avasafeBeta

LAST UPDATED: APRIL 2026

Privacy Policy

Avasafe AI ("we", "our", or "AVA") is built on a simple principle: your documents are yours. This policy explains exactly what we collect, how we use it, and what we never do.

What we collect

When you create an account, we collect your email address and the name you provide. When you upload a document, we use AI to extract structured data fields (such as your name, date of birth, and passport number) from the image. We store those extracted fields in your encrypted locker. The raw document image is deleted after extraction is complete.

When you fill out an application, we store the form data you enter in association with your account. When you pay, Stripe processes your payment. We receive a confirmation and the amount. We never receive or store your full card number.

We collect basic usage logs (page views, errors) to help us fix bugs and improve the product. These logs do not contain the content of your documents.

What we never do

  • We never sell your data to any third party.
  • We never share your documents or extracted data with any third party except as required to deliver the service (for example, sending your name to Stripe for a payment).
  • No human employee at Avasafe can view the contents of your documents. AI processes them. Humans do not.
  • We do not use your documents to train AI models.

How we protect your data

Your documents and extracted data are encrypted at rest using AES-256. All data is transmitted over HTTPS. Encryption keys are managed via Google Cloud KMS and are not directly accessible to Avasafe employees. Your files are stored in a private Supabase Storage bucket scoped to your user ID only. Row-level security policies on our database ensure you can only read and write your own data.

Data retention and deletion

You can delete any document or your entire account at any time from your account settings. When you delete a document, the extracted data and any stored file are permanently removed within 24 hours. When you delete your account, all data associated with your account is permanently deleted within 24 hours. We do not retain backups of deleted user data beyond 30 days.

Cookies and tracking

We use a session cookie to keep you logged in. We do not use advertising cookies, tracking pixels, or third-party analytics services that share your data. We use basic first-party analytics (page views, feature usage) to improve the product.

Third-party services

We use the following services to deliver Avasafe:

  • Supabase: database and file storage, hosted on AWS
  • Stripe: payment processing
  • Resend: transactional email delivery
  • Twilio: SMS and WhatsApp notifications
  • Anthropic: AI document extraction and validation (no training use)
  • Vercel: application hosting

Each service is bound by its own privacy policy and data processing agreements.

Your rights

You have the right to access, correct, export, or delete any data we hold about you. You can exercise these rights from your account settings, or by emailing us at . We will respond within 30 days.

Contact

For any privacy questions, contact us at .

← Back to Avasafe