Welcome to Orvo. Your privacy is of the utmost importance to us. This Privacy Policy outlines how we collect, use, store, and protect your data, including Google user data, in accordance with GDPR, the Google API Services User Data Policy, and other applicable privacy laws.
1. Information We Collect
To provide and enhance our services, we collect the following data:
- Personal Information: Name, email address, and profile details you provide when creating your Orvo account.
- Google Contacts Data: With your explicit consent, we read your Google Contacts so you can import them into your private Orvo CRM. We never modify, create, or delete contacts in your Google account.
- Authentication Information: Required for Google Sign-In (your Google account identifier, email, and basic profile).
- Billing Information: Managed securely via Stripe for subscription payments. Orvo never stores full card numbers.
- Usage Data: Logs and analytics to improve Orvo's functionality.
2. How We Use Your Data
We use your information to:
- Provide contact management and the Google Contacts import feature inside Orvo.
- Authenticate you via Google Sign-In.
- Process payments securely using Stripe.
- Enhance app performance and develop new features.
- Provide customer support and resolve inquiries.
Note: Orvo personnel do not read users' private data except where strictly necessary (see Section 5).
3. Data Storage and Security
We securely store user data in GDPR-compliant data centers. Security measures include:
- SSL/TLS Encryption: All data is transmitted over encrypted connections.
- Encryption at Rest: Stored data is protected by disk-level encryption.
- Restricted Access: Only authorised personnel can access production systems, and only for legitimate operational reasons.
4. Data Sharing with Third Parties
We do not sell your data, and we do not transfer it to third parties except in these specific cases:
- Stripe: Strictly to process subscription payments you initiate.
- Infrastructure providers (Render, Cloudflare, our managed database host): Acting only as data processors on our behalf to host the Orvo application.
- Legal Compliance: If required by law, court order, or to protect our rights and the safety of users.
We do not transfer Google user data to any third party for any purpose other than the cases listed above.
5. Google API Services User Data — Limited Use
Orvo's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements:
- (a) Limited to user-facing features: Google user data is used only to provide and improve the contact import and contact management features that are prominently visible inside Orvo.
- (b) No transfer to third parties: We do not transfer Google user data to anyone other than the user, infrastructure providers acting as our data processors, or where required by law.
- (c) No advertising: We do not use Google user data for advertising of any kind, including personalised, retargeted, or interest-based advertising.
- (d) No human reading: Orvo personnel do not read Google user data, except (i) with the user's explicit consent, (ii) to comply with applicable law, or (iii) for security purposes such as investigating abuse, where the data is aggregated and anonymised where possible.
Google OAuth scopes requested by Orvo:
openid, userinfo.email, userinfo.profile — used only to sign you in and create or look up your Orvo account.https://www.googleapis.com/auth/contacts.readonly — requested only when you choose to import your Google Contacts. Read-only: we cannot modify, create, or delete contacts in your Google account.
You can revoke Orvo's access to your Google account at any time via your Google Account permissions page.
6. User Rights
Under GDPR, you have the right to:
- Access: Request a copy of your personal data.
- Correction: Modify or update your stored information.
- Deletion: Request removal of your data. You can delete your account yourself from Settings → Account Management.
- Portability: Download your data in a structured format.
To exercise your rights, contact us at office@getorvo.com.
7. Data Retention and Deletion
When you delete your Orvo account:
- Your account is immediately disabled and you are signed out.
- Connected Google, Microsoft, and other OAuth tokens are revoked immediately.
- Any active subscription is cancelled.
- Within 30 days, an automated job permanently erases all personal data linked to your account — including any Google user data you imported (contacts, notes, tasks, organisations, network maps, activity logs, and related records). Your Orvo user record is retained in redacted form (no name, email, tokens, or other identifying information) solely to maintain referential integrity in retained billing records.
- A minimal set of billing records (invoice history, payment transaction IDs) may be retained for up to 7 years to meet legal, tax, and accounting obligations. These records contain no Google user data.
You may also request immediate erasure (subject to the legal retention obligations above) by emailing office@getorvo.com.
8. Third-Party Data Stored by Users
Orvo allows users to store information about their professional contacts (names, notes, relationship details). Users are the data controllers for any personal data they enter about third parties and are responsible for ensuring they have a lawful basis to store it.
If you believe an Orvo user holds personal data about you that you would like corrected or removed, please contact us at office@getorvo.com. We will forward your request to the relevant user(s) in accordance with applicable data protection law.
9. Cookies and Tracking
Orvo uses the following cookies:
- Essential cookies: Session cookies required for login and payment processing (Laravel session, Stripe). These are strictly necessary and do not require consent.
- Analytics cookies: Google Analytics (
_ga, _gid) to understand how visitors use Orvo. These are only loaded after you provide consent via our cookie banner. IP addresses are anonymised.
You can withdraw your consent at any time by clearing your browser's local storage or cookies. We do not use cookies for advertising or profiling.
10. Updates to This Privacy Policy
We may update this Privacy Policy periodically. Users will be notified via email or in-app alerts.
11. Contact Us
For inquiries regarding this Privacy Policy, contact us at:
Email: office@getorvo.com
By using Orvo, you agree to this Privacy Policy.