🇬🇧 English 🇨🇿 Čeština 🇩🇪 Deutsch 🇪🇸 Español 🇫🇷 Français 🇵🇱 Polski 🇷🇺 Русский 🇸🇰 Slovenčina
AXIVOR

Privacy Policy

1. Introduction

Welcome to Axivor ("we", "our", "us"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application ("App") available on Apple App Store and Google Play Store.

We are committed to protecting your personal data and respecting your privacy in accordance with applicable laws, including the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA/CPRA), Lei Geral de Proteção de Dados (LGPD), and other applicable privacy regulations worldwide.

Data Controller: Jaroslav Cingel
Email: [email protected]
Website: https://axivor.app

2. Information We Collect

2.1 Information You Provide Directly

  • Account Information: Name, email address — for account creation and authentication
  • Authentication Data: Google Sign-In, Apple Sign-In credentials — for secure login
  • Music Service Credentials: Apple Music, YouTube sign-in — for karaoke lyrics and music playback
  • User Preferences: App settings, favorite songs, customization options
  • Financial Data: Payment information for Premium subscriptions (handled by Apple/Google)
  • Tasks and Notes: Personal data in Mail Reporter, Calendar, Notes, Tasks modules
  • Document Scanning Data: Scanned document images (invoices, receipts, contracts) processed via AI for structured data extraction
  • Business Accounting Data: Company identifiers (IČO, DIČ), bank details (IBAN), variable symbols, and payment information extracted from scanned documents — all encrypted with AES-256 at rest
  • Cloud Backup Data (opt-in): Encrypted database backups and AES-GCM encrypted scan images stored in Firebase Storage, controlled by user toggle in Settings

2.2 Information Collected Automatically

  • Device Information: Device model, OS version, unique device identifiers
  • Usage Data: Features used, session duration, interaction patterns
  • Log Data: IP address, access times, app crashes, error logs
  • Analytics Data: Aggregated usage statistics

2.3 Third-Party Services

  • Firebase (Google): Analytics, crash reports, authentication — Privacy Policy
  • Apple Sign-In / Apple Music API: Authentication, music library access — Privacy Policy
  • Google Sign-In: Authentication — Privacy Policy
  • YouTube API Services: Video playback, search — Privacy Policy | ToS
  • OpenAI API (optional, BYOK): AI features — Privacy Policy
  • Anthropic API (optional, BYOK): AI features — Privacy Policy
  • Apple App Store / Google Play Store: Payments, subscriptions
  • Google Gemini AI: Document analysis and structured data extraction from scanned images — Privacy Policy
  • Cloudflare (Workers, D1, R2): Serverless compute, cloud database, and object storage for document export and push notifications — Privacy Policy

3. How We Use Your Information

  • Providing the Service: Account management, authentication, music playback, karaoke, email management, calendar sync, tasks, notes, travel planning, and all App modules
  • Improvement: Analyzing usage patterns to improve features and UX
  • Security: Detecting and preventing unauthorized access, fraud, or abuse
  • Communication: Service-related notifications, feature updates, subscription reminders (not marketing unless opted in)
  • Legal Compliance: Fulfilling legal obligations
  • Personalization: Customizing experience based on preferences
  • AI Features: Processing data through AI models for Mail Reporter analysis, task prioritization, and proactive agents

4. Legal Basis for Processing (GDPR / LGPD)

If you are in the EEA, UK, or Brazil, we process your data based on:

  • Consent: When you sign in with Google/Apple, connect Apple Music or YouTube, enable AI features, or use BYOK
  • Contractual Necessity: To provide core app functionality (Mail Reporter, Calendar, Tasks, Notes, Sonic Engine, Travel, and all other modules)
  • Legitimate Interest: Analytics, security, service improvement, fraud prevention
  • Legal Obligation: Compliance with applicable laws

You may withdraw consent at any time (see Section 7).

5. Data Sharing and Disclosure

We do not sell your personal data.

