1. Introduction
Avero is operated by a solo founder team based in the Netherlands. By using the Avero app or any of its associated services (collectively, "Avero"), you agree to the collection and use of information as described in this policy.
This policy applies to the version of Avero distributed via Apple TestFlight during our beta period. Once Avero launches publicly on the App Store, we may update this policy — we'll let you know if we do.
2. Information we collect
We only collect what we need to run the app. Specifically:
Account information
- Email address — to identify your account and send you essential service messages.
- Display name — shown to your group members.
- Profile photo (optional) — only if you choose to upload one.
- City (optional) — only if you fill it in.
Group and activity data
- The groups you create or join, and who's in them.
- Places you save — names, links, photos, notes, addresses, and any metadata you add.
- Your votes and reactions within groups (👍 / 👎 / ⭐).
- Reservations and decisions logged in the app.
Device and technical data
- Device type, operating system, and app version — for compatibility and crash diagnostics.
- Push notification token (if you allow notifications) — to deliver alerts about group activity.
- Diagnostic logs and crash reports — automatically captured when something breaks, so we can fix it.
Things we do NOT collect
- We don't collect your contacts without explicit permission.
- We don't track your location in the background.
- We don't read your other apps' data.
- We don't collect payment information during the beta — Avero is free in TestFlight.
3. How we use information
We use the information above to:
- Run the app — show you your groups, places, votes, and decisions.
- Sync your data across devices so you don't lose anything when you switch phones.
- Send push notifications about activity in your groups (only if you allow it).
- Look up place details when you paste a link or search for a venue (via Google Places).
- Suggest places your group might like — this feature is optional and may use AI (see Section 7).
- Reply to your support emails.
- Fix bugs and improve the product based on diagnostic data.
- Send you essential service messages (e.g., a security update, a major change to this policy). We will not send you marketing email without your consent.
We do not sell your personal data to anyone, and we never will. We don't run ads.
4. Sharing of information
Your data is shared in the following limited ways:
With your group members
Anything you put inside a group — saved places, votes, reactions, comments, your display name and avatar — is visible to the other members of that group. That's how the app works. If you want something private, don't put it in a group.
With our infrastructure providers
We use trusted vendors to run Avero. Each only sees the data they need:
- Supabase — stores your account, groups, and saved places. Hosted in the EU.
- Google Places API — when you save or look up a place, the place name or coordinates are sent to Google to retrieve details. Google may log these requests.
- Firebase Cloud Messaging (FCM) — delivers push notifications. We send Google your device's push token along with the notification content (e.g., "Maya voted for Misi"). Don't put anything sensitive in group activity if this concerns you.
- Apple TestFlight — distributes the beta build and shares basic device/install info with us. Governed by Apple's privacy policy.
When required by law
If we receive a valid legal request (court order, law-enforcement request) we'll comply, but we'll only share what we're legally required to share, and we'll push back on overly broad requests where we can.
In the event of a sale or merger
If Avero is ever acquired, your data may transfer to the new owner — but they'd have to honor this policy until they tell you otherwise (and you'd always have the right to delete your data first).
5. Data retention
- Account and group data: kept as long as your account is active.
- If you delete your account: we erase your personal data within 30 days. Some data may persist briefly in encrypted backups before they cycle out (typically 90 days).
- Diagnostic logs and crash reports: kept for up to 30 days, then deleted.
- Group content created by you: deleting your account removes your contributions; if you only leave a group, your past contributions remain visible to that group unless you delete them first.
You can request deletion at any time — see Section 8.
6. Security
We take reasonable steps to protect your data:
- All traffic between the app and our servers uses HTTPS / TLS encryption.
- Stored data is encrypted at rest by Supabase.
- Authentication uses secure password hashing and modern session tokens.
- We follow the principle of least privilege — only systems that need data have access to it.
That said: no system is 100% secure, and we'd be lying if we promised otherwise. If we ever discover a breach affecting your data, we will notify you within 72 hours of becoming aware of it, as required by GDPR.
7. Third-party services
Avero relies on the following third-party services. Each has its own privacy policy that governs how they handle data passed through them:
| Service | Used for | Privacy policy |
|---|---|---|
| Supabase | Database, authentication, file storage | supabase.com/privacy |
| Google Places API | Place lookups when you save a link | policies.google.com/privacy |
| Firebase Cloud Messaging | Push notifications | firebase.google.com/support/privacy |
| Apple TestFlight | Distributing the beta build | apple.com/legal/privacy |
About AI suggestions
Avero may offer optional features that use a language model to suggest places (e.g., "your group has saved several ramen spots — try this izakaya?"). When you use this feature, the place names and metadata of your group's saved places may be sent to a self-hosted AI model running on infrastructure we control in the EU. No raw user identities, emails, or messages are sent. This feature can be disabled in Settings.
8. Your rights
If you're in the European Economic Area, the United Kingdom, or another jurisdiction with similar protections (and even if you aren't — we extend these rights to everyone), you have the right to:
- Access the personal data we hold about you.
- Correct inaccurate or incomplete data.
- Delete your account and associated personal data ("right to be forgotten").
- Restrict or object to certain processing.
- Port your data — receive a copy in a structured, machine-readable format.
- Withdraw consent at any time, where processing is based on consent.
To exercise any of these, email hello@avero.aydex.nl with the subject line "Data Request" and we'll respond within 30 days.
You also have the right to lodge a complaint with your local data protection authority. For users in the Netherlands, that's the Autoriteit Persoonsgegevens (autoriteitpersoonsgegevens.nl). For other EU countries, find your authority via edpb.europa.eu.
9. Cookies and tracking
Avero is a mobile app, so we don't use cookies in the traditional web sense. We don't embed advertising SDKs, and we don't share device identifiers with advertising networks.
The Avero website (avero.aydex.nl) currently doesn't use analytics or tracking cookies. If we add analytics in the future, we'll use a privacy-respecting tool (no third-party trackers, no cross-site profiling) and update this policy.
10. Children's privacy
Avero is not intended for children under 16, and we don't knowingly collect personal data from anyone under that age.
If you're a parent or guardian and you believe your child has provided us with personal data, email hello@avero.aydex.nl and we'll delete it.
11. International data transfers
Avero's servers and primary database are hosted in the European Union. Some third-party services we rely on (Google, Apple) may process data in the United States or other countries. These transfers are protected by standard contractual clauses or equivalent safeguards approved under GDPR.
12. Changes to this policy
We may update this policy as Avero evolves — for example, if we add new features or change vendors. When we make material changes, we'll:
- Update the "Last updated" date at the top.
- Send you an email if you have an account.
- Show an in-app notice the next time you open Avero.
Continued use of Avero after a change means you accept the updated policy. If you don't, you can delete your account at any time.
13. Contact
Questions, concerns, complaints, data requests — all go to: hello@avero.aydex.nl.
We read every message and reply personally. We aim to respond within 5 business days.
This policy is provided for transparency. It is not legal advice. If you need legal advice about how this policy applies to you, please consult a qualified lawyer.