Privacy Policy

1. Overview

AURORA (hereinafter "the Company") values the personal information of users of the AURORA AI Music Player (hereinafter "the Service") and complies with applicable laws including the Personal Information Protection Act and the Act on Promotion of Information and Communications Network Utilization and Information Protection.

This Privacy Policy describes the types of personal information collected, the purposes of collection, retention periods, and third-party sharing practices.

2. Personal Information Collected

2.1 Automatically Collected Information

Category	Data Collected	Purpose
Device Identifier	Firebase Anonymous Auth UID (anonymous)	Credit management, AI generation history
Listening History	Song ID played, play time, duration, skip status, skip position	AI recommendation algorithm training, smart playlist creation, weekly reports
Music Metadata	Song title, artist, album, genre, duration (extracted from local files)	Library management, AI analysis
AI Analysis Data	AI genre classification, mood, energy, tempo, 128-dimensional feature vector	Content-based recommendations, similar song search
EQ Settings	Equalizer band values, Bass/Reverb/Surround settings	Audio settings persistence
App Usage Statistics	Screen transitions, feature usage frequency, error information	Service improvement, bug fixes
Device Information	Device model, OS version, app version, screen resolution, language settings	Compatibility improvement, debugging
Performance Data	App startup time, frame rate, memory usage	Performance optimization

2.2 User-Provided Information

Category	Data Collected	Purpose
AI Generation Prompts	Text prompts, genre/mood selections	AI music generation request processing
Reference Audio	User-uploaded reference audio (temporary)	Reference-based AI music generation
Purchase Information	Google Play purchase token (not stored on our servers)	Subscription/credit payment verification
Support Inquiries	Email address, inquiry content (for customer support)	Customer support response

2.3 Information We Do Not Collect

The Company does not collect the following information:

• Real name, national ID number, phone number, address, or other direct personal identifiers
• Music files themselves (audio data). Only metadata is analyzed.
• Contacts, photos, SMS, or other device data
• Location information (GPS, network-based location)

3. Collection Methods

1. Automatic in-app collection: Information automatically generated during service use (listening history, device info, performance data)
2. Firebase SDK: Collection through Firebase Analytics, Crashlytics, and Performance Monitoring
3. User direct input: AI generation prompts, reference audio uploads, customer inquiries
4. Google Play Billing: Purchase information verification through Google Play during payment processing

4. Purpose of Use

Collected personal information is used only for the following purposes:

1. Service provision: Music playback, playlist management, EQ settings persistence
2. AI personalization: Listening pattern analysis, personalized recommendations, smart playlists, weekly report generation
3. AI music generation: Generation request processing, credit management, generation history management
4. Payment processing: Subscription status verification, credit purchase verification
5. Service improvement: Usage statistics analysis, bug fixes, performance optimization
6. Customer support: Inquiry response, problem resolution
7. Advertising (free version): Personalized or non-personalized ad display through AdMob

5. Retention Period

Information Type	Retention Period	Notes
Listening history (local)	Until app deletion	Stored only in device local Room DB
AI analysis data (local)	Until app deletion	Stored only on device locally
Credits/generation history (Firestore)	Until account deletion request	Based on Firebase Anonymous Auth UID
Reference audio (Firebase Storage)	Deleted within 24 hours after generation	Temporary storage only
App usage statistics (Firebase Analytics)	Up to 14 months	Per Google Analytics data retention policy
Crash logs (Crashlytics)	Up to 90 days	Per Firebase Crashlytics policy
Performance data (Performance)	Up to 90 days	Per Firebase Performance policy
Customer inquiry records	1 year after resolution	For dispute resolution purposes

6. Third-Party Sharing

The Company does not sell users' personal information. Limited information may be shared with third parties for the following service provision purposes:

Provider	Purpose	Data Shared	Retention
Google Firebase	Authentication, data storage, analytics, crash reporting, performance monitoring, remote config	Anonymous UID, app usage stats, crash logs, performance data, credit/generation history	Per Google data retention policy
Google Play Billing	Subscription and in-app payment processing	Purchase token (not stored by Company)	Per Google policy
Google AdMob	Ad display (free version)	Advertising identifier (GAID), device info	Per Google advertising policy
AI Music Generation API Provider	AI music generation request processing	Text prompts, reference audio (temporary)	Deleted after generation

7. Destruction of Personal Information

1. Local data: All data stored on the device (listening history, AI analysis, EQ settings, playlists) is immediately deleted upon app deletion or data reset.
2. Cloud data: Upon user request for data deletion, data stored in Firebase (credit history, generation history) will be deleted within 30 days.
3. Reference audio: Reference audio files uploaded for AI music generation are automatically deleted from Firebase Storage within 24 hours after generation completion.
4. Destruction method: Electronic files are deleted using technically irrecoverable methods, and paper documents are shredded or incinerated.

