Privacy Policy
Tervia ("we," "our," or "the App") is a geopolitical risk monitoring and digital nomad intelligence platform. This Privacy Policy explains how we collect, use, and protect your information.
1. Information We Collect
Information You Provide
- Account credentials: Email address via Apple Sign In or Google Sign In. We do not store passwords.
- Profile data: Passport nationalities (country codes), travel type, gender, identity tags (e.g., LGBTQ+, religious minority, solo female traveler), climate and budget preferences, language preferences.
- Travel records: Country entry/exit dates, visa type and expiry dates that you manually enter.
- Watch regions: Countries you choose to monitor for alerts.
Information Collected Automatically
- Location (foreground only): When you grant permission, we perform a one-time location lookup to detect your current country. We do not track your location continuously, do not run location services in the background, and do not store GPS coordinates. Only the detected country name and code are used.
- Subscription status: Purchase and subscription information processed through Apple App Store or Google Play Store via RevenueCat.
- Device push token: If you enable notifications, we receive your device push token. This token is stored on your device and may be synced to your account to enable notification delivery.
Information We Do NOT Collect
- We do not use analytics, advertising, or tracking SDKs.
- We do not track your activity across other apps or websites.
- We do not collect device identifiers for advertising purposes.
- We do not use cookies or similar tracking technologies (Tervia is a native mobile application).
- We do not sell, rent, or share your personal information with third parties for marketing.
- We do not respond to "Do Not Track" browser signals as the App does not track users across websites.
2. How We Use Your Information
| Purpose | Data Used | Legal Basis |
|---|---|---|
| Personalized risk assessment | Identity tags, nationality | Consent (you choose to provide) |
| Tax and visa tracking | Travel records (entry/exit dates) | Contract performance |
| AI route generation | Route planning prompt text, travel preferences | Contract performance |
| Notifications | Push token, stay/visa data | Consent (you enable notifications) |
| Account management | Email, authentication tokens | Contract performance |
| Service improvement | Aggregated, non-identifiable usage patterns | Legitimate interest |
3. Sensitive Information
We recognize that identity tags (LGBTQ+, religious minority, solo female) constitute sensitive personal information under various privacy laws. This data is:
- Provided voluntarily and can be removed at any time from your profile.
- Used exclusively to personalize risk displays within the App.
- Processed only with your explicit consent.
- Stored securely and never shared with third parties.
- Deleted upon account deletion (see Section 9).
4. Data Storage and Security
- Your data is stored in Amazon Web Services (AWS) infrastructure located in the United States (us-east-1 region).
- Authentication tokens are stored on-device using encrypted secure storage (Keychain on iOS, EncryptedSharedPreferences on Android).
- All network communication uses HTTPS/TLS encryption in transit.
- Data at rest is encrypted using AWS-managed encryption keys.
- We use a single-table database design where all your data is keyed to your unique user ID, ensuring logical isolation from other users.
While we implement commercially reasonable security measures, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.
5. Third-Party Services
| Service | Purpose | Data Shared | Privacy Policy |
|---|---|---|---|
| Apple Sign In | Authentication | Email address | apple.com/privacy |
| Google Sign In | Authentication | Email address | policies.google.com/privacy |
| RevenueCat | Subscription management | Anonymous user ID, purchase receipts | revenuecat.com/privacy |
| Amazon Web Services | Data storage and API hosting | All user data (encrypted) | aws.amazon.com/privacy |
| OpenAI | AI-powered route generation | Route planning prompt text, travel preferences (budget tier, regions). We do not programmatically attach personal identifiers; however, any text you enter in a route planning prompt may be processed by OpenAI. Do not include unnecessary sensitive information in prompts. | openai.com/privacy |
We do not share your personal data with third parties beyond those listed above.
6. Third-Party Data Sources
Country-level information displayed in the App is sourced from:
- World Bank Development Indicators (CC BY 4.0)
- Transparency International Corruption Perceptions Index (CC BY-ND 4.0)
- UNDP Human Development Index (CC BY 3.0 IGO)
- U.S. Department of State (Public Domain)
These are publicly available datasets and do not contain your personal information.
7. Your Rights
All Users
- Access: View all your data within the App (Profile and Tracking tabs).
- Correction: Edit your profile, stays, and preferences at any time.
- Deletion: Delete your entire account and all associated data from within the App (Profile > Delete Account). User data is promptly removed from our primary database upon deletion.
- Notification opt-out: Disable push notifications at any time through your device's system settings (Settings > Notifications > Tervia).
California Residents (CCPA/CPRA)
Categories of Personal Information Collected in the Preceding 12 Months:
| Category | Examples | Sources | Business Purpose | Third Parties Disclosed To |
|---|---|---|---|---|
| Identifiers | Email address, unique user ID | You (sign-in), Apple/Google auth | Account management | AWS |
| Protected classifications | Gender, identity tags, nationality | You (optional profile setup) | Personalized risk display | AWS |
| Geolocation | Country-level location | Device (with your permission) | Tax/visa tracking | AWS |
| Commercial information | Subscription status and tier | Apple/Google via RevenueCat | Entitlement management | RevenueCat |
| Internet/electronic activity | Route planning prompts | You (feature usage) | AI route generation | OpenAI |
Your Rights:
- Right to Know: Request the categories and specific pieces of personal information we have collected about you.
- Right to Delete: Request deletion of your personal information.
- Right to Correct: Request correction of inaccurate personal information.
- Right to Opt-Out of Sale/Sharing: We do not sell personal information. We do not share personal information for cross-context behavioral advertising.
- Right to Limit Use of Sensitive Personal Information: We use sensitive information (identity tags) only for the purposes you explicitly choose.
- Non-Discrimination: We will not discriminate against you for exercising your privacy rights.
How to Exercise Your Rights:
- Delete your account in-app (Profile > Delete Account) for immediate deletion.
- Email hello@tervia.app for access, correction, or other requests.
- We will respond to verifiable consumer requests within 45 days. If we require additional time (up to 45 more days), we will notify you of the extension and the reason.
We have not sold or shared personal information of any consumer in the preceding 12 months.
Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), and Other State Laws
Residents of states with comprehensive privacy laws have similar rights to access, correct, delete, and obtain a copy of their personal data. To exercise these rights, use the in-app account deletion feature or contact us at hello@tervia.app.
You may also have the right to appeal our decision regarding a privacy request by contacting us at the email below. We will respond to appeals within the timeframes required by applicable law.
8. Children's Privacy
Tervia is not intended for children under 13. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will promptly delete it.
9. Data Retention
- Your data is retained as long as your account is active.
- Upon account deletion, all user data is promptly deleted from our primary database. Incidental references in system logs (e.g., API access logs) may persist until those logs expire per standard retention schedules.
- Orphaned authentication provider links (which contain only a reference ID and email) may persist but point to no user data.
- We do not retain database backups of deleted user data.
10. Data Breach Notification
In the event of a data breach that affects your personal information, we will:
- Notify relevant authorities as required by applicable state and federal law.
- Notify affected users without undue delay, and in any event within the timeframes required by applicable law.
- Provide details about the nature of the breach, the data affected, and remedial steps taken.
11. Changes to This Policy
We may update this Privacy Policy from time to time. Changes will be reflected by the "Last Updated" date above. For material changes, we will provide notice through the App or via email. Continued use of the App after changes constitutes acceptance.
12. Contact Us
For privacy-related questions, data requests, or complaints: