Alvo Privacy Policy

Effective: February 27, 2026 · Last updated: February 27, 2026

    The short version: Alvo is built so your data stays on your device. Our servers relay messages between group members and then delete them — always within 30 days, usually within seconds. We don't sell your data, we don't show ads, and we never will.
  

Alvo ("we," "us," or "our") is operated by Technivize LLC, a company based in the United States. This policy describes how we collect, use, and protect information when you use the Alvo mobile application ("the App").

1. Information We Collect

Phone number. We collect your phone number to create and authenticate your account via Firebase Authentication. Your phone number is also how other users can find and message you within the App.

Messages, lists, and other content. When you send a message, create a list, or interact with any collaborative feature, that content is transmitted through our servers to the other members of your group. Message payloads are encoded before transmission. Our servers act as a relay — content is deleted from our infrastructure once all group members have received it. If a group member does not receive content within 30 days, it is permanently deleted regardless. We do not maintain a persistent server-side copy of your messages or content.

Media files. Photos, videos, voice memos, and other files you share are temporarily stored on Cloudflare R2 during delivery and are deleted after all group members have received them, or after 30 days — whichever comes first.

Device and usage information. We use Firebase Analytics and Google Analytics to collect anonymized usage data such as app opens, feature usage, crash logs, device type, and operating system version. This helps us identify bugs and improve the App. This data is not linked to your message content.

Push notification tokens. We collect device tokens through Firebase Cloud Messaging to deliver push notifications for new messages and updates.

Contacts. With your permission, Alvo can check whether phone numbers in your device's address book are registered on Alvo, so that existing Alvo users appear in your contact list within the App. This check is performed locally and we do not collect, store, or use your address book data on our servers. You can also add contacts manually by entering their phone number directly.

2. How We Use Your Information

We use the information we collect to:

Deliver messages, lists, and media between group members
Authenticate your identity and secure your account
Send you push notifications about new messages and activity
Monitor app performance, fix bugs, and improve the user experience

We do not use your information for advertising. We do not sell, rent, or trade your personal information to third parties. We do not use your data to build advertising profiles.

3. How We Share Your Information

We share information only in these limited circumstances:

With your group members: Messages, lists, and media you send are delivered to the other members of your groups. This is the core function of the App.
With service providers: We use third-party infrastructure providers to operate the App. These providers process data on our behalf and are contractually prohibited from using your data for their own purposes. Our current providers include:
- Google Firebase — authentication, message relay, push notifications, and analytics (Firebase Privacy)
- Cloudflare — media file storage and delivery (Cloudflare Privacy)
When required by law: We may disclose information if required by a valid legal process such as a court order or subpoena.

We do not share your data with advertisers, data brokers, or any other third parties beyond those listed above.

4. Data Storage and Security

Alvo is designed around an event-relay architecture. Your messages and content are stored primarily on your device. Our servers temporarily hold content only during the delivery process, after which it is deleted. All undelivered content is permanently deleted after a maximum of 30 days.

Message payloads are encoded during transmission. While we employ industry-standard security measures — including encryption for data in transit (TLS) and at rest — the App does not currently offer end-to-end encryption. This means that content could theoretically be accessed on our servers during the brief delivery window. We plan to implement end-to-end encryption in a future release.

We take reasonable measures to protect your information from unauthorized access, loss, or misuse. However, no method of electronic transmission or storage is 100% secure.

5. Data Retention

We apply the following retention practices:

Messages and media: Deleted from our servers after delivery to all group members, or after 30 days — whichever comes first.
Account information: Your phone number and account data are retained for as long as you maintain an active account.
Inactive accounts: If your account is inactive for an extended period, we may delete it and its associated data. We will attempt to notify you before doing so.
Analytics data: Retained in accordance with Firebase's standard retention policies (typically 14 months for event data).

6. Your Rights and Choices

Account deletion: You may request deletion of your account and all associated data by contacting us at the email address below. Upon request, we will delete your account information from our systems within 30 days.

Data access: You may request a copy of the personal information we hold about you by contacting us.

Push notifications: You can disable push notifications through your device settings at any time.

California residents: Under the California Consumer Privacy Act (CCPA), you have the right to know what personal information we collect, request its deletion, and opt out of the sale of your personal information. We do not sell personal information. To exercise your rights, contact us using the information below.

7. Data Breach Notification

In the unlikely event of a data breach that affects your personal information, we will notify affected users as promptly as practicable and in accordance with applicable law. We will also take immediate steps to mitigate any harm and prevent future incidents.

8. Children's Privacy

Alvo is not intended for use by anyone under the age of 13. We do not knowingly collect personal information from children under 13. If we learn that we have collected information from a child under 13, we will delete that information promptly. If you believe a child under 13 has provided us with personal information, please contact us immediately.

9. International Data

Our servers and service providers are located in the United States and other countries. By using the App, you consent to the transfer of your information to the United States and other jurisdictions where our service providers operate. We ensure that any such transfers comply with applicable data protection laws.

10. Changes to This Policy

We may update this policy from time to time. If we make significant changes, we will notify you through the App or by other reasonable means before the changes take effect. The "Last updated" date at the top of this page reflects the most recent revision. Your continued use of the App after changes are posted constitutes acceptance of the updated policy.

11. Contact Us

If you have questions about this privacy policy, your data, or wish to exercise any of your rights described above, contact us at:

Technivize LLC
Email: privacy@alvoapp.com