AuraPlay

Privacy Policy

Effective 26 May 2026

AuraPlay (“AuraPlay”, “we”, “us”) is a free, browser-based music discovery app that turns local weather into a listening mood. This policy explains, in plain language, what information AuraPlay does and does not collect, where that information goes, and the choices you have. It applies to everything available at auraplay.space and the installable Progressive Web App built from it.

The short version

  • AuraPlay does not require an account. Sign-in is optional.
  • Your approximate location is used once to fetch the current weather, and is not stored on our servers.
  • App preferences and caches are stored in your browser’s local storage. They never leave your device.
  • Privacy-friendly usage analytics only run if you accept the consent banner. You can change your mind at any time from the cookie banner.
  • We do not sell your personal data. We do not show personalised ads.

1. Who we are

AuraPlay is an independent, non-commercial project. References to “we” in this policy mean the individual maintainers operating the project under the AuraPlay name. You can reach us at contact2save@gmail.com.

2. Age requirement

AuraPlay is intended for users who are 18 years of age or older. By using AuraPlay you confirm that you meet that age requirement. We do not knowingly collect personal information from anyone under 18. If you believe a minor has used AuraPlay and provided personal information, please contact us so we can remove it.

3. What AuraPlay collects, and why

a. Approximate location (only when you ask for a weather scan)

When you tap “Sense your weather” AuraPlay asks your browser for your current location. If you grant permission, your coordinates are sent directly from your browser to OpenWeatherMap to look up the current conditions, and to no one else. We do not store your coordinates on a server, and you can choose to type a city manually instead of sharing your location.

b. Optional account (Supabase Auth)

You can use AuraPlay without an account. If you choose to sign in, authentication is handled by Supabase, which stores the email address and password (hashed) that you provide and issues a session token to your browser. AuraPlay uses that session only to remember you across visits. We do not use sign-in data for advertising or share it with third parties beyond Supabase, our auth provider.

c. Information stored only in your browser

AuraPlay uses your browser’s local storage to remember preferences (e.g. last-used city, language, audio settings), to cache weather and music lookups so we don’t re-query third parties unnecessarily, and to keep a small history of recently played tracks so you don’t hear the same songs back-to-back. These keys are prefixed with auraplay: and never leave your device. You can clear them at any time from your browser’s site-settings or by using a private/incognito window.

d. Usage analytics (only with your consent)

If you accept the consent banner, AuraPlay loads Vercel Analytics and Vercel Speed Insights. These services receive aggregated, pseudonymous information about page views and performance (such as page URL, referrer, country-level location derived from IP, device type, and load timings). Vercel does not use cookies for this analytics product and does not track you across other websites. If you decline, we do not load these scripts at all. You can change your choice at any time using the cookie banner that re-appears from the page footer.

e. Server logs

AuraPlay is hosted on Vercel. Vercel maintains short-lived operational logs (IP address, request path, user-agent, timestamp) for the purpose of running the platform, protecting against abuse, and producing aggregate traffic statistics. We do not access these logs to identify individual users.

4. Third-party services AuraPlay relies on

AuraPlay is a thin client over free public APIs. When you use it, your browser communicates directly with the following services, each governed by its own privacy policy:

  • OpenWeatherMap — current weather lookups from your coordinates or city.
  • Last.fm — genre and track suggestions for a given mood. No personal data is sent; only mood tags.
  • YouTube (Google) — resolves suggestions to playable videos and embeds the YouTube IFrame Player. Google may set cookies when a YouTube player loads; this is controlled by Google.
  • Jamendo and Audius — additional free music catalogues used for direct audio playback.
  • Supabase — optional authentication, only if you create an account.
  • Vercel — hosting, edge delivery, and (with your consent) analytics and speed insights.

AuraPlay does not control these services. Visiting their pages or using their players means your browser also interacts with them directly. We recommend reviewing each provider’s privacy policy if you want to understand the full data flow.

5. Cookies and similar technologies

AuraPlay itself does not set advertising or tracking cookies. The analytics scripts we load with your consent do not use cookies. The embedded YouTube player may set cookies controlled by Google. The rest of AuraPlay’s state lives in your browser’s local storage, which is similar in spirit to a first-party cookie but is never sent to our servers.

6. How long we keep data

  • Local-storage entries persist on your device until you clear them. Most cached entries also self-expire (typically within 30 minutes to an hour).
  • Supabase account data is kept for as long as your account exists. If you ask us to delete it, we will remove it within a reasonable period.
  • Hosting and analytics logs are retained by Vercel according to Vercel’s own retention policy.

7. Your rights

Depending on where you live, you may have rights under data protection laws such as India’s Digital Personal Data Protection Act, 2023 (DPDP) or the EU/UK General Data Protection Regulation (GDPR). These can include the right to access, correct, or delete personal data we hold about you, to object to certain processing, to withdraw consent, and to lodge a complaint with a supervisory authority.

To exercise any of these rights, email us at contact2save@gmail.com. Because AuraPlay holds very little personal information, in most cases the fastest way to exercise these rights is to clear your browser’s site data for auraplay.space and, if you have an account, ask us to delete it.

8. International transfers

The services AuraPlay uses (OpenWeatherMap, YouTube, Last.fm, Jamendo, Audius, Supabase, Vercel) operate globally and may process data outside the country you are in. By using AuraPlay you understand that your interactions with these services may involve such transfers.

9. Security

AuraPlay is served over HTTPS, and authentication is delegated to Supabase, which hashes passwords and issues secure session tokens. No system is perfectly secure, however, so we recommend choosing a unique password if you create an account and signing out from shared devices.

10. Changes to this policy

We may update this policy from time to time, for example to reflect new features or third-party services. When we do, we will update the effective date at the top of this page. Material changes will be highlighted on the homepage or in the app for a reasonable period.

11. Contact

Questions, requests, or complaints about this policy can be sent to contact2save@gmail.com.

See also our Terms of Use and How AuraPlay works.