Privacy Policy (theauratest.com)

Last updated:

Effective date: [15/02/2026]
This Privacy Policy explains how theauratest.com (“we”, “us”, “the Aura Test”) collects, uses, and protects information when you use the site.

If you have questions, please use our Contact page: /contact/.

1) Who we are

theauratest.com is an entertainment and self-reflection experience sometimes described as an aura test, purity test, innocence test, or a modern rice purity test style experience. It is not a professional assessment and does not provide medical, psychological, or legal advice.

2) What we collect

A) Tokens and identifiers (to make the product work)

We use a token-based identity system so you can view your results and (optionally) update your “Lore” over time.

  • Public Token (pid): appears in your result URL (example: /result/ABC-123). This is read-only.
  • Identity Token (sid): stored only on your device (in localStorage). This enables write actions like logging Canon Events or purging your profile.

We do not require email, name, or account creation.

B) Test results (rules-based, minimal storage)

When you submit/save results, we store a minimal set of derived outputs, such as:

  • Your final scores (e.g., purity/chaos, and optional shadow score)
  • Your archetype
  • Derived category totals used for recap features
  • A limited “signal subset” used for duel receipts and rule-based recaps (not full answers)

We do not store full 100-question answer vectors long-term.

C) Canon Event Log (optional)

If you use the “Canon Event Log”, we store:

  • The event you logged (event_id)
  • Timestamps (occurred/logged)
  • The delta snapshot applied at the time (purity/chaos before/after, and deltas applied)
  • Any badge/tag changes and trigger metadata

This is append-only (Canon Events can’t be “un-logged”). You can still Purge your identity (see Section 8).

D) Affiliation selection (university/workplace) and requests

If you choose to provide an affiliation:

  • We store your selected affiliation type (university/workplace) and slug (from our catalog).
  • If you type an institution that is not listed, we may store a request label for moderation/curation. We may also store a normalized/deduped version to prevent spam.

You can also choose “Prefer not to say.”

E) Technical and security data

Like most websites, we process limited technical data to keep the site stable and secure:

  • IP address, user agent, timestamps (e.g., for rate limiting and abuse prevention)
  • Basic server logs (e.g., errors, request IDs)
  • We avoid logging sensitive tokens; where necessary we store hashed forms server-side.

3) How we use information

We use the information above to:

  • Calculate and display your results
  • Allow you to resume progress (where enabled)
  • Enable features like duels, canon updates, share cards, and recap modules
  • Enforce security controls (rate limiting, abuse prevention)
  • Produce aggregated community insights (see Section 7)
  • Improve reliability (debugging, performance monitoring)

We do not sell personal information.

4) Local storage and on-device data

To deliver a smooth experience, we use localStorage on your device for things like:

  • Your sid (write-capable identity token)
  • Session state (progress/resume flags, milestone flags, UI preferences such as theme)
  • Optional local “Lore history” display

If you clear your browser storage, you may lose access to write-capable features on that device unless you reclaim the profile (where enabled).

5) Cookies

We aim to keep cookies minimal:

  • The public site experience can function using localStorage and essential site mechanisms.
  • If WordPress sets cookies in certain cases (for example, admin sessions), those are essential for site operation.

If we add optional analytics or advertising later, we will update this policy and (where required) provide consent controls.

6) Sharing and third-party services

A) Sharing is user-controlled

You choose if you share:

  • Your result link (pid)
  • Your share card downloads
  • Any duel or group-chat messages

B) Third-party platforms

If you use sharing features (WhatsApp, iMessage, social platforms), those platforms process your data under their own policies. We don’t control how they handle it.

C) CDN / security services

We may use standard infrastructure providers (e.g., CDN/WAF) to protect the site from abuse and keep it fast. These services may process IP addresses and request metadata for security and delivery.

7) Community stats and privacy thresholds

If we show community insights like “X% of people at Y also did Z”:

  • The stats are aggregated and share-safe
  • We only display them when the dataset meets a minimum threshold (for example, ≥ 500 submissions) to reduce re-identification risk
  • If the threshold isn’t met, we do not show the stats
  • These stats are not official statements by any university or workplace, and we do not claim institutional endorsement

8) Your controls: Purge and deletion

We support a “Purge My Lore” control intended to remove your identity footprint:

  • It clears relevant localStorage on your device immediately
  • It sends a deletion request to remove or irreversibly invalidate server-side records tied to your identity token(s)

After purge, your result link may stop working or return a “deleted/unavailable” state.

9) Legal basis (UK/EU users)

Where applicable (UK GDPR / GDPR), we rely on:

  • Performance of a contract (providing the service you requested: generating results, saving and displaying them)
  • Legitimate interests (security, abuse prevention, site reliability, fraud prevention, aggregated privacy-protective analytics)
  • Consent where required for non-essential tracking (if introduced later)

10) Data retention

We keep data only as long as needed to operate the product and protect the service:

  • Identity + result records persist until you purge them or they are otherwise removed under our retention policies
  • Security logs are retained for a limited time for operational and abuse-prevention needs
  • Aggregated stats may be cached and retained longer because they do not identify individuals

11) Your rights

Depending on where you live, you may have rights to:

  • Access information we hold about you
  • Request deletion (use Purge My Lore where possible)
  • Object to or restrict certain processing
  • Lodge a complaint with a regulator (in the UK, the ICO)

Because we do not require email accounts, the most reliable way to exercise deletion is via the Purge feature. For other requests, use /contact/ and include your result URL (pid) so we can locate the relevant record.

12) Children

This site is not intended for children under 13. If you believe a child has used the site and you want data removed, contact us via /contact/.

13) Changes to this policy

We may update this Privacy Policy as the product evolves. We’ll update the “Effective date” at the top and, when changes are significant, we’ll provide a clear notice on the site.

14) Contact

For privacy questions or requests, please use: /contact/