Privacy Policy

Last updated: April 15, 2026

Avsha ("we", "our", or "us"), operated by Metivity, provides the Avsha mobile application and website. This Privacy Policy describes how we collect, use, store, and protect your information.

1. Information We Collect

Information You Provide

• Account Information: Name, email, and profile photo via Google sign-in.
• Preferences: Interests, travel mode, language, voice, bio.
• Content: Tours you save, share, or create (including audio recordings for creator tours).
• Communications: Messages you send to our support team.

Collected Automatically

• Location: With your permission, we collect precise GPS coordinates during active tour playback to provide navigation and location-relevant content. Coordinates are stored in your tour history and used to personalize recommendations. You can delete your tour history at any time from your profile settings.
• Voice: Processed by your device's speech recognition engine; only transcribed text is received by our servers, not raw audio.
• Usage Data: Tour history, playback progress, engagement metrics, feature usage.
• Device Information: Device type, operating system version, app version, and unique device identifiers for crash reporting.

Local Storage

We use browser localStorage and IndexedDB (via localforage) to store your preferences, cached tour data, and offline content locally on your device. This data is not transmitted to our servers unless you are signed in and syncing your account. You can clear this data through your browser or app settings.

2. How We Use Your Information

• Generate personalized AI audio tours based on your location and preferences
• Save listening history and playback progress
• Manage your account and credits
• Process payments through Stripe or app store platforms (we do not store card details)
• Provide customer support
• Improve, maintain, and secure the Service
• Send service-related notifications (e.g., credit balance, account changes)
• Comply with legal obligations

We do not sell your personal data. We do not use your data for third-party advertising.

3. Legal Basis for Processing (GDPR)

If you are in the European Economic Area, we process your data based on:

• Consent: Location access, microphone (revocable at any time via device settings)
• Contract Performance: Account management, tour generation, payment processing
• Legitimate Interest: Service improvement, fraud prevention, security
• Legal Obligation: Tax records, compliance with law enforcement requests

4. Third-Party Services

We share data with the following service providers, solely for the purposes described in this policy. We maintain Data Processing Agreements with our providers as required by applicable data protection law.

• Google Firebase: Authentication, database, cloud storage, crash reporting
• Google Gemini AI: Content generation and text-to-speech (tour text and location data sent for processing)
• Google Cloud Text-to-Speech: Audio narration generation (tour scripts sent for processing)
• Google Maps Platform: Maps, directions, place data, Street View imagery
• Stripe: Web payment processing (we do not store card details)
• Apple App Store / Google Play: In-app purchase processing
• RevenueCat: Subscription management and entitlement tracking
• OpenStreetMap Nominatim: Reverse geocoding (anonymous location queries)
• PostHog: Product analytics — app usage events and feature interactions, associated with your account identifier while you are signed in
• Sentry: Crash and error diagnostics (error reports, device model, OS version, and app version)

5. International Data Transfers

Your data may be processed in the United States and other countries where our service providers operate. When data is transferred outside the European Economic Area, we rely on Standard Contractual Clauses or other approved transfer mechanisms to ensure adequate protection.

6. Data Storage & Security

Data is stored in Google Firebase with security rules restricting access to authenticated users. All data in transit is encrypted via HTTPS/TLS. We implement access controls, audit logging, and regular security reviews. However, no method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

7. Data Retention

• Account data: Retained until you delete your account.
• Tour history: Retained until you delete individual tours or your account.
• Transaction records: Retained for 7 years for tax and audit compliance.
• Client logs: Retained for up to 90 days for debugging, then automatically purged.
• Community/creator tours: Retained until you or an admin removes them.
• Deleted accounts: Personal data is deleted within 30 days of account deletion request. Anonymized usage data may be retained for analytics.

8. Your Rights

Depending on your location, you may have the following rights under GDPR, CCPA, and similar laws:

• Access: Request a copy of your personal data (Profile > Download My Data)
• Correction: Correct inaccurate data (edit in your profile settings)
• Deletion: Delete your account and all associated data (Profile > Delete My Account)
• Portability: Receive your data in a structured, machine-readable format
• Restriction: Request we limit processing of your data
• Objection: Object to processing based on legitimate interest
• Withdraw Consent: Revoke device permissions in your device settings at any time

We respond to data requests within 30 days as required by applicable law. To exercise your rights, contact privacy@metivity.com.

California Residents (CCPA): You have the right to know what personal information we collect, request deletion, and opt out of any sale of personal information. We do not sell personal information.

9. Children's Privacy

Avsha is not directed at children under 13. We do not knowingly collect personal data from children under 13. Users must confirm they are 13 or older during account setup. If we learn we have collected data from a child under 13, we will delete it promptly. If you believe a child under 13 has provided us personal data, please contact us at privacy@metivity.com.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via the app or email at least 14 days before they take effect. The "Last updated" date at the top of this page reflects when the policy was last revised.

11. Contact

For privacy-related inquiries: privacy@metivity.com

General support: support@metivity.com

12. Account & Data Deletion

You can permanently delete your Avsha account and all associated data at any time:

• In the app: open Profile > Delete My Account. This permanently removes your profile, tour history, saved tours, and any community or creator content you posted.
• By request (no app required): email privacy@metivity.com from your account email address with the subject “Delete my account”, and we will erase your data on your behalf.

Personal data is deleted within 30 days of the request. Transaction records may be retained for up to 7 years where required by tax and accounting law; anonymized, non-identifying usage statistics may be retained for analytics. Account deletion is permanent and cannot be undone.