1. Introduction
YuAura ("we", "us", "our") is an AI-enabled health continuity platform that helps users track medications, prescriptions, appointments, and clinical follow-up. We are committed to protecting the privacy, security, and confidentiality of all users. By creating an account or using YuAura, you agree to this Privacy Policy.
2. Data We Collect
YuAura collects only the minimum data necessary to provide its service.
User-provided data:
- Name (real name, pseudonym, or email-only accounts)
- Prescription images and uploads
- Medication details and adherence feedback
- Symptoms, side effects, and treatment response you report
- Appointment and clinic linking information you provide
Automatically collected data:
- Device type, operating system, and app version
- Device or app identifiers for sign-in, security, and notifications
- Usage and diagnostic logs (errors, feature usage) sent to our API
- Notification delivery status (local and push, where enabled)
Data we do NOT collect: advertising identifiers (our Android app blocks Google AD_ID), precise GPS tracking, biometrics for identification, or sale of personal or health data to data brokers.
Device & app identifiers (mobile app): Our Android and iOS apps may collect app instance identifiers, push notification tokens (Firebase Cloud Messaging when you allow notifications), Google Sign-In identifiers when you use Google Sign-In, and fraud-prevention signals when doctors or clinics pay through Stripe. These are used for account access, functionality, security, reminders, and billing — not for third-party advertising.
3. Legal Basis for Processing
We rely on explicit user consent when you create an account, upload a prescription, or submit health feedback. You may withdraw consent at any time via privacy@yuaura.com or in-app settings.
4. How Your Data Is Used
- Medication tracking, adherence reminders, and appointment scheduling
- Follow-up feedback and symptom monitoring
- Doctor–patient and clinic access you approve
- Encrypted transmission to https://api.yuaura.com (YuAura API), operated by Nordus Labs Inc.
- Push notifications (including FCM on Android) when you grant permission
- Google Sign-In and Stripe payments when you choose those features
- AI/OCR to read prescriptions and support workflows — not sold to advertisers
5. Data Retention
Identifiable user data is retained for up to 12 months unless a longer period is required by law or your clinic agreement, after which it is deleted or fully anonymized. You may request deletion at any time.
6. Data Storage & Security
- TLS (HTTPS) for data in transit to api.yuaura.com
- Secured cloud infrastructure (including AWS and MongoDB Atlas)
- Encryption in transit and at rest where supported
- Access controls, authentication, and audit logging on production systems
7. Data Sharing
YuAura does not sell your personal or health information. We share identifiable data only with healthcare professionals and clinics you approve, with service providers under contract (hosting, API, notifications, payments, sign-in), and in aggregated or de-identified form where permitted. We do not share identifiable prescription images or health records with advertisers.
8. User Rights
You may request access, export, correction, deletion, consent withdrawal, and explanation of AI-processed outputs. Contact privacy@yuaura.com. We may take up to 30 days to process requests.
9. Children and Minors
Minors may use YuAura only through a parent or legal guardian who creates and manages the account. No direct accounts for minors are permitted.
10. International Data Transfer
Data may be stored or processed in Canada, the United States, Pakistan, and AWS regions, subject to contractual and security safeguards.
11. Third-Party Processors
- YuAura API — account, health, scheduling, and clinic data
- Amazon Web Services (AWS) — hosting
- MongoDB Atlas — application database
- Google — Google Sign-In (optional) and Firebase Cloud Messaging (push)
- Stripe — payment processing (card data handled by Stripe)
- OpenAI / OCR providers — prescription text extraction when you upload images
12. Security Practices
We maintain access control, encryption, and internal audits. YuAura is not a medical service provider and does not replace emergency or clinical care.
13. Limitation of Liability
YuAura provides services on an "as is" basis. To the maximum extent permitted by law, YuAura is not liable for medical outcomes, diagnostic accuracy, or consequential damages. YuAura is not a medical service provider.
14. Dispute Resolution
Disputes may be resolved through binding arbitration under applicable law. Class actions are not permitted where enforceable.
15. Intellectual Property
YuAura software is owned by Nordus Labs Inc. (Canada). YuAura Health API Software is registered with the Canadian Intellectual Property Office (CIPO Reg. No. 1247193). See Software Notice.
16. Changes to This Policy
We may update this policy. Material changes will be communicated in the app or on this page. Continued use after notice constitutes acceptance.
17. Contact
Support: support@yuaura.com
Privacy: privacy@yuaura.com
Legal: legal@yuaura.com
Company: Nordus Labs Inc., Thornhill, Ontario, Canada