Mario Carmona
Back to Portfolio
Last updated: 2026-05-04

Privacy Policy — Roveio

Last updated: May 4, 2026

This privacy policy describes how Roveio ("the app", "we") collects, uses, and protects your personal information.

1. Data We Collect

We collect the following information when you use Roveio:

  • Account data: email address, username, and password (managed by Supabase Auth).
  • Profile data: name, travel style, travel pace, and dietary preferences you voluntarily provide.
  • Usage data: generated itineraries, searched destinations, dates, and app usage history.
  • Purchase data: credit purchase history (managed by RevenueCat; we do not store credit card data).
  • Technical data: device identifier, operating system, and app version, required for the service to function.

2. How We Use Your Data

We use your information to:

  • Create and manage your user account.
  • Generate personalized travel itineraries using artificial intelligence.
  • Manage your credits and in-app purchases.
  • Improve the service and fix technical issues.
  • Communicate with you if you contact us for support.

We do not sell your personal information to third parties. We do not use your data for advertising.

3. Third Parties That Access Your Data

To provide the service, we share data with the following providers:

  • Supabase (Supabase Inc.): database and authentication. Stores your account, profile, and itinerary data. Privacy policy: supabase.com/privacy.
  • OpenAI (OpenAI, LLC): AI itinerary generation. We process your travel preferences to generate the itinerary; your data is not retained by OpenAI beyond the request processing time. Privacy policy: openai.com/policies/privacy-policy.
  • RevenueCat (RevenueCat, Inc.): in-app purchase management. Manages purchase history and receipt verification. Privacy policy: revenuecat.com/privacy.

4. Data Retention

We retain your account data and itineraries for as long as your account is active. To maintain service performance, we may automatically archive or delete old itineraries for trips that have ended and have had no recent activity.

You can manually delete any itinerary at any time from the "My Trips" section of the app. If you delete your account, all your personal data and itineraries will be permanently and irreversibly removed.

After account deletion, we retain an anonymous identifier (hash) of your email to prevent abuse of the welcome credit. This identifier cannot be used to reconstruct your original email address.

5. Your Rights

You have the right to:

  • Access the data we hold about you.
  • Rectify incorrect or incomplete data.
  • Delete your account and all associated data.
  • Export your data in a readable format.
  • Object to the processing of your data in cases provided for by law.

To exercise any of these rights, contact us via the contact form.

6. Security

We implement technical and organizational measures to protect your information:

  • All communications are encrypted via HTTPS/TLS.
  • Passwords are stored encrypted (never in plain text).
  • Data access is restricted through Row Level Security (RLS) policies in Supabase.
  • We conduct periodic security reviews.

However, no system is completely secure. We recommend using a unique and strong password for your account.

Data availability depends on third-party providers such as Supabase. In the event of data loss caused by a provider failure, we will take reasonable measures within our control, but we cannot guarantee full recovery of the information.

Despite the measures above, we cannot guarantee uninterrupted availability of the service or full data recovery in the event of a failure, loss, or incident caused by a third-party provider. We recommend manually sharing or exporting any critical itinerary from within the app (share button on the itinerary screen) if its content is important for your trip.

7. Children

Roveio is not directed at children under 13. We do not knowingly collect data from minors. If we discover that we have collected data from a minor, we will delete it immediately. If you are a parent or guardian and believe your child has provided data, please contact us.

8. Contact

If you have questions about this privacy policy or wish to exercise your rights, you can contact us at:

Mario Carmona Contact form