Sivolo is operated by Sivolo Limited, a company incorporated in England and Wales (Company Number 17240351), with its registered office at 51 St Marys Road, Tonbridge, TN9 2LE.
Sivolo Limited is the data controller for the personal data described in this policy. We are registered with the UK Information Commissioner's Office (ICO) as a data controller.
You can contact us about data protection matters at: privacy@sivolo.app
To analyse a message log, you paste or upload the text of a conversation. This content typically includes:
When you run an analysis, this content is sent from your device to our secure backend server over an encrypted HTTPS connection, and forwarded to the Anthropic API where the analysis is performed. Our server holds the content in memory only for the duration of that request — it is never written to disk, never logged, and never stored in any database. Once the analysis result is returned to your device, the content is gone from our servers.
Analysis results and your message history are stored on your device only, encrypted using AES-256-GCM. We have no access to data stored on your device.
If you create an account or make a purchase, we process:
Our backend logs standard server request metadata (IP address, timestamp, HTTP status code, response time) for security monitoring and reliability. These logs are retained for 7 days and are not linked to your identity or to the content of your analyses.
We do not use advertising trackers, analytics SDKs, or behavioural tracking of any kind.
Crash reports are opt-in only. If you enable crash reporting, reports are scrubbed of all message content and personally identifiable information before transmission.
Message logs you submit for analysis may contain sensitive personal information relating to domestic abuse, coercive control, sexual conduct, health, or other special category data as defined by UK GDPR Article 9. We process this data solely for the purpose of providing the analysis you have requested, on the basis of your explicit consent (Article 9(2)(a) UK GDPR).
You give this consent by actively choosing to submit a message log for analysis. You can withdraw your consent at any time by deleting your data from the app. Withdrawal of consent does not affect the lawfulness of processing carried out before withdrawal.
We handle this data with particular care. Message content is never stored on our servers, never used to train machine learning models, and never shared with third parties except as described in Section 5.
| Processing activity | Legal basis |
|---|---|
| Analysing message content you submit | Performance of contract (Article 6(1)(b)); explicit consent for special category data (Article 9(2)(a)) |
| Managing your account and entitlements | Performance of contract (Article 6(1)(b)) |
| Server security logs (IP, timestamps) | Legitimate interests — maintaining the security and reliability of our service (Article 6(1)(f)) |
| Responding to your support enquiries | Legitimate interests (Article 6(1)(f)) |
| Complying with legal obligations | Legal obligation (Article 6(1)(c)) |
Message content is transmitted to Anthropic, PBC (a US company) via their API in order to perform the analysis. Anthropic processes this data as a data processor acting on our instructions. Anthropic does not use data submitted through the API to train its models. International transfers to the US are made under appropriate safeguards (Anthropic's standard contractual clauses and Data Processing Agreement).
Anthropic's privacy policy: anthropic.com/privacy
Our backend server is hosted by Railway in the EU West (Amsterdam, Netherlands) region. Railway processes request metadata as a data processor. Message content passes through Railway's infrastructure in transit but is not stored there.
In-app purchases and Sign in with Apple / Sign in with Google are handled by Apple Inc. and Google LLC respectively under their own privacy policies. We receive only the transaction reference and anonymous account identifier from these providers.
We do not sell, rent, or share your personal data with any third party for marketing or advertising purposes.
| Data type | Retention period |
|---|---|
| Message content submitted for analysis | Not retained — processed in real time and not stored on our servers |
| Analysis results and history | On your device only — until you delete them or uninstall the app |
| Account and entitlement records | Duration of your account, plus 3 years after account closure (for financial record-keeping) |
| Server security logs | 7 days, then automatically deleted |
| Support correspondence | 3 years from last contact |
Under UK GDPR you have the following rights in relation to your personal data:
To exercise any of these rights, contact us at privacy@sivolo.app. We will respond within one calendar month. We will not charge a fee except in cases of manifestly unfounded or excessive requests.
You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk or by calling 0303 123 1113.
We take appropriate technical and organisational measures to protect your data, including:
No method of transmission or storage is 100% secure. If you believe your data has been compromised, please contact us immediately at privacy@sivolo.app.
Sivolo is not directed at or intended for use by children under the age of 17. We do not knowingly collect personal data from anyone under 17. If you believe a child under 17 has provided us with personal data, please contact us and we will delete it.
We may update this policy from time to time. When we make material changes, we will update the "Last updated" date at the top of this page and, where appropriate, notify you through the app. Continued use of Sivolo after changes are posted constitutes acceptance of the updated policy.
Sivolo Limited
51 St Marys Road, Tonbridge, TN9 2LE
England
Email: privacy@sivolo.app