Alvo Privacy Policy

Effective: February 27, 2026  ·  Last updated: March 15, 2026

Alvo ("we," "us," or "our") is operated by Technivize LLC, a company based in the United States. This policy describes how we collect, use, and protect information when you use the Alvo mobile application ("the App").

1. Information We Collect

Phone number. We collect your phone number to create and authenticate your account via Firebase Authentication. Your phone number is also how other users can find and message you within the App.

Messages, lists, and other content. When you send a message, create a list, or interact with any collaborative feature, that content is transmitted through our servers to the other members of your group. Our servers act as a relay — content is deleted from our infrastructure once all group members have received it. If a group member does not receive content within 30 days, it is permanently deleted regardless. We do not maintain a persistent server-side copy of your messages or content.

Media files. Photos, videos, voice memos, and other files you share are temporarily stored on Cloudflare R2 during delivery and are deleted after all group members have received them, or after 30 days — whichever comes first.

Display name. You provide a display name during account setup, which is visible to your group members. This is stored on our servers as part of your account profile.

Crash and error reporting. We use Sentry, a third-party error tracking service, to collect crash reports and diagnostic information when the App encounters errors. This includes stack traces, device type, operating system version, and app version. This may also include device identifiers used to correlate crash events. This data helps us identify and fix bugs. It is not linked to your message content. See Sentry's Privacy Policy.

Operational analytics. Our servers collect anonymized operational data when processing events, including event type, app version, platform, and a one-way hash of the group identifier. This data cannot be used to identify you or read your content. It is retained for 90 days and then permanently deleted.

Push notification tokens. We collect device tokens through Firebase Cloud Messaging to deliver push notifications for new messages and updates.

Contacts. With your permission, Alvo can check whether phone numbers in your device's address book are registered on Alvo. To perform this check, phone numbers are sent to our server, compared against registered accounts, and immediately discarded — they are not stored or used for any other purpose. Your full address book (names, other data) never leaves your device. You can also add contacts manually by entering their phone number directly.

Status and activity signals. The App shares certain real-time signals with your group members, including whether you are online, whether you are currently typing, and whether you have seen messages in a group. These signals are transmitted through our servers and are not permanently stored.

Link previews. When a message contains a URL, the App may fetch a preview (title, description, thumbnail) from the linked website. This request is made from your device, which means the linked website may receive your IP address.

2. How We Use Your Information

We use the information we collect to:

• Deliver messages, lists, and media between group members
• Authenticate your identity and secure your account
• Send you push notifications about new messages and activity
• Monitor app performance, fix bugs, and improve the user experience

We do not use your information for advertising. We do not sell, rent, or trade your personal information to third parties. We do not use your data to build advertising profiles.

3. How We Share Your Information

We share information only in these limited circumstances:

• With your group members: Messages, lists, and media you send are delivered to the other members of your groups. This is the core function of the App.
• With service providers: We use third-party infrastructure providers to operate the App. These providers process data on our behalf and are contractually prohibited from using your data for their own purposes. Our current providers include:
  • Google Firebase — authentication, message relay, and push notifications (Firebase Privacy)
  • Cloudflare (R2) — media file storage and delivery via presigned URLs (Cloudflare Privacy)
  • Sentry — crash and error reporting (Sentry Privacy)
  • Expo (EAS) — over-the-air app updates (Expo Privacy)
• When required by law: We may disclose information if required by a valid legal process such as a court order or subpoena.

We do not share your data with advertisers, data brokers, or any other third parties beyond those listed above.

4. Data Storage and Security

Alvo is designed around an event-relay architecture. Your messages and content are stored primarily on your device. Our servers temporarily hold content only during the delivery process, after which it is deleted. All undelivered content is permanently deleted after a maximum of 30 days.

While we employ industry-standard security measures — including encryption for data in transit (TLS) and at rest — the App does not currently offer end-to-end encryption. This means that content could theoretically be accessed on our servers during the brief delivery window. We plan to implement end-to-end encryption in a future release.

Push notification previews may include message content and are delivered through Google's Firebase Cloud Messaging infrastructure. You can control the level of detail shown in notifications — including disabling content previews entirely — in the App's notification settings.

We take reasonable measures to protect your information from unauthorized access, loss, or misuse. However, no method of electronic transmission or storage is 100% secure.

5. Data Retention

We apply the following retention practices:

• Messages and media: Deleted from our servers after delivery to all group members, or after 30 days — whichever comes first.
• Account information: Your phone number and account data are retained for as long as you maintain an active account.
• Inactive accounts: If your account is inactive for an extended period, we may delete it and its associated data. We will attempt to notify you before doing so.
• Operational analytics: Retained for 90 days, then permanently deleted.

6. Your Rights and Choices

Account deletion: You may request deletion of your account and all associated data by contacting us at the email address below. Upon request, we will delete your account information from our systems within 30 days.

Data access and portability: You may request a copy of the personal information we hold about you in a machine-readable format by contacting us. Since your messages and content are stored on your device, most of your data is already in your possession.

Push notifications: You can disable push notifications through your device settings at any time.

California residents: Under the California Consumer Privacy Act (CCPA), you have the right to know what personal information we collect, request its deletion, and opt out of the sale of your personal information. We do not sell personal information. To exercise your rights, contact us using the information below.

7. Data Breach Notification

In the unlikely event of a data breach that affects your personal information, we will notify affected users as promptly as practicable and in accordance with applicable law. We will also take immediate steps to mitigate any harm and prevent future incidents.

8. Children's Privacy

Alvo is not intended for use by anyone under the age of 13. We do not knowingly collect personal information from children under 13. If we learn that we have collected information from a child under 13, we will delete that information promptly. If you believe a child under 13 has provided us with personal information, please contact us immediately.

9. Changes to This Policy

We may update this policy from time to time. If we make significant changes, we will notify you through the App or by other reasonable means before the changes take effect. The "Last updated" date at the top of this page reflects the most recent revision. Your continued use of the App after changes are posted constitutes acceptance of the updated policy.

10. Contact Us

If you have questions about this privacy policy, your data, or wish to exercise any of your rights described above, contact us at:

Technivize LLC
Email: privacy@alvoapp.com