WASHINGTON CONSUMER HEALTH DATA PRIVACY POLICY

Effective Date: December 19, 2025
Company: Aura Health, Inc. d/b/a Aurie
Contact: hello@aurie.ai
Applies to: Washington residents under the My Health My Data Act (RCW 19.373)

1. INTRODUCTION

This Washington Consumer Health Data Privacy Policy (“CHD Privacy Policy”) explains how Aura Health, Inc. (“Aurie,” “we,” “us,” or “our”) collects, uses, shares, and protects Consumer Health Data (CHD) as defined under Washington’s My Health My Data Act (MHMDA).

Aurie is for adults only. You must be at least 18 years old to create an account and use the Services. By using Aurie, you confirm that you are 18 or older.

By using Aurie as a Washington resident, you agree to this Washington Consumer Health Data Privacy Policy, in addition to our main Privacy Policy.

2. WHAT IS CONSUMER HEALTH DATA (CHD)?

Under the MHMDA, “consumer health data” includes any personal information that is linked or reasonably linkable to a consumer and that identifies the consumer’s physical or mental health status.

For Aurie, CHD may include:

  • Sleep data
  • Activity or movement data
  • Mindfulness minutes
  • Wellness interactions within the app
  • Inferences about mental or emotional state
  • Crisis resource event indicators
  • IP address or device identifiers when linked to wellness-related features
  • Any health insights derived from your usage patterns

We do not collect clinical medical records or reproductive health data.

3. CATEGORIES OF CHD WE COLLECT

We collect the following categories of CHD:

(a) Data you provide

  • Reflections, wellness notes, and journal entries (wellness-related content)

(b) Data from device settings and wearable connections

  • Sleep, activity, mindfulness minutes (Apple Health or similar)

(c) Data generated through your interactions with Aurie

  • Crisis resource event indicators
  • Wellness interaction metadata
  • AI conversation context related to wellness
  • Inferences derived from usage patterns

(d) Technical data linked to wellness use

  • IP address
  • Device identifiers
  • System locale

4. SOURCES OF CONSUMER HEALTH DATA

We collect CHD from:

  • Direct input from you
  • Your device (with your permission)
  • Apple Health or wearable integrations
  • Inferences generated by Aurie
  • Metadata from crisis resource display events
  • Technical information derived during app usage when linked to wellness functions

5. PURPOSES OF COLLECTION AND USE

We use CHD for the following purposes:

  • Providing wellness features and AI conversations
  • Personalizing suggestions and content
  • Detecting when crisis resources must be displayed
  • Improving app performance and safety
  • Preventing fraud, misuse, and abuse
  • Complying with legal obligations
  • Maintaining security and enforcing terms

We may use aggregated and, where feasible, de-identified analytics based on Consumer Health Data to improve the performance, safety, and user experience of Aurie. We do not use Consumer Health Data to build marketing profiles or for targeted advertising.

6. HOW WE SHARE CHD

We do not sell CHD.

We only share CHD with:

(a) Service providers acting on our behalf

Such as:

  • AI processing providers
  • Speech-to-text and voice processing providers
  • Text-to-speech providers
  • Hosting, authentication, and storage providers
  • Analytics and measurement providers
  • Error monitoring and diagnostics providers

All service providers are contractually required to:

  • Process CHD only on our behalf
  • Maintain confidentiality
  • Not sell or use CHD for any independent purpose

Aurie does not currently have any affiliates as defined under Washington law with whom we share CHD. If this changes, we will update this policy and obtain your consent before sharing CHD with any affiliate.

(b) Third parties when required by law

We may disclose CHD to authorities when required to comply with legal obligations.

(c) Third parties with your explicit authorization

Any sharing beyond what is necessary to provide the Service requires separate and distinct consent.

7. CONSENT REQUIREMENTS (MANDATORY UNDER MHMDA)

(a) Collection Consent

We obtain your affirmative, opt-in consent before collecting CHD that is not strictly necessary to provide Aurie.

(b) Sharing Consent (Separate & Distinct)

Any sharing of CHD beyond what is necessary to operate Aurie requires separate and distinct consent presented independently from other permissions.

(c) Withdrawal of Consent

You may withdraw consent at any time by emailing hello@aurie.ai. Withdrawal is as easy as giving consent.

8. YOUR RIGHTS UNDER MHMDA

Washington residents have the following rights regarding their CHD:

  • Right to Access
  • Right to Deletion
  • Right to Withdraw Consent
  • Right to Confirm Processing
  • Right to Data List (list of third parties who received CHD)
  • Right to Appeal a Denial

You may exercise these rights:

  • In-app, where supported
  • Or by emailing hello@aurie.ai

We will verify your identity before processing your request.

9. LIST OF THIRD PARTIES

Upon request, we will provide a list of all third parties who have received CHD in the preceding three years, and the categories of CHD disclosed to each.

10. GEOFENCING PROHIBITION

Aurie does not use geofencing to identify, track, collect data from, or send messages to individuals within 2,000 feet of:

  • Mental health facilities
  • Hospitals
  • Clinics
  • Reproductive health centers
  • Homeless shelters
  • Addiction treatment centers
  • Similar health-related locations

11. DATA SECURITY

We use reasonable and appropriate technical and organizational safeguards, including:

  • Encryption in transit and at rest
  • Access controls
  • Authentication protections
  • Periodic security reviews

However, no system is perfectly secure.

12. DATA RETENTION

CHD is retained in accordance with our main retention schedule:

  • Active accounts: retained while your account is active
  • Backups: up to 90 days
  • Crisis event logs: retained only as necessary to support safety, detect misuse, and maintain service integrity. These logs do not include message content.
  • Legal requirements: longer retention when necessary

13. CHANGES TO THIS POLICY

We may update this CHD Privacy Policy as required by law or operational changes. Significant changes will be posted conspicuously on our website.

14. CONTACT

If you have questions, concerns, or requests related to this CHD Privacy Policy or our data practices, please contact us:

Email:
hello@aurie.ai (general inquiries)

Postal Mail:
Aura Health, Inc.
1 Ferry Building Ste. 201
San Francisco, CA 94111
United States

By using Aurie, you acknowledge that you have read, understood, and agree to this Washington Consumer Health Data Privacy Policy, in addition to our main Privacy Policy.