Privacy Policy

Aera (iOS) · Last updated: 2026-04-08

TL;DR

Your coaching data lives on your iPhone. We don't run a user database.
When you start a coaching session, your messages and a small profile summary are sent to OpenRouter.ai, which routes them to the AI model you picked (e.g. Anthropic Claude). We do not store these messages on our side.
No ads, no third-party tracking, no selling of data. We use Firebase Analytics with anonymized device data to understand which features people use.
You can delete everything any time from Settings → Delete All Data.
Aera is not a medical, psychological, or therapeutic service. In a crisis, please contact a qualified professional or your local emergency service.

1. Who is responsible

The data controller (responsible party) under the EU General Data Protection Regulation (GDPR) is:

Björn Schefzyk
Berlin, Germany
Email: bjoern.schefzyk@gmail.com

For full contact details, see the Imprint.

2. What data we process and why

2.1 Data you enter into the app

Aera collects the information you give it during onboarding and coaching: your name, your answers to onboarding questions (values, life-balance scores, mood, motivation, etc.), your chat messages with the AI coach, your focus areas, commitments, and weekly reviews.

Where it lives: on your iPhone, in the app's local database (SwiftData). We do not have a user account system and we do not have a copy of this data on our servers.

Legal basis: Art. 6 (1) (b) GDPR — processing is necessary to provide the service you requested.

2.2 Data sent to the AI provider

When you have a coaching session, the app sends to our backend:

Your current chat messages for that session
A short context summary built from your profile (e.g. coaching style, current focus, recent themes) so the AI can give relevant, personalized responses
The model identifier you selected

Our backend is a stateless proxy: it forwards the request to OpenRouter.ai, which in turn forwards it to the AI model provider you chose (e.g. Anthropic, OpenAI, Google). The AI provider's response is streamed back to you. We do not log or store the content of your messages on our backend.

Sub-processors involved in this step:

OpenRouter, Inc. (USA) — routing to AI providers. See openrouter.ai/privacy.
The model provider you select (e.g. Anthropic PBC, OpenAI OpCo LLC, Google LLC).

International transfers: Some of these providers are located outside the European Economic Area (EEA), in particular in the United States. Transfers are based on the EU Standard Contractual Clauses (Art. 46 (2) (c) GDPR) and/or the EU–U.S. Data Privacy Framework where the provider is certified.

Training: Anthropic Claude (the default model) does not train on API inputs by default. If you switch models, please review that provider's policy.

Legal basis: Art. 6 (1) (b) GDPR (performance of the service) and Art. 6 (1) (a) GDPR (your consent given during onboarding).

2.3 Push notifications

If you allow notifications, Aera schedules local notifications on your device only. We do not run a push server. We do not send your device token anywhere.

2.4 Speech recognition

If you use the dictation feature, Aera uses Apple's on-device SpeechTranscriber (iOS 26+). Your voice is processed locally on your iPhone and is not sent to us or to any third party.

2.5 Server logs

Our backend hosting provider may keep short-lived technical logs (IP address, timestamp, HTTP status) for security and abuse-prevention purposes. These logs are deleted automatically after at most 14 days. Legal basis: Art. 6 (1) (f) GDPR (legitimate interest in operating a secure service).

2.6 Product analytics

Aera uses Firebase Analytics (Google Ireland Limited) to understand which features people use and to find bugs and crashes. Firebase collects anonymized usage events (screen views, taps, app version, device model, OS version, language) and a randomly generated installation identifier. We do not send any of your coaching content, chat messages, profile answers, or names to Firebase.

We have IP-anonymization enabled and we do not link Firebase identifiers to a personal profile. Legal basis: Art. 6 (1) (f) GDPR (legitimate interest in product improvement, stability, and finding bugs). You can object to this processing at any time under Art. 21 GDPR by emailing us — see your rights below.

Firebase is operated by Google Ireland Limited; some processing happens in the United States. Transfers are based on the EU Standard Contractual Clauses. See firebase.google.com/support/privacy.

2.7 What we do not do

No advertising and no ad identifiers (IDFA).
No selling, renting, or sharing of personal data.
No profiling or automated decisions with legal effect on you.
No coaching content sent to analytics or any other third-party tool.

3. How long we keep your data

Data on your device stays there until you delete it (Settings → Delete All Data) or uninstall the app. Backend logs are kept for at most 14 days. We do not retain coaching content on our backend.

4. Your rights under GDPR

You have the right to: access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction (Art. 18), data portability (Art. 20), and to object (Art. 21). Where processing is based on your consent, you can withdraw that consent at any time, with effect for the future (Art. 7 (3) GDPR).

Because we do not store your coaching data on our side, the easiest way to exercise the right to erasure is to use Settings → Delete All Data inside the app. For everything else, contact us at bjoern.schefzyk@gmail.com.

You also have the right to lodge a complaint with a data protection supervisory authority, in particular in the EU member state of your habitual residence, your place of work, or the place of the alleged infringement.

5. Children

Aera is not directed to children under 16. We do not knowingly collect data from minors under that age. If you believe a child has used the app, please contact us so we can help delete the data.

6. Changes to this policy

If we make material changes, we'll update the "Last updated" date and, where required by law, ask for your renewed consent inside the app.