We may share data only in these cases:

  • Third-Party Service Providers: Firebase, Apple, YouTube, OpenAI, Anthropic as described in Section 2.3
  • Legal Requirements: When required by law, court order, or governmental authority
  • Safety: To protect rights, safety, or property of users or the public
  • Business Transfers: In case of merger, acquisition, or sale (you will be notified)
  • With Your Consent: When you explicitly authorize sharing

6. International Data Transfers

Your data may be transferred to countries outside your residence, including the United States. For EEA/UK transfers, we rely on:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Adequacy decisions where applicable
  • Google's, Apple's, OpenAI's, and Anthropic's own data transfer mechanisms

7. Your Rights

EEA / UK (GDPR)

  • Access, rectify, erase your data
  • Restrict processing, data portability
  • Object to processing, withdraw consent
  • Lodge a complaint with your local supervisory authority

California (CCPA/CPRA)

  • Know what personal information is collected
  • Delete your personal information
  • Opt-out of data sale (we do not sell data)
  • Non-discrimination, correct inaccurate information

Brazil (LGPD)

  • Confirmation of processing, access, correction
  • Anonymization, blocking, deletion, portability
  • Revocation of consent

Other Jurisdictions

We respect equivalent rights under PIPEDA (Canada), POPIA (South Africa), PDPA (Thailand, Singapore), Privacy Act (Australia), and other applicable laws.

To exercise any rights, contact: [email protected] — We respond within 30 days.

8. Data Retention

  • Account data: Until you delete your account
  • Usage analytics: 26 months (Firebase default)
  • Crash reports: 90 days (collected via Firebase Crashlytics, automatically deleted)
  • Authentication tokens: Duration of active session
  • Email/Calendar/Tasks/Notes data: Stored locally; cloud backup retained until account deletion
  • Cloud backups: Encrypted database and scan images in Firebase Storage — retained until user deletes account or manually disables backup
  • Scanned document images: Stored locally and optionally in Firebase Storage (AES-GCM encrypted before upload) — deleted when user deletes account
  • Payment records: 7 years (tax/accounting)

Crash reports and usage analytics are processed under legitimate interest (GDPR Art. 6(1)(f)) and automatically deleted by Firebase after their respective retention periods. When data is no longer needed, we securely delete or anonymize it.

9. Account Deletion

You can delete your account and all associated data:

  • In the App: Settings → Profile → Delete Account
  • By email: Send request to [email protected] with subject "Account Deletion Request"

Upon deletion, we will: remove personal data within 30 days, remove from backups within 90 days, notify third-party services, permanently delete all content, and cancel active subscriptions.

10. Data Security

  • 🔒 Encryption in transit (TLS/SSL) and at rest (AES-256)
  • 🔐 Secure authentication via Firebase with multi-factor support
  • 🛡️ Access controls and least-privilege principles
  • 👁️ Regular security reviews and audits
  • 📱 Local data encryption using iOS/Android secure storage
  • 🔑 Sensitive fields (IČO, DIČ, IBAN, VS) encrypted with AES-256 at rest in local database
  • ☁️ Scan images encrypted with AES-GCM on device before upload — cloud provider cannot read the content
  • 🗝️ Encryption keys backed up separately using PBKDF2 + AES-GCM, protected by user PIN

No method is 100% secure. For security concerns, contact [email protected].

11. Children's Privacy

Our App is not directed at children under 13 (or under 16 in certain jurisdictions). We do not knowingly collect personal information from children. If we discover such data, we will promptly delete it. Contact [email protected] if you believe a child has provided us data.

12. Do Not Track Signals

Our App does not respond to DNT browser signals. You can control data collection through app settings, device privacy settings, and opting out of analytics.

13. Cookies and Similar Technologies

Our website (axivor.app) uses essential cookies for authentication, language preference, and security. We do not use advertising or tracking cookies. You can control cookies through browser settings.

14. Changes to This Policy

We may update this policy. For significant changes, we will notify you through in-app notification, website update, or email. Continued use constitutes acceptance.

Last updated: February 24, 2026

15. YouTube API Services

Our App uses YouTube API Services for music and karaoke features. By using these features, you agree to the YouTube Terms of Service. You can revoke access via Google security settings.

16. Contact Us

Email: [email protected]
Website: https://axivor.app
Privacy page: https://axivor.app/privacy

Response time: 48 hours (business days).

For EU/EEA users: lodge a complaint with your local DPA.
For UK users: ICO
For California users: California Attorney General

← Back to homepage