Privacy Policy

Foundation Labs, Inc. Operating the Aura Platform

Last Updated: December 1, 2025

1. Introduction

Foundation Labs, Inc. (“Foundation Labs,” “we,” “our,” or “us”) operates Aura, a social prediction market platform focused on pop culture, entertainment, and campus life. Because we ask users to share predictions, engage with content, and interact with others, protecting your privacy is fundamental to our mission.

Aura is a social, play-money prediction platform. Certain activities you choose to perform on Aura - including your predictions, market positions, and public profile information - may be visible to other users.

This Privacy Policy explains what information we collect, how we use it, the choices you have, and the rights you can exercise. By using Aura—whether through our website, mobile apps, or any other services we provide (collectively, the “Services” or “Aura”)—you agree to the terms of this Privacy Policy. If you do not agree, please do not use our Services.

2. Scope

This Privacy Policy applies to personal information processed in connection with the Services. It does not apply to third-party websites or services that we do not control, even if they link to, or are accessible from, Aura.

Accessibility: This Privacy Policy is available at playaura.xyz/privacy and can be accessed directly from within the Aura mobile app through Settings > Privacy Policy, as required by Apple App Store guidelines.

3. Information We Collect

3.1 Information You Provide to Us

Account Information

• Display name and username
• Email address and password
• Profile picture or avatar (optional)
• Bio and profile details
• Age verification information

Content and Activity

• Predictions and market positions
• Comments and posts (when available)
• Markets you create or participate in
• Trading history and Aura (play-money) transactions
• Interactions with other users’ content

Communications

• Messages to our support team
• Feedback and survey responses
• Reports of violations or concerns

3.2 Information We Collect Automatically

Usage Data

• Markets visited and time spent
• Search queries and browsing patterns
• Features used and interactions with content
• App performance and crash data

Device and Connection Information

• IP address and approximate location inferred from IP address (city/state level only).
• IP address and general location (city/state level)
• Browser type and version
• Operating system and device type
• Device identifiers and mobile advertising IDs
• Network information
• We do not collect, request, or store precise GPS location data at any time. Aura does not access your device’s location services.

Cookies and Similar Technologies

• Session cookies to keep you logged in
• Preference cookies to remember your settings
• Analytics cookies to understand usage patterns
• Security cookies to prevent fraud
• We do not use third-party advertising cookies or tracking identifiers for cross-app or cross-website advertising.

3.3 Prediction Activity Data

• We may use your prediction activity and engagement patterns to recommend other users you may want to follow, if this feature is introduced in the future.

4. How We Use Information

We process your information to:

Provide Core Services

• Create and maintain your account
• Display markets and execute trades
• Process Aura (play-money) transactions
• Show predictions and market outcomes
• Enable social features and interactions

Personalize Your Experience

• Recommend relevant markets (reality TV, music, campus events)
• Suggest users to follow
• Customize content based on your interests
• Remember your preferences
• Personalization may include suggesting accounts to follow or highlighting trending creators if such social features are introduced in future versions of Aura.

Improve and Develop Our Services

• Analyze usage patterns and trends
• Test new features with user groups
• Generate aggregate statistics on prediction accuracy
• Conduct research on user behavior

Detecting and Preventing Manipulation

• We use behavioral and technical signals to detect suspicious activity, coordinated market manipulation, duplicate accounts, vote brigading, or other actions that violate our Terms of Service.

Personalization and Recommendations

• We use your activity - including markets viewed, predictions submitted, and interactions with content - to recommend relevant markets and improve your in-app experience. These recommendations do not involve automated decisions with legal or similarly significant effects.

Communicate with You

• Send account-related notifications
• Provide customer support
• Share updates about markets you follow
• Send marketing communications (with your consent)
• We send both transactional push notifications (e.g., market updates, results, account alerts) and marketing push notifications (e.g., new features, recommended markets). You can control push notification preferences in your device settings.

