Privacy Policy
Last updated: March 17, 2026
Summary
- We collect location, health conditions, and email to provide our service.
- Location data is used in real-time only and is not stored on our servers.
- Health conditions are only used to personalize advice and require your explicit consent.
- You can delete your account and data at any time.
- We do not sell your personal data to any third party.
- AI health advice is for reference only and does not replace medical advice.
1. Data We Collect
- Account information: Email address and display name when you sign up (via our authentication service).
- Location (sensitive data): GPS coordinates (when permitted) to find the nearest air quality monitoring station. Location is used in real-time only and is not stored on our servers.
- Health conditions (sensitive data):Self-reported health conditions (asthma, cardiovascular, allergies, etc.) for personalized advice. This is sensitive data under Vietnam's Personal Data Protection Law (Decree 13/2023/ND-CP).
- Avatar: Profile photo you upload (max 2MB, PNG/JPEG/WebP/GIF), stored on cloud storage.
- Notification token: A device token for sending air quality alert notifications.
- Usage data: Anonymized usage information (access times, features used) to improve the service.
2. Sensitive Data and Explicit Consent
Under Vietnam's Personal Data Protection Law (Decree 13/2023/ND-CP), we require your explicit consent before processing the following sensitive data:
- GPS location: Used in real-time only to find the nearest air quality monitoring station. Location data is not stored on our servers. You can revoke location access at any time in your device settings.
- Health conditions: Stored in your user profile to personalize AI health advice. You can view, edit, or delete your health conditions at any time in the Profile section of the app. Providing health information is entirely voluntary.
You may withdraw your consent at any time by deleting the relevant data in the app or contacting us. Withdrawal of consent does not affect the lawfulness of prior processing.
3. Purpose of Data Use
- Monitor real-time Air Quality Index (AQI) at your location.
- Provide air quality and weather forecasts.
- Detect wildfire hotspots and issue danger alerts.
- Assess health risks based on environmental indicators and your health conditions.
- Generate personalized health advice using artificial intelligence.
- Send push notifications when AQI exceeds dangerous levels (AQI > 150).
- Process payments and manage subscriptions (via Dodo Payments).
4. AI Health Advice Disclaimer
- AI-generated health advice is for REFERENCE ONLY.
- It does NOT replace the opinion of a doctor or healthcare professional.
- Aiora is not a licensed medical provider and does not offer diagnosis, treatment, or medical consultation services.
- In case of a health emergency, call 115 (Vietnam) or contact your nearest medical facility or local emergency services.
5. Third-Party Services
- Authentication service: Handles sign-up and sign-in. Data processed under the provider's privacy policy.
- International air quality data sources: Provide AQI data from global monitoring stations. No personal data is shared with these services.
- Weather forecast service: Weather and air quality forecasts. No personal data required.
- Dodo Payments: Payment processing as Merchant of Record. Payment information handled under Dodo Payments Privacy Policy.
- Cloud storage service: Avatar storage. Data encrypted in transit and at rest.
- Notification service: Push notification delivery. Only device tokens are used; no personal data is shared.
- AI assistant service: Processes health advice requests. Data (location, health conditions, AQI readings) may be sent to servers outside Vietnam for analysis. Only necessary data is transmitted; no personally identifiable information is sent.
6. International Data Transfers
Your location and health data may be processed on servers located outside Vietnam for AI analysis. We apply appropriate safeguards in compliance with Vietnam's Personal Data Protection Law (Decree 13/2023/ND-CP) and GDPR (for EU users), including:
- Data encryption in transit (TLS/HTTPS).
- Transmitting only the minimum data necessary for processing.
- Not storing location data on foreign servers.
7. Data Retention and Security
- GPS location: Not stored. Used in real-time only and discarded immediately after processing.
- Health profile: Retained while your account is active. Deleted when you delete your account or request data deletion.
- AI advice: Not permanently stored. Results are temporarily cached for a short period to improve performance.
- Account information: Retained while your account is active. Data is deleted within 30 days of account deletion.
- Payment information: Processed entirely by Dodo Payments and not stored on our systems.
- Data is stored on secure servers with transport encryption (TLS/HTTPS).
- Passwords are managed by our authentication service (not stored on our systems).
8. Your Rights
Under Vietnam's PDPL and GDPR (for EU users), you have the following rights:
- Right of access: Request a copy of the personal data we hold about you.
- Right to rectification: Update your profile, health conditions, and avatar at any time within the app.
- Right to erasure: Request deletion of your account and all associated data. Data will be deleted within 30 days.
- Right to data portability: Request export of your personal data in a machine-readable format.
- Right to restrict processing: Request temporary suspension of personal data processing in certain circumstances.
- Right to object: Object to the processing of personal data for direct marketing purposes.
- Right to withdraw consent: Withdraw consent for sensitive data processing at any time without affecting the lawfulness of prior processing.
- Revoke location access: Disable location access in your device settings at any time.
- Cancel subscription:Cancel Pro/Family plan at any time through Dodo Payments' subscription management page.
To exercise these rights, please contact [email protected]. We will respond within 30 days.
9. Children's Privacy
- Aiora is not intended for children under 13 (per COPPA). We do not knowingly collect data from children under 13.
- Children aged 13 to 16 require parental or guardian consent (per GDPR).
- If we discover that we have collected data from a child under 13, we will delete it immediately.
10. Data Breach Notification
In the event of a personal data breach, we will notify you and the relevant authorities within 72 hoursof becoming aware of the breach, as required by Vietnam's PDPL and GDPR. The notification will include the nature of the breach, data affected, and remedial measures taken.
12. Changes to This Policy
We may update this privacy policy from time to time. Material changes will be notified 30 days in advance via email or in-app notification. Your continued use of the service after changes take effect constitutes acceptance of the updated policy.
13. Contact
If you have any questions about this privacy policy or wish to exercise your data rights, please contact us:
Email: [email protected]