Data Policy
How AUVY collects, uses, shares, and protects personal data.
Last updated: March 16, 2026
Contents
- Scope
- Controller and Contact
- Personal Data We Collect
- Sources of Data
- Purposes and Legal Bases
- Cookies and Similar Technologies
- Data Sharing
- International Transfers
- Data Retention
- Your Rights
- U.S. State Privacy Disclosures
- Security Measures
- Children's Privacy
- Changes to This Policy
- Contact and Complaints
1. Scope
This Data Policy applies to personal data processed through AUVY-operated digital services, including:
- the public website at auvy.ai
- the Trust Center at trust.auvy.ai
- contact, newsletter, and trust request forms submitted to AUVY
- communications with AUVY by email or through related product and commercial channels
- Growth app (growth.auvy.ai) authentication and operational systems used to manage these services
This policy does not override separate contractual terms, data processing agreements, or product-specific terms where those apply.
Please read this policy together with our Terms of Service and Legal Notice.
2. Controller and Contact
The controller for personal data processed under this policy is AUVY GmbH, Am Haag 8, 82166 Gräfelfing, Germany.
| Entity | AUVY GmbH |
| Address | Am Haag 8, 82166 Gräfelfing, Germany |
| Contact | contact@auvy.ai |
| Privacy and security | security@auvy.ai |
| Legal contact | contact@auvy.ai |
3. Personal Data We Collect
Depending on your interaction with AUVY, we may process:
| Category | Examples |
|---|---|
| Identity and contact | Name, email address, company, and other details you choose to provide |
| Inquiry and request data | Contact reason, message content, trust or compliance questions, access requests, and newsletter signups |
| Technical and usage | IP address, browser and device details, referrer data, pages viewed, request logs, and security events |
| Preferences | Consent choices, language preference, and interface settings such as color mode |
| Growth app access data | Login identifiers, session information, and access-control metadata for authorized Growth app users |
4. Sources of Data
Personal data may be collected directly or indirectly:
- Directly from you when you submit forms, subscribe to the newsletter, request trust materials, contact us, or sign in to the Growth app (growth.auvy.ai)
- Automatically through browser and device signals, cookies or local storage, server logs, and security controls
- From service providers that help us run hosting, storage, authentication, analytics, and communications
5. Purposes and Legal Bases
Where GDPR applies, we process personal data under one or more legal bases in Article 6:
| Basis | Use |
|---|---|
| Consent (Art. 6(1)(a)) | Optional analytics and related measurement technologies |
| Contract / pre-contract steps (Art. 6(1)(b)) | To respond to product, partnership, support, security, or commercial requests and provide requested access or materials |
| Legitimate interests (Art. 6(1)(f)) | Operating websites and APIs, securing systems, preventing abuse, managing newsletter and marketing signups, administering authorized access (e.g. Growth app), and improving the service |
| Legal obligations (Art. 6(1)(c)) | Compliance with applicable legal duties |
Examples of processing purposes include:
- receiving and storing contact, newsletter, and trust-center submissions
- responding to inbound product, support, partnership, and security requests
- protecting public API endpoints against abuse and malicious traffic
- operating language selection, theme preferences, and consent management
- measuring website performance and usage when you have consented
6. Cookies and Similar Technologies
AUVY uses cookies and similar technologies for core site functionality, security, preferences, and optional analytics. You can control cookies in browser settings and, where required, through our consent banner.
| Type | Purpose |
|---|---|
| Essential / preference | Required to remember consent and language preferences and operate core site behavior |
| Analytics | Used to understand traffic, performance, and feature usage when enabled with consent |
| Local storage | Used for interface preferences such as color mode and related client-side settings |
Consent cookie. When you use the cookie banner, we store your choice in a cookie named auvy-consent for up to 12 months with a same-site configuration. Values are all (analytics enabled) or essential (analytics disabled). We do not enable optional analytics until you have made a choice.
Language preference cookie. We may store your locale preference in a cookie named auvy-locale for up to 12 months so the site opens in your selected language.
Client-side preferences. We may store interface settings such as the selected color mode in local storage.
Optional analytics. If enabled in the relevant environment and you consent, AUVY may use analytics and performance tools such as PostHog, Vercel Analytics, and Vercel Speed Insights. These tools may process usage events, page views, performance telemetry, and technical metadata to help us understand how the site is used and how it performs.
Changing your choice. To change your preference, delete the auvy-consent cookie for this site or clear site data in your browser, then reload the page; the consent banner will appear again.
7. Data Sharing
We do not sell personal data.
We may share personal data where necessary with:
- Hosting and infrastructure providers such as Vercel and Railway
- Database and authentication providers such as Supabase
- Analytics providers such as PostHog and Vercel analytics products, but only where analytics is enabled and you have consented where required
- Professional advisors or authorities where legally required or appropriate to protect rights, security, or compliance
- Corporate transaction counterparties in connection with financing, restructuring, merger, acquisition, or asset transfer, subject to confidentiality and applicable law
8. International Transfers
Some of our service providers may process personal data outside your jurisdiction, including outside the EEA or UK where applicable. When that happens, AUVY uses appropriate safeguards such as adequacy decisions, standard contractual clauses, or other lawful transfer mechanisms.
9. Data Retention
We retain personal data only for as long as needed for legitimate business and legal purposes, then delete, anonymize, or aggregate it where feasible.
| Category | Retention |
|---|---|
| Contact and trust inquiries | Typically until the request is handled and for a reasonable follow-up period thereafter |
| Newsletter and marketing signups | Until you opt out or deletion is requested |
| Consent and preference data | For the lifetime of the cookie or local storage item, unless cleared earlier |
| Security and technical logs | For as long as reasonably needed to protect systems, investigate incidents, and support operations |
| Growth app access records | For as long as needed to administer and secure authorized access |
| Legal holds | Longer where needed to resolve disputes or meet legal obligations |
10. Your Rights
Depending on your location, you may have rights to access, correct, delete, restrict, object to processing, receive a portable copy of your data, and withdraw consent where applicable.
You can exercise these rights by contacting security@auvy.ai or contact@auvy.ai. We may request information to verify your identity before acting on a request.
11. U.S. State Privacy Disclosures
If you are a resident of a U.S. state with privacy laws, you may have rights to know, access, delete, and correct personal data, and to opt out of certain data uses.
AUVY does not sell personal data and does not share personal data for cross-context behavioral advertising in the sense commonly used by U.S. state privacy laws. We also do not process sensitive personal data to infer characteristics about you without an appropriate legal basis.
12. Security Measures
We apply reasonable technical and organizational safeguards to protect personal data against unauthorized access, alteration, disclosure, or destruction.
- Transport and platform security including HTTPS, response security headers, request protections, and rate limiting on public write endpoints
- Access controls including authenticated Growth app access and allowlist-based restrictions
- Operational safeguards including logging, patching, monitoring, and incident response processes
13. Children's Privacy
AUVY services are not directed to children under 16, and we do not knowingly collect personal data from children under 16.
14. Changes to This Policy
We may update this Data Policy from time to time. Material changes will be posted on this page with a revised last-updated date.
15. Contact and Complaints
| Privacy contact | security@auvy.ai |
| Legal contact | contact@auvy.ai |
If GDPR applies, you may lodge a complaint with your local supervisory authority. EU authority list: edpb.europa.eu.
Questions about this Data Policy can be sent to security@auvy.ai or contact@auvy.ai.
Related documents: Terms of Service and Legal Notice.