Ensure Safety and Security

• Detect and prevent fraud
• Identify and remove spam or abusive content
• Enforce our Terms of Service
• Investigate violations and suspicious activity
• Protect users from harmful behavior
• While we manually review reports for safety and integrity, Aura does not currently use automated moderation or AI-based decision-making systems to enforce policies.

Comply with Legal Obligations

• Respond to legal requests
• Enforce our agreements
• Comply with applicable laws and regulations

5. Legal Bases for Processing (EEA/UK Only)

If you are in the European Economic Area or United Kingdom, we process your personal data based on:

• Contract: To provide the Services you requested (Article 6(1)(b) GDPR)
• Legitimate Interests: To improve our Services, ensure security, and grow our business, balanced against your rights (Article 6(1)(f))
• Consent: For optional uses like marketing emails or certain cookies (Article 6(1)(a))
• Legal Obligation: To comply with applicable laws (Article 6(1)(c))

6. How We Share Information

6.1 Public Information

The following information is public by default:

• Username and profile picture
• Bio and profile information
• Predictions and market positions
• Comments and created markets
• Aura balance (play-money)
• Leaderboard rankings

Private messages, reports, and account settings are never public.

6.2 With Service Providers

We share information with trusted third parties who help us operate:

• Cloud hosting and data storage
• Email and communication services
• Analytics and performance monitoring
• Payment processing (for any premium features)
• Security and fraud prevention
• Customer support tools

Important: All service providers are bound by confidentiality agreements and are required to provide the same or equal protection of user data as stated in this Privacy Policy. They can only use your data to provide services to us and must delete or return all personal data upon completion of their services. We regularly audit our service providers to ensure compliance with these requirements, as mandated by Apple App Store guidelines. Service providers may store or process data in the United States or other countries where they operate, subject to appropriate safeguards.

We do not allow service providers to use your personal information to train machine learning models for their own purposes.

6.3 For Legal and Safety Reasons

We may disclose information when we believe it’s necessary to:

• Comply with legal obligations or respond to lawful requests
• Protect the rights, property, or safety of Foundation Labs, the Aura platform, our users, or others
• Detect, prevent, or address fraud, security, or technical issues
• Enforce our Terms of Service or other agreements

6.4 Business Transfers

If Foundation Labs or the Aura platform is involved in a merger, acquisition, bankruptcy, or sale of assets, your information may be transferred. We will notify you via email and/or prominent notice in our Services before your information is transferred and becomes subject to a different privacy policy.

6.5 With Your Consent

We may share information for other purposes with your explicit consent.

We never sell your personal information for money.

7. Your Choices and Rights

7.1 Account Controls

You can:

• Update your profile information anytime
• Change your email and notification preferences
• Delete content you’ve created
• Close your account

Account Deletion (Required by Apple App Store): You can delete your account at any time directly from within the Aura iOS app by going to Settings > Account > Delete Account, or by contacting us at support@playaura.xyz. When you delete your account:

• We will immediately remove your profile from public view
• Your Aura balance will be forfeited and cannot be recovered
• Your personal information will be deleted within 30 days
• Some anonymized data may be retained for analytics
• Information required for legal compliance may be retained as necessary

Because Aura does not collect precise location data, no location-based information is stored or deleted as part of account deletion.

7.2 Privacy Rights

Depending on your location, you may have the right to:

• Access: Request a copy of your personal data
• Correction: Update or correct inaccurate information
• Deletion: Request we delete your account or specific data
• Portability: Receive your data in a machine-readable format
• Restriction: Limit how we process your data
• Objection: Object to certain processing activities
• Withdraw Consent: Opt out of optional processing

To exercise these rights, contact us at support@playaura.xyz.

7.3 Communication Preferences

• Marketing Emails: Opt out using the unsubscribe link in any marketing email
• Push Notifications: Manage through your device settings
• In-App Notifications: Control in your account settings

Disabling marketing push notifications does not affect necessary transactional notifications, which may still be sent for account or platform functionality.

7.4 Do Not Track

We do not currently respond to Do Not Track browser signals.

