitted securely to our cloud infrastructure providers:

  • Firebase / Google Cloud: Authentication, database (Firestore), cloud functions, remote configuration, and crash reporting.
  • Cloudflare R2: Storage of AI-generated images and user-uploaded photos.
  • Google Gemini API / WaveSpeed API: Processing of your face photos for AI facial analysis and image generation (glow-up and hairstyle transformations). Your photo is transmitted to these providers only at the moment a feature is used, solely to return the requested result.
  • DeepSeek API: Powering the Bella AI assistant. Bella receives only the text of your conversation — your face photos are never sent to DeepSeek.
  • AppsFlyer: Attribution and marketing analytics.
  • RevenueCat: Subscription and purchase management.

We use industry-standard encryption (TLS) to protect your data in transit and at rest.

4. AI Data Processing

Aura Z uses artificial intelligence extensively. You should understand how your data interacts with AI systems:

  • Photo Processing:When you submit a photo for analysis or transformation, the image is sent to Google’s Gemini API or WaveSpeed API for processing. We send only the data necessary for the specific feature you are using.
  • AI Conversations: Messages you send to Bella are processed by AI services to generate responses. Conversation context is maintained to improve response quality.
  • No AI Training by Kyun Labs: Kyun Labs does not use your personal photos, facial data, or conversation content to train our own AI models.
  • Third-Party AI Providers:We require every third party with whom we share your data — including our AI providers (Google’s Gemini API, WaveSpeed, and DeepSeek) and our infrastructure providers — to provide the same or an equivalent level of protection for your data as described in this Privacy Policy and as required by applicable law. These providers may also maintain their own data processing policies, and we encourage you to review their respective privacy policies.

5. Cookies, Analytics & Advertising

We use local storage technologies and third-party tools to maintain your session and support our business.

  • Essential: Tokens and identifiers required to keep you logged in, sync your data, and manage your subscription status.
  • Analytics: We use analytics tools (Firebase Analytics, Crashlytics) to understand app performance, feature usage, and crash reports.
  • Attribution:We use AppsFlyer to measure the effectiveness of our marketing campaigns. This may involve collecting your device’s advertising identifier (IDFA/GAID) subject to your consent where required by platform policies (e.g., Apple’s App Tracking Transparency).

6. Data Sharing & Business Transfers

We do not sell your personal information, photos, or facial data. However, we share data in these strictly necessary scenarios:

  • Service Providers:With our secure cloud hosting and AI processing partners solely to facilitate the app’s core functions as described in Section 3.
  • Legal Compliance: We may disclose information if required by a valid legal request, court order, or governmental regulation.
  • Business Transfers: If Kyun Labs undergoes a merger, acquisition, bankruptcy, or sale of assets, your data may be transferred to the successor entity. We will notify users of any such transfer and any changes to this Privacy Policy.
  • Aggregated & Anonymized Data: We may share aggregated, non-identifiable statistics (e.g., total number of analyses performed, average scores by region) for business or research purposes.

7. Data Retention

  • Active Accounts: We retain your data for as long as your account is active and as needed to provide you with the Service.
  • Deleted Accounts: When you delete your account, all personal data, photos, generated images, analysis results, conversation history, Coin balances, and progress data are permanently removed from our active databases within 30 days. Backup copies may persist for up to 90 days before being permanently purged.
  • AI-Generated Images: Images stored in Cloudflare R2 are deleted when you delete your account or when you manually delete specific generated content within the app.

8. User Rights & Data Deletion

You have full control over your data.

  • Delete Account: You may delete your account at any time by using the in-app account deletion option or by sending us an email at contact@kyunlabs.com.
  • Delete Specific Data: You may delete individual analyses, generated images, conversations, or progress photos from within the app.
  • Effect of Deletion: When you delete your account, all your facial analysis data, generated images, conversation history, routine data, Coin balances, referral data, progress photos, and account information are permanently removed from our active systems.

9. Privacy Rights (LGPD, CCPA & Others)

Depending on your location, you are protected by specific data privacy regulations, including the Brazilian General Data Protection Law (LGPD), the California Consumer Privacy Act (CCPA), and other applicable US state and international privacy laws.

  • Right to Access & Portability: You can request a copy of the data we hold about you.
  • Right to Delete: You may request the complete erasure of your data by contacting us.
  • Right to Rectification: You may request correction of inaccurate data.
  • Right to Object: You may object to certain types of data processing.
  • Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.

To exercise any of these rights, contact us at contact@kyunlabs.com.

10. Age Restrictions

Aura Z is intended for users aged 16 and older. We do not knowingly collect personal information from children under 16. If we become aware that a user under 16 has provided us with personal information, we will take steps to delete such information immediately and terminate the associated account. If you believe a child under 16 is using the Service, please contact us at contact@kyunlabs.com.

11. International Data Transfers

Your data may be processed and stored in countries other than your country of residence, including the United States and Brazil. By using the Service, you consent to the transfer of your data to these countries. We ensure that appropriate safeguards are in place to protect your data in accordance with applicable data protection laws.

12. Security

We implement industry-standard security measures to protect your data, including:

  • Encryption of data in transit (TLS) and at rest.
  • Secure authentication via Firebase.
  • Access controls limiting employee access to user data.
  • Regular security reviews of our infrastructure.

However, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security of your data.

13. Changes to This Policy

We may update this Privacy Policy periodically. We will notify users of material changes via an update note within the application. Your continued use of the Service after changes are posted constitutes acceptance of the updated Privacy Policy.

14. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us at:

Email: contact@kyunlabs.com
Mailing Address:
Kyun Labs
Rua Pais Leme, 215 - 1713, Pinheiros,
São Paulo - SP 05424-150, Brazil

Copyright © 2026 Kyun Labs.