Privacy Policy

1. What we collect

Account: email for magic-link auth via Supabase. No passwords stored.

Inference frames: JPEG bytes processed in-memory; only stored in your private bucket if you sign in. RLS-protected per user.

Audit chain: SHA-256 hashes, plan, timestamps. Tamper-evident log.

Billing: handled by Stripe. We never see your card number.

2. What we never do

We never perform face recognition, biometric ID, or person re-identification. NEPA detects movement-based anomalies via world-model prediction error — not identity. We never train on your data.

3. Data location

Supabase (Singapore region) for auth + audit + storage. Stripe for billing. Vercel HKG1 for the app. Edge runtime on a Jetson Nano in Kowloon, HK.

4. Your rights

Email privacy@aurasensehk.com to access, delete, or export your data. We respond within 7 days.

5. Cookies

Only Supabase's HTTP-only session cookie. No marketing trackers, no cross-site profiling.

6. Contact

AuraSense Ltd, Kowloon, Hong Kong. privacy@aurasensehk.com