VAVIOBack to Feed

Privacy Policy

Effective Date: April 17, 2026

Vavio ("we," "us," or "our") operates the website at vavio.app and the Vavio mobile apps for iOS and Android. This Privacy Policy explains what information we collect, how we use it, and your rights regarding that information.

1. Information We Collect

Account Information

If you create an account, we collect:

  • Your email address (used for sign-in via magic link and for service-related notices)
  • Your display name and avatar (optional — provided if you sign in with Google or Apple)
  • The teams you follow and your source and filter preferences
  • Your notification preferences (quiet hours, digest time, custom alerts)
  • Your subscription tier (free or premium) and subscription status

Account data is stored in our Supabase-hosted PostgreSQL database (encrypted at rest) and is used solely to deliver the app across your devices. You can continue using Vavio anonymously without an account — preferences are then kept only in your browser's localStorage.

Push Notification Data

If you enable push notifications in the mobile app, we collect a device token issued by Apple Push Notification service (APNs) or Firebase Cloud Messaging (FCM). This token is used to deliver real-time alerts about your followed teams and any custom alerts you've set up. Tokens are stored with your account and deactivated if delivery fails repeatedly.

Subscription and Payment Information

Premium subscriptions are processed through the Apple App Store, Google Play Store, or the web via RevenueCat. We do not receive or store your payment card details — that information is handled entirely by Apple, Google, or our payment processor. We receive only the subscription status, product identifier, and renewal/expiration timestamps needed to unlock premium features on your account.

Analytics Data (Anonymous)

When you use Vavio we collect anonymous usage data to understand how the app is used and improve the experience. This includes:

  • A randomly generated device identifier
  • A random session identifier (generated fresh each visit)
  • Device type (mobile, tablet, or desktop) and platform (web, iOS, or Android)
  • Referring URL (the page that linked you to Vavio, on web)
  • Interaction events: which videos you expand, segments you tap, time spent on content
  • Session duration and engagement metrics

We do not collect your name, email address (except for account and newsletter use — see above), IP address for analytics purposes, or any information that directly identifies you. The analytics device identifier is a random UUID that cannot be linked back to you personally. We do not track you across other apps or websites.

Newsletter Subscription

If you sign up for our daily digest newsletter, we collect:

  • Your email address
  • Your selected team preference
  • Your IP address (used solely for rate limiting to prevent abuse)

Newsletter subscriptions use double opt-in: we send a confirmation email, and your subscription is not active until you confirm.

Source Requests and Custom Topics

If you submit a request to add a new show or channel, or save a custom topic keyword, we store what you entered along with your account identifier (or device identifier if you're anonymous). If you opt into email alerts for a custom topic, we also keep the email address you provided.

2. How We Use Your Information

  • To provide and maintain the Vavio service across web, iOS, and Android
  • To sync your followed teams and preferences across your devices
  • To send push notifications and the daily digest based on your preferences
  • To verify your premium subscription and unlock premium features
  • To analyze anonymous usage patterns and improve the user experience
  • To prevent abuse and enforce rate limits
  • To respond to source requests and contact you about requested shows (if you provided an email)

3. Third-Party Services

Vavio uses the following third-party services. Each has its own privacy policy governing how they handle any data we share with them.

  • Supabase — stores your account, preferences, subscription status, and notification log in an encrypted PostgreSQL database.
  • Vercel — hosts the web app and serverless API.
  • RevenueCat — manages premium subscriptions and syncs entitlement status across iOS, Android, and web.
  • Firebase Cloud Messaging (Android) and Apple Push Notification service (iOS) — deliver push notifications to your device.
  • Resend — sends account-related emails (magic link sign-in, newsletter, digest).
  • Upstash Redis — caches content lookups to reduce load (contains no personally identifiable information).
  • YouTube Data API — retrieves video metadata (titles, thumbnails, durations). Video playback uses YouTube's official embedded player.

4. YouTube API Services

Vavio uses the YouTube API Services to display video content. By using Vavio, you are also agreeing to be bound by the YouTube Terms of Service.

We use the YouTube API to retrieve video metadata (titles, thumbnails, durations, view counts, and embed status). Videos are displayed through YouTube's official embedded player — we do not download, store, or re-host video content.

Google's Privacy Policy applies to data collected by YouTube's embedded player. You can review it at https://policies.google.com/privacy.

You can revoke Vavio's access to your data via the Google security settings page.

5. Cookies and Local Storage

On the web, Vavio uses your browser's localStorage (and an authentication cookie, if you're signed in) to store:

  • A random device identifier for anonymous analytics
  • Your analytics consent preference
  • Your selected team and source preferences
  • A returning-user flag to distinguish new vs. returning visitors
  • A secure authentication session (only when you're signed in)

In the mobile apps, equivalent data is stored locally using platform-standard secure storage. YouTube's embedded player may set its own cookies when you interact with video content. These are governed by Google's Privacy Policy.

6. Data Sharing

We do not sell, rent, or share your personal information with third parties for marketing purposes. We share data only with:

  • The service providers listed in Section 3, to the extent necessary to operate Vavio
  • Law enforcement or legal processes when required by applicable law

7. Data Retention

  • Account data (email, preferences, subscription status) is retained while your account is active. It is deleted within 30 days of a deletion request.
  • Anonymous analytics event data is retained for up to 12 months, then deleted.
  • Notification logs are retained for 90 days for delivery troubleshooting.
  • Newsletter subscriber data is retained while your subscription is active. Unsubscribed records are deleted after 30 days.
  • Content metadata (video titles, thumbnails, segments) is refreshed regularly. Raw transcript data is purged after processing.

8. Your Rights

All Users

  • You can request a copy of your data, or permanent deletion of your account, by emailing us at the address below.
  • You can clear localStorage or reset the app at any time to clear local data.
  • You can unsubscribe from the newsletter using the link in any email.
  • You can disable push notifications at any time from the app's Notification Settings screen or your device's system settings.
  • You can manage or cancel your premium subscription from your device's App Store or Play Store account, or from the Subscription page in the app.

European Economic Area (GDPR)

If you are located in the EEA, you have the right to:

  • Access the personal data we hold about you
  • Request correction or deletion of your data
  • Object to or restrict processing of your data
  • Data portability — receive your data in a structured, machine-readable format
  • Withdraw consent at any time (this does not affect the lawfulness of prior processing)

Our legal basis for processing account data is the contract to provide the service. Our legal basis for processing analytics data is your consent. Our legal basis for processing newsletter data is your explicit opt-in.

California (CCPA)

If you are a California resident, you have the right to:

  • Know what personal information we collect and how it is used
  • Request deletion of your personal information
  • Opt out of the sale of personal information (we do not sell your data)
  • Non-discrimination for exercising your CCPA rights

9. Children's Privacy

Vavio is not directed at children under 13 and is not intended for use by anyone under 13. We do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected such information, please contact us and we will promptly delete it.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated effective date. Your continued use of Vavio after changes constitutes acceptance of the revised policy.

11. Contact Us

For privacy-related requests, including data export or deletion requests, contact us at: mgalens@gmail.com