Privacy Policy
Last updated: April 20, 2026
1. Who We Are
Aviss ("we", "us", "our") operates aviss.app, an AI-powered goal tracking platform. This Privacy Policy explains how we collect, use, and protect your personal data. For any questions, contact us at support@aviss.app.
2. Data We Collect
We collect only what is necessary to provide the Service:
- Account data: Email address and hashed password (or OAuth provider identifier if you sign in with Google)
- Goal data: Goals, descriptions, milestones, check-ins, and progress notes you enter
- Usage data: coach session counts (for usage limits), weekly check-in timestamps, and streak data
- Billing data: Subscription status. Payment card details are processed directly by Stripe and never stored on our servers
- Technical data: IP address, browser type, and standard web server logs (retained for 30 days)
3. How We Use Your Data
- To provide and maintain the Service
- To generate AI-powered milestones and feedback using your goal data
- To send weekly digest emails (if enabled — you can opt out at any time)
- To process payments and manage subscriptions
- To detect and prevent abuse
- To improve the Service (aggregated, anonymized data only)
We do not sell your personal data. We do not use your goal data to train AI models.
4. AI Processing
Goal titles, descriptions, and progress notes are sent to HuggingFace's inference API to generate milestones and motivational feedback. Data sent to HuggingFace is governed by HuggingFace's Privacy Policy. We do not send your email address or account identifiers to AI providers.
5. Data Storage
Your data is stored in Supabase (PostgreSQL) hosted on AWS infrastructure in the US. Data at rest is encrypted. Data in transit is encrypted via TLS. Backups are retained for 7 days.
6. Third-Party Services
| Service | Purpose | Data shared |
|---|---|---|
| Supabase | Database & auth | All user data |
| Stripe | Payment processing | Email, billing info |
| HuggingFace | AI inference | Goal text only |
| Resend | Transactional email | Email address |
| Vercel | Hosting | Server logs |
7. Cookies
We use strictly necessary cookies for authentication (Supabase session cookie). We do not use tracking cookies, advertising cookies, or third-party analytics. No cookie consent banner is required.
8. Your Rights
You have the right to:
- Access — request a copy of your data (use the Export feature in Account settings)
- Correction — update your goal data directly in the app
- Deletion — request account deletion by emailing support@aviss.app
- Portability — download your data as JSON via Account → Export
- Opt-out — disable digest emails in Account → Notifications
Requests are fulfilled within 30 days. If you are in the EU/EEA, you also have the right to lodge a complaint with your local data protection authority.
9. Data Retention
We retain your data for as long as your account is active. Upon account deletion, your data is removed from our systems within 30 days, except where we are required by law to retain it longer.
10. Children's Privacy
The Service is not directed at children under 16. We do not knowingly collect personal data from anyone under 16. If you believe a child has provided us data, contact us and we will delete it promptly.
11. Changes to This Policy
We may update this policy from time to time. We will notify you of material changes by email or a prominent notice on the Service before the change takes effect.
12. Contact
Privacy questions or requests: support@aviss.app