Colorful Aura Inc. Colorful Aura ← Back to site

Morning Unlock

Privacy Policy

Last updated: May 9, 2026

Table of Contents

  1. Introduction and Scope
  2. Information We Collect
  3. Information We Do Not Collect
  4. How We Use Your Information
  5. How We Share Your Information
  6. Apple HealthKit Disclosure
  7. Camera and Photo Permissions
  8. Cookies and Tracking Technologies
  9. Data Retention
  10. Data Security
  11. Your Rights and Choices
  12. Children's Privacy (COPPA)
  13. GDPR
  14. CCPA and CPRA
  15. CalOPPA
  16. Changes to This Policy
  17. Contact Us

1. Introduction and Scope

This Privacy Policy describes how Colorful Aura Inc. ("we," "us," or "our"), a New York C Corporation, collects, uses, stores, and shares information when you use the Morning Unlock iOS application and related services. Our marketing website is at colorfulaura.co.

By downloading or using the App, you acknowledge that you have read and understood this Privacy Policy. If you do not agree, do not use the App.

2. Information We Collect

All data is linked to your identity through your Firebase Authentication User ID. We do not use this data for advertising, behavioral tracking, or sale to third parties.

2.1 Contact Information

  • Email address — collected when you register via email/password or Google Sign-In.
  • First and last name — collected via Google Sign-In if your account provides it.
  • Username — a display name you choose within the App.

2.2 Health and Fitness Data

  • Sleep session data — read from Apple HealthKit with your explicit permission. Used solely to compute your sleep score and display sleep history. Never sold, shared for marketing, or used for advertising.

2.3 User Content

  • Morning verification photos — transmitted to OpenAI's GPT-4o Vision API for AI classification. Not stored on our servers after classification.
  • Profile and avatar photos — stored in Firebase Cloud Storage.
  • Journal entries — stored locally on your device only. Never transmitted to our servers.
  • Challenge messages and friend nudge content — sent between friends using social features.
  • Support and feedback submissions — content submitted through the in-app support form.

2.4 Identifiers

  • Firebase Authentication UID — a unique identifier assigned to your account.
  • RevenueCat App User ID — used for subscription state management.
  • Firebase Cloud Messaging (FCM) push token — used exclusively to deliver push notifications.

2.5 Usage Data

  • Morning verification timestamps, streak counts, challenge participation records, and Evening Downtime usage counts.

2.6 Diagnostics

  • Crash reports via Firebase Crashlytics — device model, iOS version, and crash stack traces.

2.7 Purchase Information

  • Subscription status tracked via RevenueCat. We never receive or store payment card or bank account data — Apple processes all payments.

2.8 Acquisition Source

  • If you select how you heard about the App during onboarding, that anonymous category and timestamp are recorded internally. No personal identifiers are included.

3. Information We Do Not Collect

We do not collect: phone numbers, physical addresses, date of birth, location data, sensitive personal information, device contacts, audio recordings, browsing history, financial information, advertising identifiers (IDFA), or behavioral data for advertising.

4. How We Use Your Information

  • Providing the App and its features — authentication, account management, sleep insights, morning verifications, social features, and subscriptions.
  • Classifying morning verification photos via OpenAI.
  • Delivering push notifications via Firebase Cloud Messaging.
  • Subscription management via RevenueCat.
  • Security, fraud prevention, and crash reporting.
  • Legal compliance.

5. How We Share Your Information

We do not sell, rent, or trade your personal information. We share data only with the following service providers.

5.1 Google LLC / Firebase

Authentication, Firestore, Cloud Messaging, Crashlytics, and Cloud Storage. Privacy Policy ↗

5.2 RevenueCat, Inc.

Subscription state management and purchase validation. Privacy Policy ↗

5.3 OpenAI L.L.C.

AI classification of morning verification photos. Photos are processed but not stored. Privacy Policy ↗

5.4 Apple Inc.

HealthKit data access and App Store payment processing. Privacy Policy ↗

6. Apple HealthKit Disclosure

We access sleep session data from Apple HealthKit with your explicit permission. This data is used solely to compute your sleep score and provide insights. It is never used for advertising, shared for marketing, or sold. This use complies with Apple's HealthKit guidelines.

7. Camera and Photo Permissions

The App requests camera access for morning verification photos. These are transmitted to OpenAI for classification and not stored on our servers afterward. Profile photos are stored in Firebase Cloud Storage.

8. Cookies and Tracking Technologies

The App does not use cookies. Firebase Authentication may use device-local tokens to maintain your session. We do not use third-party advertising or tracking SDKs, and we do not access the Advertising Identifier (IDFA).

9. Data Retention

We retain your data for as long as your account is active. Upon account deletion, your personal data is deleted within 30 days, except where longer retention is required by law. Crash reports are retained for up to 90 days.

10. Data Security

We use Firebase Authentication with encrypted credentials, TLS encryption for data in transit, and Firebase Security Rules for access control. No system is completely secure and we cannot guarantee absolute security.

11. Your Rights and Choices

You may access, correct, export, or delete your personal data at any time by emailing info@colorfulaura.co with subject line "Privacy Request." You can also delete your account within the App. We respond to all verified requests within 30 days.

12. Children's Privacy (COPPA)

The App is not directed at children under 13. We do not knowingly collect personal information from children under 13. If you believe your child has provided personal information, contact info@colorfulaura.co and we will delete it promptly.

13. GDPR — EEA, United Kingdom, and Switzerland

13.1 Data Controller

Colorful Aura Inc. — info@colorfulaura.co — (754) 703-8553

13.2 Lawful Bases for Processing

Processing ActivityLawful Basis
Reading HealthKit sleep dataConsent (explicit iOS permission)
Account creation and authenticationPerformance of a contract
Delivering App featuresPerformance of a contract
Subscription managementPerformance of a contract
Crash reporting and securityLegitimate interest
Legal complianceLegal obligation

13.3 Your GDPR Rights

You have the right to access, rectify, erase, restrict, port, or object to the processing of your personal data. Contact info@colorfulaura.co. We respond within 30 days.

13.4 International Data Transfers

Your data is processed using Google Firebase, which provides GDPR-compliant transfer mechanisms including Standard Contractual Clauses (SCCs). See Google Cloud GDPR compliance ↗.

14. CCPA and CPRA — California Residents

California residents have the right to know, delete, correct, and opt out of the sale or sharing of personal information. We do not sell personal information and do not share it for cross-context behavioral advertising. To exercise your rights, email info@colorfulaura.co. We respond within 45 days.

15. CalOPPA

The App does not engage in cross-site or cross-app behavioral tracking and does not respond to Do Not Track (DNT) signals. When we update this Privacy Policy, we update the "Last Updated" date and post the revised policy at colorfulaura.co.

16. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated through an in-app notice or via email. Continued use after the effective date constitutes acceptance of the revised policy.

17. Contact Us

Colorful Aura Inc.
Email: info@colorfulaura.co
Phone: (754) 703-8553
Website: colorfulaura.co

For data subject requests, email with subject line "Privacy Request."

© 2026 Colorful Aura Inc. — Brooklyn, NY

  • Home
  • Terms of Service
  • Privacy Policy
  • Contact