1. Introduction

Oura ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our emotion analysis platform.

2. Information We Collect

2.1 Personal Information

• Email address and account credentials
• Profile information you choose to provide
• Communication preferences

2.2 Emotion Analysis Data

• Facial expression analysis results
• Emotion detection scores and classifications
• Session timestamps and duration
• VAD (Valence, Arousal, Dominance) measurements

2.3 Technical Information

• Device information and browser type
• IP address and location data
• Usage patterns and analytics
• Performance metrics

3. How We Use Your Information

We use your information to:

• Provide and improve our emotion analysis services
• Maintain and secure your account
• Generate personalized insights and reports
• Communicate service updates and support
• Comply with legal obligations
• Conduct research and development (anonymized data only)

4. Data Processing Legal Basis (GDPR)

Under the General Data Protection Regulation (GDPR), we process your data based on:

• Consent: For emotion analysis and personalized features
• Contract: To provide our services
• Legitimate Interest: For security, analytics, and service improvement
• Legal Obligation: To comply with applicable laws

5. Data Sharing and Disclosure

We do not sell your personal data. We may share information in these limited circumstances:

• With your explicit consent
• To comply with legal requirements
• To protect our rights and safety
• With trusted service providers (under strict confidentiality agreements)
• In case of business transfer or merger

6. Data Security

We implement industry-standard security measures:

• End-to-end encryption for sensitive data
• Secure data transmission (HTTPS/TLS)
• Regular security audits and monitoring
• Access controls and authentication
• Data backup and recovery procedures

7. Data Retention

We retain your data for:

• Account data: Until account deletion + 30 days
• Emotion analysis data: 2 years or until deletion request
• Technical logs: 90 days
• Legal compliance data: As required by law

8. Your Rights (GDPR & CCPA)

You have the right to:

• Access: Request copies of your personal data
• Rectification: Correct inaccurate data
• Erasure: Request deletion of your data
• Portability: Export your data in a readable format
• Restriction: Limit how we process your data
• Objection: Object to certain data processing
• Withdraw Consent: Revoke consent at any time

9. International Data Transfers

We may transfer data internationally with appropriate safeguards:

• Adequacy decisions by the European Commission
• Standard Contractual Clauses (SCCs)
• Binding Corporate Rules where applicable

10. Cookies and Tracking

We use cookies and similar technologies for:

• Essential website functionality
• Performance monitoring and analytics
• User preferences and settings
• Security and fraud prevention

See our Cookie Policy for detailed information.

11. Children's Privacy

Our service is not intended for children under 16. We do not knowingly collect personal information from children. If we become aware of such collection, we will delete it promptly.

12. Third-Party Services

Our platform may integrate with third-party services for analytics and functionality. These services have their own privacy policies:

• Google Analytics (anonymized)
• Supabase (database services)
• Content delivery networks

13. Data Breach Notification

In case of a data breach, we will:

• Notify relevant authorities within 72 hours (GDPR requirement)
• Inform affected users without undue delay
• Provide clear information about the breach and our response
• Take immediate steps to mitigate impact

14. Privacy by Design

We implement privacy by design principles:

• Data minimization: We collect only necessary data
• Purpose limitation: Data used only for stated purposes
• Storage limitation: Data kept only as long as needed
• Transparency: Clear information about data practices

15. Updates to This Policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements. We will notify you of material changes through email or prominent notices on our platform.

16. Contact Us

For privacy-related questions or to exercise your rights, contact us:

• Email: [email protected]
• Data Protection Officer: [email protected]
• Address: [Your Business Address]

17. Supervisory Authority

If you're in the EU, you have the right to lodge a complaint with your local data protection authority if you believe we've violated GDPR requirements.