Section 1 — Introduction
Stuvo is a studio management application for small business owners in India. This policy explains what personal data we collect, why we collect it, how we use and protect it, and your rights under the DPDP Act 2023, DPDP Rules 2025, and the IT Act 2000. By using Stuvo, you agree to this policy. If you do not agree, please uninstall the app.
Section 2 — Who This App Is For
Stuvo is intended exclusively for adults aged 18 and above — for business owners and studio managers only. We do not knowingly collect data from anyone under 18. If you believe a minor has accessed Stuvo, email stuvosupport@gmail.com and we will delete that account immediately.
Section 3 — Personal Data We Collect
We collect only the minimum data necessary.
- A) Data you provide directly: your name and studio name, studio type, client/student names, phone numbers, email addresses, booking details, payment amounts, attendance records, batch information, test marks, homework logs, and messages to the Stuvo AI assistant.
- B) Via Google Sign-In: your Google account email address only.
- C) Automatically via third-party services: Sentry collects device model, OS version, app version, and error stack traces when a crash occurs — no IP address or personal identity. Cloudflare Workers + Groq process your AI messages and relevant studio data (up to 20 records per category) to generate AI responses — this data is not permanently stored by Stuvo, Cloudflare, or Groq.
Section 4 — How We Store Your Data
- Free Plan: all studio data stays entirely on your device (SQLite). We have zero access to it. Uninstalling or signing out permanently deletes it.
- Advanced Studio Tools users: only your profile (name, email, studio name, studio type) is synced to Supabase servers in Seoul, South Korea. All other data stays on device.
Important — Sign-Out Warning
Signing out permanently clears all local data — clients, bookings, config, everything. Back up before signing out. We are not responsible for data loss from signing out.
Section 5 — How We Use Your Data
Only for: operating the app, authenticating via Google, syncing profile to cloud (Advanced Studio Tools only), generating AI responses, diagnosing crashes via Sentry, and contacting you about critical service updates. We do not use your data for advertising, tracking, or profiling.
Section 6 — Third-Party Services
| Service | Purpose | Data Shared | Privacy Policy |
|---|---|---|---|
| Google OAuth | Sign-in authentication | Your Google email | policies.google.com/privacy |
| Supabase | Cloud profile storage (Advanced Studio Tools only) | Name, email, studio name, studio type | supabase.com/privacy |
| Sentry | Crash & error reporting | Device model, OS version, app version, error traces. No IP or personal identity. | sentry.io/privacy |
| Cloudflare Workers + Groq | AI chat processing | Message text, studio context, up to 20 records per category (clients, bookings, payments, attendance) — only when relevant. Not permanently stored. | cloudflare.com/privacypolicy and groq.com/privacy-policy |
| Telegram | Community & support | None — external link only | telegram.org/privacy |
Section 7 — Data We Do Not Collect
We never sell, rent, or trade your data to any third party — ever.
Section 8 — Cross-Border Data Transfers
Your data may be processed outside India: Supabase (Seoul, South Korea — Advanced Studio Tools profile only), Sentry (United States — crash data, no personal identity), Cloudflare + Groq (United States — AI chat only, not stored). By using Stuvo you consent to these transfers. All third parties maintain appropriate data protection standards.
Section 9 — Data Retention
- Local device data: until you uninstall, sign out, or delete your account
- Cloud profile (Advanced Studio Tools): retained until you request account deletion. In accordance with the Information Technology (Intermediary Guidelines) Rules 2021, core registration metadata is retained in a securely inaccessible state for 180 calendar days after deletion, after which it is permanently and irreversibly destroyed.
- Sentry crash data: 90 days per Sentry's policy
- AI chat data: not stored — processed in real time and discarded immediately
Section 10 — Your Rights Under the DPDP Act 2023
To exercise any right, email stuvosupport@gmail.com. We will acknowledge all requests within 48 hours and resolve them within 7 calendar days.
Section 11 — Account and Data Deletion
- In-App (recommended): Settings → Delete Account. Immediately and permanently deletes all local data across 20+ database tables, your Supabase profile, and your auth account. Cannot be undone.
- Without the app: email stuvosupport@gmail.com with subject "Account Deletion Request" and your registered email. We will acknowledge your request within 48 hours and complete deletion within 7 calendar days. Please note that in accordance with the IT (Intermediary Guidelines) Rules 2021, core registration metadata is retained in an inaccessible state for 180 calendar days before permanent destruction.
- Dedicated page: stuvo.in/delete-account
Section 12 — Data Security
All data transmitted to Supabase, Cloudflare, and Groq is encrypted via HTTPS/TLS. Supabase uses Row Level Security — only you can access your profile. Local SQLite is protected by your device's own security. Authentication is fully handled by Google OAuth — we never store passwords. In the event of a data breach, we will notify you and the Data Protection Board of India as required by the DPDP Act 2023.
Section 13 — Children's Privacy
Stuvo is not for anyone under 18. If we discover a minor has used the app, we will suspend the account and delete all data immediately. Contact stuvosupport@gmail.com if you suspect this.
Section 14 — Changes to This Policy
We may update this policy. Significant changes will be notified in-app. The Effective Date at the top reflects the latest revision. Continued use after changes = acceptance.
