Legal

Privacy Policy

Last updated: 22 April 2026

Belvi ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the Belvi mobile application and website (collectively, the "Services").

Please read this policy carefully. If you do not agree with its terms, please discontinue use of our Services.

1. Information We Collect

Information you provide directly

• Account information: email address, display name, username, and optional profile photo when you register.
• Photos and uploads: images, captions, gear notes, and location data you choose to submit.
• Communications: messages you send us via email or support channels.

Information collected automatically

• Device information: device type, operating system, unique device identifiers, and mobile network information.
• Usage data: pages or screens viewed, features used, interactions, and session duration.
• Location data: approximate location (derived from IP address) and, with your explicit permission, precise GPS location to show nearby photography spots.
• Log data: IP address, browser type, referring URL, and timestamps.

Information from third parties

• If you sign in via a third-party service (e.g. Google, Apple), we receive your name and email address from that provider in accordance with their privacy policy.

2. How We Use Your Information

We use the information we collect to:

• Create and manage your account
• Provide, operate, and improve the Services
• Personalise your experience (e.g. nearby locations, recommended spots)
• Send transactional emails (email verification, password reset)
• Send service announcements and, where you have opted in, marketing communications
• Monitor and analyse usage patterns to improve performance and safety
• Detect, prevent, and address fraud, abuse, and security issues
• Comply with legal obligations

3. Sharing Your Information

We do not sell your personal data. We may share it in the following circumstances:

Service providers (data processors)

We engage the following third-party companies to perform functions on our behalf. Each processes your data only to the extent necessary for their stated purpose and is bound by a data processing agreement or equivalent contractual safeguards.

• Supabase, Inc. (USA) — database, authentication, and file storage. Data is hosted on AWS infrastructure in the EU (eu-west-1). Privacy policy
• Amazon Web Services, Inc. (USA) — underlying cloud infrastructure used by Supabase. Privacy policy
• Expo (Expo, Inc.) (USA) — mobile app build and push notification delivery service. Push tokens may be transmitted to Expo's servers and onward to Apple APNs or Google FCM to deliver notifications. Privacy policy
• Apple Inc. (USA) — iOS app distribution (App Store) and push notification delivery (APNs). Privacy policy
• Google LLC (USA) — Android app distribution (Google Play) and push notification delivery (Firebase Cloud Messaging / FCM). Privacy policy
• Beehiiv, Inc. (USA) — email newsletter and early-access subscriber list. Email addresses submitted via our website signup form are stored and processed by Beehiiv. Privacy policy
• Google Fonts (Google LLC) (USA) — web font delivery on our marketing website. Your IP address may be transmitted to Google's servers when the site loads. Privacy policy
• FormSubmit (FormSubmit.co) — contact form processing. When you submit the support form on our website, your name, email address, and message are transmitted to FormSubmit's servers and forwarded to our support inbox. Privacy policy
• Cloudflare, Inc. (USA) — website hosting, CDN, and privacy-first analytics. Cloudflare processes IP addresses and request metadata for routing and security purposes. Cloudflare Analytics does not use cookies or fingerprinting. Privacy policy
• Buffer, Inc. (USA) — social media scheduling. Our systems may pass photography location images to Buffer for scheduled publication to our social media accounts (Instagram, TikTok). Only images and associated captions are transmitted — no user personal data is included in these transfers. Privacy policy
• Meta Platforms, Inc. (Instagram) (USA) — we may repost or share user-submitted content to our Instagram account for marketing purposes, subject to the licence you grant us in our Terms of Service. Content shared to Instagram is subject to Meta's terms and privacy policy. Privacy policy
• TikTok (TikTok Inc. / ByteDance Ltd.) (USA/global) — we may share user-submitted content to our TikTok account for marketing purposes, subject to the same licence terms. Privacy policy
• Microsoft Corporation (Outlook / Microsoft 365) (USA) — email infrastructure used to send and receive support and operational correspondence. Email communications you send to our support or privacy addresses are processed through Microsoft's mail servers. Privacy policy

If we engage additional processors in the future, we will update this section and the "Last updated" date above.

Public content

Photos, captions, and profile information you mark as public are visible to all users of the Services. Location tags associated with your public photos are shown on maps within the app.

Legal requirements

We may disclose your information if required by law, court order, or governmental authority, or when we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others.

Business transfers

If Belvi is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice within the app before your data is transferred and becomes subject to a different privacy policy.

4. Photo Content and Licences

When you upload a photo to Belvi, you retain full copyright ownership. By uploading, you grant Belvi a non-exclusive, royalty-free, worldwide licence to display your photo within the Services and in marketing materials promoting Belvi (e.g. social media posts, App Store screenshots). You may revoke this licence by deleting the photo from your account.

Photos marked with a Creative Commons licence by the uploader are displayed with appropriate credit as required by the applicable CC licence terms.

5. Data Retention

We retain your personal data for as long as your account is active or as necessary to provide the Services. If you delete your account, we will delete or anonymise your personal data within 30 days, except where we are required to retain it for legal or regulatory purposes.

Moderation data

Where your account has been subject to content moderation activity — including content reports made by or against you, moderation decisions, and any warning or suspension records — we retain this data in our moderation logs and reports records for up to 12 months after account deletion. This retention is necessary to detect and prevent repeat violations, to defend against legal claims arising from moderation actions, and to comply with applicable platform-safety obligations. The legal basis for this extended retention is our legitimate interests under Article 6(1)(f) of the GDPR. After 12 months, moderation data is deleted or anonymised. You may contact us at [email protected] to request information about moderation data held about you or to object to this processing.

6. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

• Access: request a copy of the data we hold about you.
• Correction: request correction of inaccurate or incomplete data.
• Deletion: request deletion of your account and associated data.
• Portability: receive your data in a structured, machine-readable format.
• Objection / restriction: object to or restrict certain processing activities.
• Withdraw consent: where processing is based on consent, withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

7. Cookies and Tracking

Our website uses a small number of essential cookies to maintain session state. We do not use advertising or cross-site tracking cookies. Analytics, if any, are aggregated and anonymised.

The mobile app does not use browser cookies; it uses secure local storage and device-level identifiers only for authentication and session management.

8. Children's Privacy

The Services are not directed at children under the age of 13 (or 16 in the European Economic Area). We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, contact us immediately and we will delete it promptly.

9. International Transfers

Your data may be processed in countries outside your country of residence, including Ireland and the United States. Where required, we rely on Standard Contractual Clauses or equivalent mechanisms approved by the relevant data protection authority to lawfully transfer data internationally.

10. Security

We implement industry-standard security measures including encryption in transit (TLS), encryption at rest, row-level security on our database, and regular security reviews. No method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page with an updated date and, where appropriate, by emailing you. Your continued use of the Services after changes become effective constitutes acceptance of the updated policy.

12. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact:

Belvi
Email: [email protected]
Website: belviapp.com