Privacy Policy

1. Who We Are

Data Controller: AVA OLO d.o.o., Croatia
Privacy Contact: privacy@avaolo.com | +385 1 000 0000
We have appointed a privacy contact person (not a formally designated DPO under Article 37 GDPR).

2. What Data We Collect

Account and Contact:

name, phone (including WhatsApp), email (if provided), language.

Farm and Operations:

locations/GPS, field names/sizes/boundaries, crops/varieties, tasks and dates, inputs and inventory, yields/harvests, uploaded attachments.

Usage and Logs:

conversation history, timestamps, IP, device/browser, telemetry, error logs.

Payments:

processed by Stripe; we receive limited metadata (e.g., status, last 4 digits, country).

Messaging (WhatsApp):

metadata and message content by your choice. WhatsApp/Meta have their own terms and policies.

We do not intentionally collect special categories of personal data and ask that you do not upload them.

3. Purposes and Legal Bases

• Service provision (account, chat, records, alerts): Contract (6(1)(b)).
• Security and abuse prevention: Legitimate interests (6(1)(f)).
• Improvements (aggregated/anonymized analytics): Legitimate interests (6(1)(f)) with safeguards.
• Billing and compliance (taxes/accounting): Legal obligation (6(1)(c)).
• Optional notifications/marketing: Consent (6(1)(a)).
• Model evaluation with anonymized or aggregated data: Legitimate interests (6(1)(f)); where needed, consent.

OpenAI Processing

We use OpenAI GPT models (currently GPT-4o) to process your prompts and generate responses. By default, your content is not used by OpenAI for training their models. This will only be allowed if you explicitly enable it through opt-in.

4. Sharing and Processors

We share data only as necessary for the Service:

• AWS: hosting/database and backups.
• OpenAI: LLM inference (minimized).
• Open-Meteo: weather by coordinates.
• 360dialog (WhatsApp API): messaging by your choice.
• Stripe: payments (independent controller for payment data).
• Email/support (Mailgun or similar): service emails/support.

We do not sell personal data.

5. International Transfers

Primary storage is in AWS us-east-1 (USA). For transfers outside EU/EEA, we use Standard Contractual Clauses (SCCs) and additional safeguards (encryption at rest/transit, access controls). Where recipients participate in EU–US Data Privacy Framework, we rely on it where appropriate.

6. Retention

• Active accounts: retention for your usage needs.
• After cancellation: deletion or anonymization of personal data within 90 days, except where law requires longer.
• Backups/logs: rotation within 90–180 days.
• Accounting/tax records: up to 10 years (legal requirements).

7. Your Rights (Articles 15–22 GDPR)

You have rights to access, rectification, erasure, restriction, objection, and portability. You can withdraw consent at any time (does not affect past lawful processing).

Exercise: write to privacy@avaolo.com from registered email/number; we may perform identity verification; response within 30 days.

Automated decision-making: AVA provides AI suggestions but does not make decisions with legal or similarly significant effects without human involvement. You can request human review of important results.

8. Security

TLS in transit; encryption at rest; role-based access controls; MFA for administrators; audit trails; regular backups; processor agreements; incident response with notifications where required.

9. Cookies

We use essential cookies for sessions, security, and language. Optional analytics/marketing cookies (if any) are used only with consent. See our Cookie Notice.

10. Children

Not intended for those under 18 years. If you believe a minor has provided data, contact us for deletion.

11. Complaints

First contact privacy@avaolo.com. You can also complain to supervisory authorities. We cooperate with:

• Croatia – AZOP: Selska cesta 136, 10000 Zagreb, https://azop.hr
• Slovenia – IP RS: Dunajska 22, 1000 Ljubljana, https://www.ip-rs.si

12. Changes

We notify material changes (email/app/web). Continued use after the effective date means acceptance.