RiVo
← RiVo
🇬🇧 English 🇹🇷 Türkçe 🇪🇪 Eesti
LEGAL

Privacy Policy

Talivio Technology OÜ · Version 1.0 · Effective date: [DATE] · Contact: [email protected]

1. Data Controller

The data controller for personal data processed through RiVo is Talivio Technology OÜ, registration no. [OÜ NO], Estonia ("Company", "we"). We process your data in accordance with the EU General Data Protection Regulation (GDPR — EU 2016/679).

Contact: [email protected]

2. Data We Collect

2.1 Account Data

  • Full name, email address, hashed password (bcrypt — plain-text never stored)
  • Profile photo (optional)
  • Emergency contacts (name, phone number)

2.2 Location Data

  • Real-time GPS coordinates during active rides
  • Route history and check-in locations
  • Nearby fuel stations and venues visited

2.3 Vehicle & Telemetry Data

  • OBD-II data: speed, RPM, fuel level, engine fault codes
  • Lean angle, accelerometer and gyroscope readings
  • Fatigue detection: reaction-time measurements

2.4 Voice Interaction Data

Speech-to-text conversion runs entirely on your device. Only the resulting text is sent to our servers. Raw audio is never transmitted or stored.
  • Text transcripts of voice commands
  • AI co-pilot query text and responses

2.5 SOS & Crash Data

  • GPS location at the moment of crash detection
  • Status information shared with nearby riders via SOS protocol
  • Notifications sent to emergency contacts

2.6 Social & Content Data

  • Group memberships, ride posts, comments, hashtags
  • Follow relationships and in-app interactions

2.7 Device & Technical Data

  • Device model, OS version, app version
  • Crash reports and error logs (Sentry)
  • Push notification token (Firebase Cloud Messaging)

2.8 Subscription & Payment Data

  • Subscription status (Pro / Free)
  • Purchase history metadata — full payment processing is handled by Google Play / Apple App Store; we never receive your card number.

3. Legal Bases and Purposes

PurposeLegal Basis (GDPR Art.)
Account creation and authenticationContract performance (6/1-b)
Ride tracking and route loggingContract performance (6/1-b)
Group intercom and communicationContract performance (6/1-b)
SOS & crash detectionVital interests / Legitimate interest (6/1-d, 6/1-f)
AI co-pilot responsesContract performance (6/1-b)
Debugging and service improvementLegitimate interest (6/1-f)
Marketing notificationsConsent (6/1-a)
Legal complianceLegal obligation (6/1-c)

4. Retention Periods

Data CategoryRetention Period
Account dataUntil deletion + 30 days
Ride and route history12 months, then anonymised
SOS & crash records24 months (safety obligation)
Voice interaction text90 days
Error logs90 days
Payment / subscription records7 years (accounting obligation)

5. Third-Party Processors

ProcessorPurposeLocation
Google FirebasePush notifications, authenticationUSA (SCCs)
Google Gemini AIAI co-pilot text processingUSA (SCCs)
SentryError trackingUSA (SCCs)
HetznerData hostingEU / Germany
Apple / GoogleApp distribution, subscription billingUSA (SCCs)

Data is shared only for the purposes listed above and to the minimum extent necessary. No data is sold to third parties for marketing.

6. International Transfers

Some data may be transferred outside the EU/EEA, primarily to the USA. All such transfers are safeguarded by Standard Contractual Clauses (SCCs) under GDPR Art. 46.

7. Your Rights (GDPR Art. 15–22)

  • Access (Art. 15): Request a copy of data we hold about you
  • Rectification (Art. 16): Request correction of inaccurate data
  • Erasure (Art. 17): Request deletion of your data ("right to be forgotten")
  • Restriction (Art. 18): Request that we pause processing in certain circumstances
  • Portability (Art. 20): Receive your data in a structured, machine-readable format
  • Objection (Art. 21): Object to processing based on legitimate interest
  • Withdraw consent (Art. 7/3): Stop consent-based processing at any time
To exercise any right, email [email protected]. We respond within 30 days (extendable to 60 days for complex requests). You may also lodge a complaint with the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon): www.aki.ee

8. Children

RiVo is not directed at persons under 16. Users under 16 must not register.

9. Security

Data in transit is protected by TLS 1.3. Data at rest is encrypted with AES-256. Passwords are hashed with bcrypt; plaintext passwords are never stored.

10. Cookies

The app does not use cookies. The website (rivo.talivio.com) uses only strictly necessary session cookies for session management and language preference. No consent is required for these cookies.

11. Changes to This Policy

Material changes will be communicated via in-app notification or email at least 30 days before they take effect.

Talivio Technology OÜ

Privacy enquiries: [email protected]

General support: [email protected]

Estonian Data Protection Inspectorate: www.aki.ee

Privacy Policy· Terms of Service· GDPR & Privacy· [email protected]· © 2026 Talivio Technology OÜ