Privacy Policy

Last updated: 2026-06-13

AuraMail (operated by an individual at hello@auracompose.com) provides a private email service at auracompose.com. This page describes what we collect, why, and how we handle it. Plain language, no dark patterns.

What we collect

• Account info: the email address you sign up with, the username you pick, and a hashed password (we never see the plaintext).
• Mail you send and receive: stored encrypted at rest in AWS (us-west-2). Headers are indexed in DynamoDB so your inbox loads. Bodies live in S3 as raw MIME.
• Authentication signals: the IP address of your sign-up attempt is kept for 24 hours to enforce abuse rate-limits, then deleted.
• Operational logs: AWS CloudWatch logs the Lambda calls. No analytics scripts, no Google Analytics, no third-party trackers.

What we don't collect

• No advertising IDs, no fingerprinting, no behavioral tracking.
• No cross-site cookies. The only cookies we set are required for sign-in.
• No selling, sharing, or training AI models on your mail. Period.

Who can see your mail

You. The infrastructure operator (currently one person) has technical access to AWS S3 and DynamoDB, the same way Gmail engineers technically have access to Gmail. Access is logged via AWS CloudTrail, and the operator does not read mail except to investigate a specific abuse report you've consented to.

Subprocessors

• Amazon Web Services — hosting, mail transport (SES), authentication (Cognito), storage (S3, DynamoDB), CDN (CloudFront).
• Route53 — DNS.

Your rights

You can:

• Export your mail (S3 dump on request — email us).
• Delete your account and all associated data within 7 days of request.
• Request a copy of any logs that reference your account.

Security

TLS 1.2+ everywhere. Passwords hashed by AWS Cognito (SRP). Mail at rest in S3 with AES256. DKIM signing on outbound, DMARC quarantine policy. Vulnerability reports: see /.well-known/security.txt.

Children

AuraMail is not intended for users under 16. We do not knowingly accept signups from children.

Changes

If we change this policy, we'll update the date above and (for material changes) email registered users 14 days before the change takes effect.

Contact

Questions, complaints, data requests: hello@auracompose.com.