8. Cookies and Tracking Technologies

8.1 Types of Cookies We Use

Essential Cookies

• Keep you logged in
• Remember your session
• Ensure security

Functional Cookies

• Remember your preferences
• Store your settings
• Personalize your experience

Analytics Cookies

• Understand how you use our Services
• Measure performance
• Identify popular features

8.2 Managing Cookies

You can control cookies through:

• Browser settings (block or delete cookies)
• Mobile device settings (limit ad tracking)
• Our cookie preference center (when available)

Note: Disabling certain cookies may limit functionality of our Services.

8.3 App Tracking Transparency (iOS)

If we implement features that track you across other companies’ apps or websites, we will request your permission through Apple’s App Tracking Transparency framework. You can change your tracking preferences at any time in your iOS Settings > Privacy > Tracking.

Currently, Aura does not track users across other companies’ apps or websites for advertising or advertising measurement purposes.

9. Data Retention

We retain your personal data only as long as necessary for the purposes outlined in this Policy, unless longer retention is required by law.

Active Accounts: We keep your data while your account is active and you use our Services.

After Account Deletion: We typically delete or anonymize personal data within 30 days, except:

• Data in backup systems (deleted according to backup schedules)
• Data we must retain for legal compliance
• Anonymized or aggregated data used for analytics

Prediction activity associated with your identity (such as past predictions, accuracy metrics, and Aura transactions) will be deleted or anonymized within the same 30-day window following account deletion.

10. Security

We implement industry-standard safeguards to protect your information:

• Encryption in transit (HTTPS/TLS)
• Secure data storage
• Access controls and authentication
• Regular security audits and testing
• Incident response procedures

We use industry-standard encryption to protect data in transit and at rest. While we strive to protect your data, no system is 100% secure. Please use strong passwords and protect your account credentials.

11. International Data Transfers

Foundation Labs is based in the United States. When you use our Services, your information may be transferred to and processed in countries other than your own. These countries may have different data protection laws.

For transfers from the EEA/UK, we rely on:

• Standard Contractual Clauses
• Other appropriate safeguards under applicable law

When transferring data internationally, we ensure an adequate level of protection consistent with the standards of your jurisdiction.

Aura does not engage in automated decision-making that produces legal or similarly significant effects under EEA/UK law.

12. Children’s Privacy

Users under 18 are strictly prohibited from creating an account or using any part of the Aura platform.]. We do not knowingly collect personal information from anyone under 18 years of age. If we learn that we have collected information from someone under 18, we will delete it promptly. If you believe we have information from or about anyone under 18, please contact us at support@playaura.xyz.

13. California Privacy Rights

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

Right to Know: You can request information about:

• Categories of personal information we collect
• Sources of that information
• Our business purposes for collecting it
• Categories of third parties we share it with

Right to Delete: Request deletion of your personal information, subject to certain exceptions.

Right to Opt-Out: We do not sell personal information, but you can opt out of certain sharing.

Non-Discrimination: We will not discriminate against you for exercising your privacy rights.

To exercise these rights, contact us at support@playaura.xyz or visit our Privacy Center. We do not sell or share personal information for cross-context behavioral advertising as defined under California law.

Aura does not ‘share’ personal information for cross-context behavioral advertising as defined under California law.

14. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by:

• Email notification
• In-app notification
• Prominent notice on our website

The “Last Updated” date at the top shows when this Policy was last revised. Continued use of our Services after changes means you accept the updated Policy.

If changes materially reduce your privacy rights, we will notify you before the updated policy takes effect.

15. Contact Us

If you have questions about this Privacy Policy or our privacy practices, please contact us: support@playaura.xyz

For privacy-specific inquiries, you may also email: privacy@playaura.xyz

If we appoint a Data Protection Officer (DPO) in the future, we will update this Policy with their contact information.

Your Privacy Matters

At Aura, we believe that prediction markets should be fun, social, and safe. We’re committed to protecting your privacy while creating the best possible experience for our community. Thank you for trusting us with your information.