Privacy Policy

1. Who is responsible for your data

The controller responsible for the processing of personal data described in this Privacy Policy is:

2. Scope

This Privacy Policy applies to:

• the Torve website, including torve.app and related pages,
• the Torve Android mobile app,
• the Torve Android TV app,
• customer support, account administration, and related communications, and
• any connected services that Torve operates or controls and that link to this Privacy Policy.

3. Personal data we collect

Depending on the features you use, we may collect the following categories of personal data.

4. How we collect personal data

• directly from you, for example when you create an account, sign in, contact support, or change settings,
• directly from you when you configure optional integrations, addons, or connected services, which may involve providing credentials such as API keys, tokens, usernames, or service login details,
• automatically from your device or app usage, for example diagnostics, app events, or security logs,
• from app stores or payment providers to confirm purchases and entitlements, and
• from service providers or third-party integrations that support our product, only where necessary for the feature you use.

5. Why we process personal data and the legal bases we rely on

6. When we share personal data

We do not sell personal data. We may share personal data only as described below.

• Infrastructure and hosting providers. We use hosting and server infrastructure providers to operate Torve, including Hetzner.
• Transactional communications providers. We use email delivery providers, including Resend, to send account verification, password reset, and other service-related emails.
• App marketplaces and payment processors. We use Google Play for app distribution and in-app purchases on Android and Android TV, and Paddle as merchant of record for purchases made on torve.app. Each handles billing, payment data, and platform compliance under their own privacy terms.
• User-configured connected services. If you choose to connect optional integrations or third-party services within Torve, the data needed to authenticate and operate those integrations may be sent to the relevant service. This only occurs when you actively configure and enable a connection. Torve does not share your data with third-party services you have not chosen to connect.
• Legal and regulatory recipients. We may disclose data where required by law, legal process, or to protect rights, safety, security, or the integrity of our services.
• Corporate transaction recipients. We may disclose data in connection with a merger, financing, acquisition, restructuring, or sale of assets, subject to appropriate safeguards.

7. Third-party services and processors

We use selected third-party service providers and infrastructure partners to operate, secure, and improve Torve. These providers process personal data only as needed to provide their services to us and subject to appropriate contractual, technical, and organizational safeguards where required by law.

8. Data retention

We keep personal data only for as long as reasonably necessary for the purposes described in this Privacy Policy, including to provide the service, maintain security, comply with legal obligations, resolve disputes, and enforce our agreements.

• Account data: retained while your account is active and for a limited period afterward where needed for security, fraud prevention, backup cycles, dispute handling, or legal compliance.
• Account-linked integration data: integration metadata and encrypted credentials stored under your account are retained while your account is active and until you remove the integration or delete your account. Encrypted credentials are deleted along with the account-linked integration record.
• Device-only integration credentials: credentials stored in device-only mode are held only on your device. They are cleared when you sign out and are not retained by Torve servers.
• Transactional email records: retained for as long as needed to deliver, verify, and document account-related communications and to investigate misuse or delivery issues.
• Operational logs and diagnostics: retained for a limited period appropriate to troubleshooting, security monitoring, and service integrity.
• Billing and tax records: retained for the period required by applicable law and platform obligations.
• Support communications: retained for as long as needed to resolve the request, maintain support history, and satisfy legal obligations.

When retention is no longer necessary, we delete, anonymize, or securely isolate the data unless continued storage is legally required.

9. International data transfers

Your personal data may be processed in countries other than the country in which you live. Where required by law, we use appropriate safeguards for international transfers, such as adequacy decisions, standard contractual clauses, or other lawful transfer mechanisms.

10. Your privacy rights

Depending on your location and applicable law, you may have the right to:

• request access to your personal data,
• request correction of inaccurate or incomplete data,
• request deletion of your personal data,
• request restriction of processing,
• object to certain processing,
• request data portability,
• withdraw consent where processing is based on consent, and
• lodge a complaint with a supervisory authority.

To exercise your rights, contact privacy@torve.app. We may need to verify your identity before completing your request.

If you are in the EEA, UK, or another jurisdiction with similar rights, you may also complain to the relevant data protection authority in your country.

11. Account deletion and data deletion

If you create a Torve account, you can request deletion of your account and associated personal data:

• in the app, through Settings > Account > Delete Account, and
• through our web deletion page at torve.app/account-deletion.

When you request account deletion, we will delete or anonymize your personal data, including account-linked integration records and any encrypted credentials stored under your account, unless we must retain certain information for legal, security, fraud prevention, financial reporting, or other lawful reasons.

If some data cannot be deleted immediately, for example because it remains in secure backups for a limited period, we will isolate it and delete it according to our retention and backup schedules.

12. Security

We use reasonable technical and organizational measures designed to protect personal data against unauthorized access, loss, misuse, alteration, and disclosure. These measures may include encryption in transit, access controls, logging, least-privilege practices, and secure development and operational procedures.

Account-linked integration credentials are encrypted at rest before storage. Passwords, API keys, and similar secrets are not displayed back to you in full in normal user-facing flows after saving.

No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

13. Children

Torve is not directed to children under 13, or the minimum age required by applicable local law. We do not knowingly collect personal data from children in violation of applicable law. If you believe a child has provided personal data to us, contact us at privacy@torve.app so we can investigate and take appropriate action.