Last updated: May 27, 2026
For the purposes of Regulation (EU) 2016/679 (GDPR) and Spanish Organic Law 3/2018, the entity above acts as the data controller of personal data collected through the AURUM application.
AURUM processes the following data only to deliver the service:
With your explicit in-app consent, AURUM reads the following from Apple HealthKit:
AURUM does not write any data to HealthKit. These signals are used solely to compute your daily readiness, adjust your workouts, and show you your progress.
| Purpose | Legal basis |
|---|---|
| Create and manage your account | Contract performance (GDPR Art. 6(1)(b)) |
| Deliver the coaching service | Contract performance (GDPR Art. 6(1)(b)) |
| Read Apple HealthKit data | Explicit consent (GDPR Art. 9(2)(a)) |
| Process meal photos and voice notes | Explicit consent (GDPR Art. 6(1)(a)) |
| Service communications (changes, incidents) | Legitimate interest / contract |
| Error monitoring and service improvement | Legitimate interest (GDPR Art. 6(1)(f)) |
You can withdraw consent at any time in the app (Settings → Privacy) or by emailing pxpep.j10@gmail.com.
Data is stored on servers in the European Union (Railway / managed PostgreSQL).
We share data with the following processors, only as needed to deliver the service:
| Provider | Purpose | Location | Safeguards |
|---|---|---|---|
| OpenAI, L.L.C. | Meal photo analysis (GPT-4o) and voice transcription (Whisper) | USA | EU Standard Contractual Clauses |
| Sentry (Functional Software, Inc.) | Error monitoring | USA / EU | EU Standard Contractual Clauses |
| Railway Corp. | Backend and database hosting | EU | EU Standard Contractual Clauses |
| Apple Inc. | App Store distribution, HealthKit | USA | EU-US Data Privacy Framework |
We do not sell your data. We do not share your data with advertisers. We do not use your data to train our own or any third-party AI models.
OpenAI explicitly states that API data is not used to train their models (we use the API).
Under GDPR you have the right to:
You can exercise these rights from inside the app (Settings → Account → Export / Delete my data) or by emailing pxpep.j10@gmail.com. We will respond within one month.
If you believe we are processing your data unlawfully, you may lodge a complaint with the Spanish Data Protection Agency (www.aepd.es) or your local supervisory authority.
AURUM is intended for users aged 16 and over. If we learn we have collected data from a minor without valid parental consent, we will delete it immediately.
We will publish any updates at this same URL and, for material changes, notify you in-app before they take effect.
For any privacy questions or to exercise your rights:
pxpep.j10@gmail.com