Privacy Policy
1. Data Controller
The data controller for personal data processed through RiVo is Talivio Technology OÜ, registration no. [OÜ NO], Estonia ("Company", "we"). We process your data in accordance with the EU General Data Protection Regulation (GDPR — EU 2016/679).
Contact: [email protected]
2. Data We Collect
2.1 Account Data
- Full name, email address, hashed password (bcrypt — plain-text never stored)
- Profile photo (optional)
- Emergency contacts (name, phone number)
2.2 Location Data
- Real-time GPS coordinates during active rides
- Route history and check-in locations
- Nearby fuel stations and venues visited
2.3 Vehicle & Telemetry Data
- OBD-II data: speed, RPM, fuel level, engine fault codes
- Lean angle, accelerometer and gyroscope readings
- Fatigue detection: reaction-time measurements
2.4 Voice Interaction Data
- Text transcripts of voice commands
- AI co-pilot query text and responses
2.5 SOS & Crash Data
- GPS location at the moment of crash detection
- Status information shared with nearby riders via SOS protocol
- Notifications sent to emergency contacts
2.6 Social & Content Data
- Group memberships, ride posts, comments, hashtags
- Follow relationships and in-app interactions
2.7 Device & Technical Data
- Device model, OS version, app version
- Crash reports and error logs (Sentry)
- Push notification token (Firebase Cloud Messaging)
2.8 Subscription & Payment Data
- Subscription status (Pro / Free)
- Purchase history metadata — full payment processing is handled by Google Play / Apple App Store; we never receive your card number.
3. Legal Bases and Purposes
| Purpose | Legal Basis (GDPR Art.) |
|---|---|
| Account creation and authentication | Contract performance (6/1-b) |
| Ride tracking and route logging | Contract performance (6/1-b) |
| Group intercom and communication | Contract performance (6/1-b) |
| SOS & crash detection | Vital interests / Legitimate interest (6/1-d, 6/1-f) |
| AI co-pilot responses | Contract performance (6/1-b) |
| Debugging and service improvement | Legitimate interest (6/1-f) |
| Marketing notifications | Consent (6/1-a) |
| Legal compliance | Legal obligation (6/1-c) |
4. Retention Periods
| Data Category | Retention Period |
|---|---|
| Account data | Until deletion + 30 days |
| Ride and route history | 12 months, then anonymised |
| SOS & crash records | 24 months (safety obligation) |
| Voice interaction text | 90 days |
| Error logs | 90 days |
| Payment / subscription records | 7 years (accounting obligation) |
5. Third-Party Processors
| Processor | Purpose | Location |
|---|---|---|
| Google Firebase | Push notifications, authentication | USA (SCCs) |
| Google Gemini AI | AI co-pilot text processing | USA (SCCs) |
| Sentry | Error tracking | USA (SCCs) |
| Hetzner | Data hosting | EU / Germany |
| Apple / Google | App distribution, subscription billing | USA (SCCs) |
Data is shared only for the purposes listed above and to the minimum extent necessary. No data is sold to third parties for marketing.
6. International Transfers
Some data may be transferred outside the EU/EEA, primarily to the USA. All such transfers are safeguarded by Standard Contractual Clauses (SCCs) under GDPR Art. 46.
7. Your Rights (GDPR Art. 15–22)
- Access (Art. 15): Request a copy of data we hold about you
- Rectification (Art. 16): Request correction of inaccurate data
- Erasure (Art. 17): Request deletion of your data ("right to be forgotten")
- Restriction (Art. 18): Request that we pause processing in certain circumstances
- Portability (Art. 20): Receive your data in a structured, machine-readable format
- Objection (Art. 21): Object to processing based on legitimate interest
- Withdraw consent (Art. 7/3): Stop consent-based processing at any time
8. Children
RiVo is not directed at persons under 16. Users under 16 must not register.
9. Security
Data in transit is protected by TLS 1.3. Data at rest is encrypted with AES-256. Passwords are hashed with bcrypt; plaintext passwords are never stored.
10. Cookies
The app does not use cookies. The website (rivo.talivio.com) uses only strictly necessary session cookies for session management and language preference. No consent is required for these cookies.
11. Changes to This Policy
Material changes will be communicated via in-app notification or email at least 30 days before they take effect.
Talivio Technology OÜ
Privacy enquiries: [email protected]
General support: [email protected]
Estonian Data Protection Inspectorate: www.aki.ee