8. User Rights

Users may exercise the following rights at any time:

1. Access request: You may request access to your personal information held by the Company.
2. Correction request: You may request correction of inaccurate personal information.
3. Deletion request: You may request deletion of your personal information, except where retention is required by law.
4. Processing suspension request: You may request suspension of personal information processing.
5. Consent withdrawal: You may withdraw consent for the collection and use of personal information.
6. Data portability: You may export your data using the backup feature within the Service.

The above rights may be exercised via written request or email to the contact information below. The Company will take action within 10 days of receiving the request.

9. Account Deletion and Data Deletion

9.1 How to Request Account Deletion

Users may request deletion of their account and related data through the following methods:

1. In-app deletion: You can delete directly through Settings > Account > Delete Account.
2. Email request: You may request account deletion at privacy@aurora-music.app. Firebase UID or linked Google account information is required for identity verification.

9.2 Data Deleted

The following data is permanently deleted upon account deletion:

Data Type	Storage Location	Deletion Timing
Firebase authentication info (Anonymous/Google UID)	Firebase Authentication	Immediately
Credit balance and transaction history	Cloud Firestore	Within 30 days of request
AI music generation history	Cloud Firestore	Within 30 days of request
Uploaded reference audio	Firebase Storage	Immediately (already auto-deleted within 24 hours)
Listening history, AI analysis data, EQ settings	Device local (Room DB)	Upon app deletion or data reset
Playlists and favorites	Device local (Room DB)	Upon app deletion or data reset

9.3 Deletion Processing Period

1. In-app deletion: Server data is deleted immediately to within 30 days.
2. Email request: Processing begins within 10 business days after identity verification, completed within 30 days.
3. You will be notified by email upon completion of deletion.

9.4 Data Retained After Deletion

The following data may be retained for a certain period after account deletion as required by law:

• Payment records: Records of payment and supply of goods are retained for 5 years per the Act on Consumer Protection in Electronic Commerce
• Consumer complaint/dispute records: Retained for 3 years per the same Act
• Service usage records: Retained for 3 months per the Protection of Communications Secrets Act

9.5 Effects of Account Deletion

10. Advertising and Tracking

9.1 AdMob Advertising (Free Version)

1. The free version displays banner ads through Google AdMob.
2. AdMob may use the advertising identifier (GAID) to serve personalized ads.
3. Users can reset their advertising identifier or opt out of personalized ads in device settings:
   • Settings > Google > Ads > Opt out of ad personalization

9.2 Firebase Analytics

1. App usage statistics are collected through Firebase Analytics for service improvement.
2. Collected data is anonymized and is not used to identify specific individuals.
3. Users can disable usage statistics sharing in device settings.

11. Children's Privacy

1. The Service is intended for users aged 14 and above.
2. The Company does not intentionally collect personal information from children under 14.
3. If a child under 14 uses the Service, parental or legal guardian consent is required. Upon request from a legal guardian, the child's personal information will be immediately deleted.
4. If the Company becomes aware that personal information of a child under 14 has been collected, it will promptly destroy such information.

12. International Transfer

Personal information may be transferred overseas for service operation as follows:

Recipient	Country	Data Transferred	Purpose
Google LLC (Firebase)	United States	Anonymous UID, credit history, generation history, app usage stats, crash logs	Cloud service operation, data storage
Google LLC (AdMob)	United States	Advertising identifier, device info	Ad service provision (free version)
AI Music Generation API Provider	United States, etc.	Text prompts, reference audio	AI music generation processing

13. Personal Information Protection Measures

The Company implements the following measures to safely protect users' personal information:

12.1 Technical Measures

• TLS/SSL encryption for network communications
• Local data protected by Android FBE (File-Based Encryption)
• Firebase Firestore security rules restricting access to authenticated user's own data only
• Server-side credit management through Cloud Functions (preventing client manipulation)
• App code protection through R8 obfuscation

12.2 Administrative Measures

• Minimization of personal information access privileges
• Internal training on personal information handling
• Regular security inspections and vulnerability assessments

14. Data Protection Officer

The Company designates the following Data Protection Officer to protect users' personal information and handle related complaints:

Users may apply for consultation or dispute mediation with the following organizations for remedies for personal information infringement:

• Personal Information Infringement Report Center (KISA): privacy.kisa.or.kr / 118
• Personal Information Dispute Mediation Committee: www.kopico.go.kr / 1833-6972
• Supreme Prosecutors' Office Cyber Investigation Division: www.spo.go.kr / 1301
• National Police Agency Cyber Bureau: ecrm.police.go.kr / 182

15. Notification of Changes

1. If this Privacy Policy is amended, users will be notified via in-service announcement or push notification at least 7 days before the effective date.
2. For changes unfavorable to users, notice will be given at least 30 days in advance.
3. Previous versions of this Privacy Policy are available within the Service.

16. Revision History

Version	Effective Date	Key Changes
1.0	March 11, 2026	Initial publication

Addendum

This Privacy Policy is effective from March 11, 2026.