Avalo

Privacy Policy

Last updated: February 2026

⚠️ This service is restricted to users aged 18 and older. We do not knowingly collect data from individuals under 18.

1. Data Controller

Avalo sp. z o.o. ("Avalo", "we", "us"), registered in Warsaw, Poland, is the data controller for your personal data processed through the Avalo platform. For data protection inquiries, contact us at privacy@avalo.app.

2. Data We Collect

2.1 Account Data

When you register, we collect: email address, display name, and optionally phone number, profile photo, date of birth for age verification, and location data for regional compliance.

2.2 Usage Data

We automatically collect information about your interactions with the Service, including: pages visited, features used, timestamps, device information (browser type, OS, screen resolution), IP address, and referral URLs.

2.3 Payment Data

Token purchases are processed by Stripe. We store transaction records (amount, currency, pack purchased, timestamp) but do NOT store your payment card details. Stripe handles all payment card processing in accordance with PCI DSS standards.

2.4 Communication Data

Messages, chat data, and content you share through the platform are stored to provide the Service. This includes text messages, media uploads, and interaction metadata.

3. How We Use Your Data

We process your data for the following purposes:

  • Service provision: To operate your account, process token purchases, deliver messages, and provide platform features.
  • Safety and security: To detect fraud, prevent abuse, enforce community guidelines, and protect users.
  • Legal compliance: To comply with applicable laws, including age verification, tax reporting, and law enforcement requests.
  • Service improvement: To analyze usage patterns, improve performance, and develop new features (using aggregated, anonymized data where possible).
  • Communication: To send service-related notifications, security alerts, and (with your consent) marketing communications.

4. Legal Basis for Processing (GDPR)

  • Contract performance: Processing necessary to provide the Service per our Terms of Service.
  • Legitimate interests: Safety, fraud prevention, and service improvement.
  • Legal obligation: Tax reporting, age verification, law enforcement cooperation.
  • Consent: Marketing emails and optional cookies (you may withdraw consent at any time).

5. Data Sharing

We share your data only in the following circumstances:

  • Service providers: Stripe (payments), Firebase/Google Cloud (infrastructure), content delivery networks.
  • Other users: Your public profile, content, and messages are visible to other users as part of the Service.
  • Legal requirements: When required by law, court order, or government authority.
  • Safety: When necessary to protect the safety of users or the public.

We do NOT sell your personal data to third parties.

6. Data Retention

We retain your personal data for as long as your account is active or as needed to provide the Service. After account deletion, we retain certain data for the period required by applicable law (e.g., tax records for 5–7 years). Anonymized analytics data may be retained indefinitely.

7. Your Rights (GDPR)

Under the GDPR, you have the following rights:

  • Access: Request a copy of your personal data.
  • Rectification: Correct inaccurate data.
  • Erasure: Request deletion of your data ("right to be forgotten").
  • Portability: Receive your data in a machine-readable format.
  • Objection: Object to processing based on legitimate interests.
  • Restriction: Request restriction of processing in certain circumstances.
  • Withdrawal of consent: Withdraw consent at any time where processing is based on consent.

To exercise these rights, contact us at privacy@avalo.app. We will respond within 30 days.

8. Cookies

We use cookies and similar technologies as described in our Cookie Policy. Essential cookies are required for the Service to function. Analytics and preference cookies are used with your consent.

9. International Data Transfers

Your data may be processed in the European Economic Area (EEA) and the United States (via Google Cloud/Firebase). Transfers outside the EEA are subject to appropriate safeguards, including Standard Contractual Clauses.

10. Security

We implement appropriate technical and organizational measures to protect your data, including encryption in transit (TLS) and at rest, access controls, and regular security audits.

11. Children

The Service is not intended for individuals under 18 years of age. We do not knowingly collect personal data from children. If we become aware that a child under 18 has provided us with personal data, we will take steps to delete such information.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or in-app notification. The "Last updated" date at the top indicates the most recent revision.

13. Contact

Data Protection Officer: privacy@avalo.app
Avalo sp. z o.o.
Warsaw, Poland