Privacy Policy
In plain words
- Your health data lives only on your phone, encrypted. There is no Aara account, no login, and no Aara server storing your cycle data.
- Data leaves your device only when you use the optional AI features, optional encrypted backup, or see an ad — and we explain exactly what is sent in each case below.
- We never sell your data. We never share your health data with advertisers. Ads in Aara are non-personalised.
- You can export everything or permanently delete everything, anytime, from Settings.
1. Who we are
Aara is developed and operated by an independent developer based in Bengaluru, India ("we", "us"). You can reach us at contact@aarahealth.app. This policy explains what data the Aara app handles, where it goes, and the choices you control.
2. The core design: your data stays on your device
Aara is built offline-first. Everything you enter in the app — your name, birthdate, height and weight, health conditions, period dates, symptoms, moods, journal notes, pain map, pill reminders, trying-to-conceive logs, and pregnancy logs — is stored in a local database on your phone.
- Encryption at rest: your local database is encrypted with AES-256. The encryption key is held in your phone's secure storage (Android Keystore) and never leaves your device.
- No account: Aara has no sign-up, login, or user accounts. We cannot identify you, and we hold no database of users.
- Works offline: all tracking, the calendar, the journal, reminders, and cycle predictions work with no internet connection.
3. The only times data leaves your device
There are exactly five situations in which any data is transmitted off your phone. Each is optional or clearly visible, and none involves your name.
a. AI chat (Ask Aara)
When you send a question to the AI companion, your question is routed through our secure proxy server to Google's Gemini API to generate a reply. Along with your question, the app always sends your current cycle phase and cycle day so answers are relevant.
The "Personalised AI answers" toggle in Settings is OFF by default — explicit opt-in is required. If you turn it ON, the app additionally sends an anonymised health summary: your PCOS status, listed health conditions, and a short summary of recent moods, symptoms, and flow. You can turn it back off at any time.
Never sent in AI chat: your name, exact age or birthdate, journal notes, medication names, exact temperature readings, or anything that identifies you.
Cross-border processing: Google may process Gemini API requests in data centres outside India. We do not control where Google processes your AI requests.
b. Doctor Prep question generation
When you tap "Generate questions" in Doctor Prep, the app sends an anonymised summary to the same AI service: your age range, BMI category, health conditions, current cycle phase, your top three to five most frequent symptoms (count depends on the Personalised AI toggle), and dominant mood. With Personalised AI ON, it also includes cycle day, PCOS status, mood patterns by phase, and the number (not names) of medications you take. The Doctor Prep PDF itself is generated entirely on your phone.
c. An anonymous install identifier and IP address (rate limiting)
To prevent abuse of the AI service, the app generates one random UUID on first launch and sends it with AI requests for rate limiting. It is random, stored in your phone's secure storage, contains no personal information, and is not linked to your identity or your health data.
Our proxy server also briefly processes your IP address as a fallback rate-limit signal and abuse-prevention measure. IP-based rate-limit counters expire automatically within one hour (burst) and 24 hours (global) and are never linked to your health data or persisted further.
d. Advertising (free tier only)
Free-tier users see banner ads served by Google AdMob on non-sensitive screens only — never in the journal, AI chat, trying-to-conceive, or pregnancy areas. We request non-personalised ads only: your health data is never used for ad targeting and is never shared with AdMob. Like any ad network, Google may process basic device information (such as IP address and device identifiers) for ad delivery, frequency capping, and fraud prevention, governed by Google's privacy policy. Aara Plus subscribers see no ads.
e. Optional encrypted backup and device transfer
If you choose to back up to Google Drive, your data is encrypted on your phone with AES-256-GCM before upload, and stored in your own Google Drive account. We never receive the backup or the key, and we cannot read it. If you transfer Aara to a new phone using the QR transfer feature, your data moves directly between your two devices over your local Wi-Fi network, encrypted — it never passes through any server.
4. Payments
Aara Plus subscriptions are processed entirely by Google Play Billing. We never see or store your card, bank, or UPI details. Google shares only an anonymous purchase token with the app to confirm your subscription is active.
5. What we never do
- We never sell your data — there is nothing to sell, because we don't hold it.
- We never share health data with advertisers, data brokers, or analytics companies.
- We run no analytics or tracking SDKs that profile your in-app behaviour.
- We cannot hand your cycle data to anyone — including under legal demand — because it does not exist on any server we control.
6. Your controls
- Export: Settings → Export my data gives you a complete copy of everything stored, as JSON.
- Delete: Settings → Delete all data permanently erases everything on your device, instantly. There is no server copy to chase.
- Personalised AI toggle: Settings → Health Profile controls whether any health context is sent with AI requests. It is OFF by default. Switching it off is your statutory right to withdraw consent under DPDP Act Sec 6(4)–(5).
- App lock: optional fingerprint/biometric lock for the whole app.
- Local-only notifications: reminders are scheduled and delivered entirely by your phone. We do not send push notifications, marketing messages, or server-triggered alerts of any kind.
- Uninstalling the app deletes all local data. If you made an encrypted Drive backup, you can delete it from your own Google Drive.
6a. Your rights under the DPDP Act, 2023
India's Digital Personal Data Protection Act, 2023 gives you specific rights with respect to any personal data we may process. We honour them as follows:
- Right to access (Sec 11): use Settings → Export my data for a complete copy of everything Aara has on your device.
- Right to correction (Sec 12(1)(a)): you can edit any logged information anywhere in the app.
- Right to erasure (Sec 12(1)(b)): use Settings → Delete all data to permanently erase everything, instantly.
- Right to grievance redressal (Sec 13): contact our Grievance Officer (Sec 9b below). We respond within 7 days.
- Right to nominate (Sec 14): you may nominate another individual to exercise your rights in case of death or incapacity by writing to us at the contact below.
These rights are available without charge and without conditions, and exercising them will not reduce your access to the app.
7. Children and teens
Aara is not for children under 13, and the app blocks accounts where the entered birthdate indicates an age under 13. Users aged 13–17 get a restricted teen mode: the AI companion and adult health content are disabled. We encourage parents and guardians of teen users to review this policy with them. Because Aara stores data only on the user's own device and collects no personal data on servers, we do not process children's personal data within the meaning of India's Digital Personal Data Protection Act, 2023.
8. Data retention and security
Your data is retained on your device until you delete it or uninstall the app. AI requests are processed transiently to generate a reply; we do not build profiles from them. Google's handling of Gemini API requests is governed by Google's terms. Proxy rate-limit counters expire automatically within one hour (burst), 24 hours (global), and one calendar month (per install). No method of transmission or storage is perfectly secure, but Aara's design — local-only storage, encryption at rest, no accounts — removes the most common ways health data is exposed.
8a. Data breach notification
If we become aware of a personal data breach affecting your information — for example, a compromise of the proxy server's rate-limit records, or an incident with the Gemini API processor — we will notify the Data Protection Board of India and any affected users within the timelines and in the manner required by the DPDP Act, 2023 and any rules made under it.
9. Grievances and contact (India)
For any privacy question, concern, or grievance, contact us at contact@aarahealth.app. We aim to respond within 7 days, and in any case within the timelines required under applicable Indian law, including the Information Technology Act, 2000 and the Digital Personal Data Protection Act, 2023.
9b. Grievance Officer (DPDP Sec 5(8))
Nithin Nagaraj Iyer, Founder, Aara · Bengaluru, India · contact@aarahealth.app. Aims to respond within 7 days.
10. Changes to this policy
If we change this policy, we will update the version number and effective date here and show the updated terms in the app before they apply to you. We will never weaken the core promise — local-only health data — without asking for your explicit consent first.