Privacy Notice

Last updated: 2026-04-24

1. Who we are

MV-Jarvis (the "Service") is operated by Marco Sergio MELANO, acting as the data controller for the personal data processed in connection with the Service.

2. Data we collect and why

• Account data (email, password hash, display name, profile picture): to create and manage your account, authenticate you and provide the Service. Legal basis: performance of the contract.
• Trip and bike data (uploaded telemetry, GPS tracks, bike model, mileage, service notes): to generate analyses, statistics and AI insights you request. Legal basis: performance of the contract.
• Subscription data (plan, status, period dates, Paddle customer and subscription identifiers): to manage PRO access. Legal basis: performance of the contract; legitimate interest in preventing abuse.
• Usage and technical data (IP address, device/browser, log events, error reports): to operate, secure and improve the Service. Legal basis: legitimate interests.
• Support communications: to respond to your requests. Legal basis: legitimate interest.

We do not collect special categories of personal data and we do not knowingly collect data from children under 16.

3. AI processing

When you request an analysis, the relevant trip data and bike metadata are sent to the AI provider that powers our Lovable AI Gateway in order to generate the requested output. We do not use your trip data to train third-party models.

4. Who we share data with

• Hosting and backend infrastructure providers (Lovable Cloud / Supabase) for storing and serving your data.
• AI providers via the Lovable AI Gateway, only for generating the outputs you request.
• Paddle.com, our Merchant of Record, for processing payments, subscription management, tax compliance, invoicing and fraud prevention. Paddle acts as an independent controller for payment data.
• Authentication providers (Google, Apple) when you choose social sign in.
• Professional advisers and authorities when required by law.

5. International transfers

Some of our processors are located outside the EEA / UK. When personal data is transferred internationally we rely on adequacy decisions or Standard Contractual Clauses to ensure an equivalent level of protection.

6. Retention

We keep your account and trip data for as long as your account exists. If you delete your account, we delete or anonymise your personal data within a reasonable period, except where we are required to keep it (e.g. tax, accounting or fraud-prevention obligations). Subscription and invoicing data may be kept by Paddle for the period required by law.

7. Your rights

Subject to applicable law (including the GDPR), you have the right to access, rectification, erasure, restriction of processing, portability, objection, and to withdraw consent at any time. You also have the right to lodge a complaint with your local supervisory authority. To exercise your rights, contact us at the email address shown on the MV-Jarvis website. We will respond within one month.

8. Security

We use appropriate technical and organisational measures, including encryption in transit, access controls and Row-Level Security at the database level, to protect your personal data.

9. Cookies

MV-Jarvis uses only essential cookies and local storage required to keep you signed in and to remember your preferences. We do not use advertising or third-party tracking cookies. The Paddle checkout may set its own cookies which are governed by Paddle's privacy notice.

10. Changes

We may update this Notice. The "Last updated" date at the top reflects the latest version. Material changes will be notified via the Service or email.