Mario Carmona
Back to Portfolio
Last updated: 2026-05-04

Privacy Policy — Roveio

Last updated: May 4, 2026

This privacy policy describes how Roveio ("the app", "we") collects, uses, and protects your personal information.

1. Data We Collect

We collect the following information when you use Roveio:

  • Account data: email address, username, and password (managed by Supabase Auth).
  • Profile data: name, travel style, travel pace, and dietary preferences you voluntarily provide.
  • Usage data: generated itineraries, searched destinations, dates, and app usage history.
  • Purchase data: credit purchase history (managed by RevenueCat; we do not store credit card data).
  • Technical data: device identifier, operating system, and app version, required for the service to function.

2. How We Use Your Data

We use your information to:

  • Create and manage your user account.
  • Generate personalized travel itineraries using artificial intelligence.
  • Manage your credits and in-app purchases.
  • Improve the service and fix technical issues.
  • Communicate with you if you contact us for support.

We do not sell your personal information to third parties. We do not use your data for advertising.

3. Third Parties That Access Your Data

To provide the service, we share data with the following providers:

  • Supabase (Supabase Inc.): database and authentication. Stores your account, profile, and itinerary data. Privacy policy: supabase.com/privacy.
  • OpenAI (OpenAI, LLC): AI itinerary generation. We process your travel preferences to generate the itinerary; your data is not retained by OpenAI beyond the request processing time. Privacy policy: openai.com/policies/privacy-policy.
  • RevenueCat (RevenueCat, Inc.): in-app purchase management. Manages purchase history and receipt verification. Privacy policy: revenuecat.com/privacy.

4. Data Retention

We retain your data for as long as your account is active. If you delete your account, we delete your personal data within 30 days, except where the law requires us to retain it longer (e.g., financial transaction records).

AI-generated data (itineraries) is deleted along with your account.

5. Your Rights

You have the right to:

  • Access the data we hold about you.
  • Rectify incorrect or incomplete data.
  • Delete your account and all associated data.
  • Export your data in a readable format.
  • Object to the processing of your data in cases provided for by law.

To exercise any of these rights, contact us at hola@mariocarmona.dev.

6. Security

We implement technical and organizational measures to protect your information:

  • All communications are encrypted via HTTPS/TLS.
  • Passwords are stored encrypted (never in plain text).
  • Data access is restricted through Row Level Security (RLS) policies in Supabase.
  • We conduct periodic security reviews.

However, no system is completely secure. We recommend using a unique and strong password for your account.

7. Children

Roveio is not directed at children under 13. We do not knowingly collect data from minors. If we discover that we have collected data from a minor, we will delete it immediately. If you are a parent or guardian and believe your child has provided data, please contact us.

8. Contact

If you have questions about this privacy policy or wish to exercise your rights, you can contact us at:

Mario Carmona Email: hola@mariocarmona.dev