Legal
Privacy Policy
Last updated: 22 June 2026
This Privacy Policy explains how PAMPA ITER SL ("Aura", "we", "us") collects, uses, shares and protects your personal data when you use the Aura mobile app and related services (the "Service"). By using Aura you agree to this policy.
1. Who we are
Aura is operated by PAMPA ITER SL, the data controller for the personal data described here. For any privacy question or request, contact us at info@pampaiter.com.
2. Data we collect
- Account & identity — your name, email address, profile photo and the account identifier provided when you sign in with Google or Apple.
- Fitness & health-related data — your body weight, training goals, the workouts you log (exercises, sets, reps, loads, times), your personal records, and session feedback such as perceived effort.
- Subscription data — your plan tier, trial status and purchase events. Payments are processed by Apple or Google; we never receive or store your card details.
- AI inputs — when you ask Aura to generate or import a workout or weekly plan, your training goal, profile and the content you submit (including photos of a whiteboard/WOD you choose to scan) are sent to our AI provider to produce the result.
- Technical & usage data — device and app information, app language, anonymous usage analytics, and crash/error diagnostics that help us keep the app working.
We do not knowingly collect precise location, contacts, or special-category data beyond the fitness information you choose to enter.
3. How we use your data
- To provide the Service: authenticate you, store your training history, and generate your personalized plans and workouts.
- To operate subscriptions and entitlements (PLUS / PRO) and to keep your access in sync with the app store.
- To improve and secure the Service, diagnose crashes, and prevent fraud and abuse.
- To respond to your support requests and legal obligations.
We do not sell your personal data, and we do not use it for third-party advertising.
4. AI processing
Aura's plan generation and workout import use a third-party large-language-model provider (Google's Gemini API). The inputs needed for a given request are sent to that provider to produce your plan or to read an imported workout. We send only what is needed for the feature you use and do not use your data to train third-party models on your behalf.
5. Who we share data with
We share data only with service providers ("sub-processors") that help us run Aura, under contracts that limit their use of it:
- Sign-in: Google and Apple (authentication).
- Subscriptions & payments: RevenueCat (subscription management) and the Apple App Store / Google Play (payment processing).
- AI: Google (Gemini API) for plan generation and workout import.
- Analytics & diagnostics: our analytics and crash-reporting providers (e.g. Firebase, Sentry).
- Hosting & storage: our cloud infrastructure and database providers (e.g. Railway, Neon).
We may also disclose data where required by law, or to protect our rights, users or the public.
6. Legal bases (EEA/UK)
Where the GDPR applies, we process your data to perform our contract with you (providing the Service), on the basis of your consent where required, for our legitimate interests (securing and improving the Service), and to comply with legal obligations (such as keeping billing records).
7. How long we keep it
We keep your personal data while your account is active. When you delete your account, it is locked immediately and permanently deleted after a 30-day grace period (logging back in within that window restores it). After the grace period your personal data and content are erased, except a minimal set of records we are legally required to retain (for example, billing and tax records), which we keep only for the period required by law and anonymize where possible.
8. Your rights & how to delete your account
Depending on where you live, you have rights to access, correct, delete, port, or restrict the processing of your personal data, and to object to certain processing. You can exercise these at any time by contacting info@pampaiter.com.
You can delete your account and associated data directly — see our account deletion page. You also have the right to lodge a complaint with your local data protection authority.
9. Subscriptions
Paid subscriptions are billed by Apple or Google, not by us. Deleting your Aura account does not cancel an active subscription — you must cancel it in your App Store or Google Play account to stop being billed.
10. Security
We use industry-standard measures to protect your data, including encrypted connections and access controls. No method of transmission or storage is 100% secure, but we work to protect your data and to notify you and the relevant authorities if a breach legally requires it.
11. International transfers
Your data may be processed in countries outside your own, including the United States, by the providers listed above. Where required, such transfers rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses.
12. Children
Aura is not directed to children and is intended for users aged 16 and over (or the minimum age of digital consent in your country). We do not knowingly collect data from children below that age.
13. Changes to this policy
We may update this policy from time to time. We will post the new version here and update the "Last updated" date; material changes will be communicated in the app where appropriate.
14. Contact
PAMPA ITER SL — info@pampaiter.com.