Back to home

Privacy Policy

Your privacy matters. Here's exactly what we collect and how we protect it.

Last updated: April 2026

What Data We Collect

We only collect what's necessary to run the service. Nothing more.

  • Email address — For account creation and service notifications.
  • Business information — Name, type, and Google review URL to personalize your QR codes and dashboard.
  • Customer feedback — Ratings and feedback submitted via your QR code. Customers may optionally provide their email for replies.
  • Usage data — Aggregated analytics (scans, replies). Never personal customer data.
  • Payment data — Handled entirely by Lemon Squeezy (our Merchant of Record). We never see or store card numbers.

How We Use Your Data

We use your data only to provide and improve the Starvo service.

  • Generate and serve QR codes for your business locations.
  • Send you email notifications about new customer feedback.
  • Display analytics and feedback in your dashboard.
  • Generate AI-powered reply suggestions using Groq/Llama.
  • Process subscription payments through Lemon Squeezy.
  • Send customer reply emails when you choose to respond.

Data Storage & Security

  • Database — All data stored in Supabase (PostgreSQL), encrypted at rest and in transit.
  • Access control — Row-Level Security ensures you can only access your own business data.
  • Secrets — API keys and credentials are stored as environment variables, never in code.
  • Hosting — Deployed on Vercel with HTTPS enforced on all routes.

GDPR & Your Rights

If you are located in the European Economic Area, you have the following rights:

  • Access — Request a copy of your personal data.
  • Rectification — Correct any inaccurate data.
  • Erasure — Request deletion of your account and all associated data.
  • Portability — Receive your data in a machine-readable format.
  • Objection — Object to processing of your data.

To exercise any of these rights, email privacy@starvo.app. We will respond within 30 days.

We Never Sell Your Data

Your data is yours. We do not sell, rent, or share it with third parties for marketing or advertising purposes. Ever. Our business model is simple: you pay for the service, we protect your privacy.

Third-Party Services

  • Supabase — Database and authentication.
  • Lemon Squeezy — Payment processing (Merchant of Record). Subject to Lemon Squeezy's privacy policy.
  • Resend — Transactional email delivery.
  • Groq — AI reply generation. Feedback is sent to Groq for processing.
  • Vercel — Application hosting and edge network.

Data Deletion

You can request full deletion of your account and all associated data at any time by emailing privacy@starvo.app. We will delete all your data within 48 hours and send you confirmation.

Contact

Questions about this policy? Email privacy@starvo.app.