Legal · aravo

Privacy Policy

Last updated: March 2026

1. Who we are

aravo is a SaaS platform for time tracking and billing built for freelancers and independent professionals. The service is developed and operated by Kavaju Resa. If you have questions about this policy, you can contact us at hola@aravo.app.

2. Information we collect

To provide the service, we collect the following information:

  • Account data: email address, used to authenticate you through magic links or Google OAuth.
  • Service usage data: time entries, clients, projects, invoices, and quotes that you enter into the platform yourself.
  • Billing data: the state of your subscription plan (managed by Polar). We do not store credit card details.
  • Session data: session tokens stored locally in your browser, required to keep your authenticated access active.

Data retention and deletion

We retain the information you enter (time entries, clients, invoices, and similar records) only while your account remains active so we can provide the service.

If you decide to leave the service at any point, you can delete your account on your own from the settings area in your panel. Once you confirm that action, your profile and linked data are irreversibly removed from our production databases. Our backup systems also purge that remaining footprint on a scheduled basis within a maximum of 30 days.

3. Analytics and usage metrics

With your explicit consent, we use PostHog (posthog.com) to collect anonymous behavioral metrics inside the product. The goal is to understand which features are used the most and improve the overall experience.

When you accept the cookies notice, PostHog may register:

  • Pages visited inside the panel
  • Actions performed (creating time entries, invoices, projects, and so on)
  • Your active plan (free or professional)

Important: PostHog never automatically captures form contents, client names, invoice amounts, or any sensitive data you enter. Only interaction events are recorded (for example, "invoice created"), not their contents.

Analytics data is stored exclusively on servers in the European Union (PostHog's EU infrastructure), which complies with the requirements of the General Data Protection Regulation (GDPR). Analytics data is retained for a maximum of 12 months.

We do not sell, rent, or share your analytics data with third parties for advertising or commercial purposes.

How to control your consent

The analytics notice appears on your first visit. If you decline it, PostHog will not record any activity. If you accept and later change your mind, you can revoke your consent by writing to hola@aravo.app or by deleting the aravo-analytics-consent entry from your localStorage.

4. Service providers

To operate aravo we use the following third parties as data processors:

  • Supabase — database and access authentication. Instances are hosted on AWS global infrastructure. We ensure data traffic is encrypted at rest and in transit (SSL/TLS) and operated under strict protection and privacy standards.
  • Cloudflare — web hosting, CDN, and serverless functions.
  • Polar — subscription and payment management.
  • PostHog — product analytics (only with consent).

Each provider operates under its own terms and privacy policy.

5. User rights

Users in the European Union (GDPR)

If you reside in the European Economic Area, you have the following rights under Regulation (EU) 2016/679 (GDPR):

  • Right of access (Art. 15): request which personal data we hold about you.
  • Right to rectification (Art. 16): correct inaccurate data.
  • Right to erasure (Art. 17): request deletion of your data.
  • Right to portability (Art. 20): receive your data in a structured format.
  • Right to object (Art. 21): object to data processing for analytics.

To resolve questions or exercise your internationally recognized rights, contact us at hola@aravo.app. We commit to replying in under 30 business days. Remember that aravo also provides tools inside the platform for immediate invoice exports, direct account management, and autonomous deletion of your data.

Users in California, United States (CCPA)

If you are a California resident, the California Consumer Privacy Act (CCPA) grants you additional rights:

  • The right to know what personal information we collect.
  • The right to request deletion of your personal information.
  • The right not to be discriminated against for exercising your privacy rights.

aravo does not sell personal information. We do not transfer your data to third parties for commercial or advertising purposes.

Users in Latin America

If you live in Latin American countries with data protection legislation (such as Law 25.326 in Argentina, LGPD in Brazil, or the Federal Data Protection Law in Mexico), you have similar rights of access, rectification, cancellation, and objection. Contact us to exercise them.

6. Data security

We take reasonable technical and organizational measures to protect your information: encrypted communications through HTTPS/TLS, restricted database access through service keys, and session tokens with controlled expiration.

However, no system is completely secure. We recommend that you do not share your access link with third parties.

7. Privacy infantil

aravo is a professional platform built for adults (freelancers, contractors, and operational agencies). Our software service is not directed to minors under any circumstance, and we do not intentionally collect or store personal data relating to anyone under 18 years of age. If you are a parent or legal guardian and confirm that a minor has provided information, please contact us by email so we can stop and remove it promptly.

8. Changes to this policy

We may update this privacy policy from time to time to reflect architectural additions to the platform or changes in legislation. For material changes, we will notify you with a prominent notice on the main site or a message to your associated email. The "last updated" marker shown above indicates the current effective version of these published rules.

9. Contact

For any question or clarification about the processing of your data, this policy itself, or the direct exercise of your concerns, we are ready to assist you through:

hola@aravo.app