Privacy Policy

Last updated: February 11, 2026

This Privacy Policy describes how Ayva ("we", "us", or "our") collects, uses, and protects your personal information when you use our mobile application ("Ayva" or the "App").

1. Information We Collect

Account Information

When you create an account, we collect your email address and password (securely hashed). If you sign in with Google, we receive your name and email from Google.

Conversation Data

We store your conversations with Ayva to provide context-aware responses and improve your experience. This data is stored securely in our database and is associated with your account.

Connected Services Data

When you connect third-party services, we may access:

• Spotify: Your top tracks, playlists, and playback controls (via OAuth)
• Google Calendar: Your calendar events for scheduling and reminders
• Gmail: Your latest emails for summarization and notification (read-only access)
• Google Contacts: Your contacts for communication features

Device Information

We collect device identifiers and Firebase Cloud Messaging tokens to deliver push notifications and proactive alerts.

Usage Data

We collect anonymous usage statistics to improve the App, including feature usage patterns, error logs, and performance metrics.

2. How We Use Your Information

• To provide and personalize the AI assistant experience
• To maintain conversation memory and context
• To deliver proactive notifications and reminders
• To integrate with your connected services (Spotify, Calendar, Gmail)
• To process payments and manage subscriptions via Stripe
• To improve the App and fix bugs
• To comply with legal obligations

3. Third-Party Services

Ayva uses the following third-party services:

• Supabase — Authentication and database storage
• Google Cloud / Gemini AI — AI conversation processing
• Firebase — Push notifications and analytics
• Stripe — Payment processing for premium subscriptions
• Spotify API — Music control and personalization
• Google APIs — Calendar, Gmail, Maps, and Contacts integration
• Deepgram — Speech-to-text transcription

Each of these services has its own privacy policy. We encourage you to review them.

4. Data Storage and Security

Your data is stored securely on Supabase (hosted on AWS) with row-level security policies. Passwords are hashed and never stored in plain text. OAuth tokens for connected services are encrypted at rest.

All communication between the App and our servers is encrypted using TLS/HTTPS.

5. Data Retention

We retain your data for as long as your account is active. Chat history is limited to the most recent 50 messages for performance. Memory summaries are periodically compressed using AI to maintain relevance.

When you delete your account, all associated data is permanently removed within 30 days.

6. Your Rights

You have the right to:

• Access and download your personal data
• Correct inaccurate information
• Delete your account and all associated data
• Disconnect third-party services at any time
• Opt out of push notifications

7. Children's Privacy

Ayva is not intended for children under 13. We do not knowingly collect personal information from children. If you believe we have collected such data, please contact us immediately.

8. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes through the App or via email.

9. Contact Us