Aura's privacy policy is clearer than many competitors, but the all-in-one nature of their service means they collect an extensive range of data across identity, devices, passwords, and browsing. They also own IdentityGuard and share data across their service portfolio. Family plans raise additional concerns about monitoring family members' data.
| Data Type | Collected | Shared | Sold |
|---|---|---|---|
| Social Security Number | Yes | Credit Bureaus | No |
| Financial Account Info | Yes | Monitoring Services | No |
| Device/Browser Data | Yes | Analytics Partners | No (claimed) |
| VPN Traffic Metadata | Yes (connection data) | Internal Use | No |
| Password Vault Data | Yes (encrypted) | Not Shared | No |
| Family Member Data | Yes (family plans) | Same as Primary | No |
Family plans require submitting SSNs and personal information for all covered family members. The account holder has access to alerts for all family members, creating potential privacy issues within families.
While Aura claims not to log VPN traffic content, they do collect connection timestamps, bandwidth usage, and server selections. This metadata can reveal browsing patterns even without content inspection.
Aura owns IdentityGuard and shares data between the services. If you've used both services, your data may be combined for "improved service" and analytics purposes.
Unlike some competitors, Aura provides clear opt-out mechanisms for marketing communications and some data sharing. However, opting out doesn't affect core service data collection.
Aura's device security features require extensive device access:
Aura's retention policy is vague on specific timeframes but better than some competitors:
Aura scores 42 on privacy - the best in the identity protection category, though still a C grade. Their clearer policy and opt-out mechanisms help, but the breadth of data collection for an "all-in-one" service remains a concern.