Privacy Policy

Last updated: December 2025
This Privacy Policy explains how ViviApp (“we”, “us”, or “our”) collects, uses, and protects your information when you use our website and mobile application.

1. Who we are

ViviApp is a platform that connects clients with wellness and service providers (such as yoga teachers, massage therapists, and other professionals). Our legal base of operations is in Costa Rica.

Website: https://viviapp.co
Contact email: support@viviapp.co

2. Scope of this Privacy Policy

This policy applies when you:

• Use our mobile or web application as a client or provider.
• Create an account or log in.
• View providers, services, availability, or make bookings.
• Receive emails or notifications from ViviApp.

3. Information we collect

3.1 Information you provide directly

• Account data: name, email address, password (stored securely via Firebase Authentication), preferred language.
• Profile data (clients): optional preferences, favorites, or other information you choose to share.
• Profile data (providers):
  • Business name, first name, last name, bio, profile photo.
  • Services offered (title, description, duration, price, currency, categories).
  • Availability, schedule blocks (unavailable time, holidays, fully booked periods).
  • Location or service area, if you choose to provide it in the future.
  • Time zone.
• Communication data: messages and emails you send to us, support requests, feedback.

3.2 Information collected automatically

• Log and usage data: IP address, device information, app version, timestamps of logins and key actions.
• Technical data: browser type, operating system, basic performance and error logs.

This technical data is primarily collected via our infrastructure providers (such as Firebase). If we enable analytics tools (e.g. Google Analytics or similar) in the future, we will update this policy accordingly.

3.3 Cookies and similar technologies

If you use our web app, we may use cookies or local storage to:

• Maintain your session and keep you logged in.
• Remember your language preferences.
• Improve the usability and performance of the site.

You can usually disable cookies in your browser settings, but some features of ViviApp may not work correctly if you do so.

4. How we use your information

We use your data to:

• Provide the core service: create and manage your account, authenticate you, show you providers/clients, services, and availability.
• Booking flows: when implemented, manage booking requests, confirmations, cancellations, reschedules, and related notifications.
• Provider operations: allow providers to manage their profile, services, availability, schedule blocks, and communications.
• Communications: send transactional emails and notifications (e.g. account creation, provider onboarding status, booking confirmations, reminders).
• Security: detect and prevent fraud, abuse, or suspicious activity.
• Improvement and analytics: understand how the app is used, identify usability issues, and improve the product.
• Legal obligations: comply with applicable laws and regulations.

5. Legal bases for processing (GDPR-style)

If you are in the European Union or a similar jurisdiction, we rely on the following legal bases:

• Contract: to provide the app and related services you sign up for.
• Legitimate interests: to improve the service, prevent fraud, and protect our rights.
• Consent: for optional features such as certain cookies, newsletters, or marketing communications (when applicable).
• Legal obligation: where we must retain or share information to comply with the law.

6. How we share your information

We do not sell your personal data. We may share it with:

• Service providers and subprocessors that help us operate ViviApp, for example:
  • Firebase (Google Cloud) – authentication, database (Firestore), storage, basic logs.
  • Brevo – outgoing transactional emails (e.g. onboarding, booking-related notifications).
  • Other infrastructure or analytics providers we may add in the future (we will update this policy as needed).
• Other users of the platform when necessary to provide the service:
  • Clients see relevant information about providers (name, services, categories, availability, basic profile).
  • Providers see relevant information about clients when a booking exists (name and contact details needed for the service).
• Authorities or third parties when required by law, or when necessary to protect our rights or prevent harm.

7. International data transfers

Our infrastructure may be hosted in data centers located outside of Costa Rica (for example, Firebase/Google Cloud regions). Where required by law, we take appropriate steps to ensure that cross-border data transfers include adequate safeguards.

8. Data retention

We keep your data only for as long as necessary for the purposes described in this policy, in particular:

• Account-related data: kept while your account is active. If you request deletion, we will delete or anonymize your data, except what we must keep for legal or security reasons.
• Booking and transactional data: kept for the period needed for accounting, dispute resolution, and legal compliance.
• Technical logs and analytics data: kept for a limited period, typically months, unless required longer for security or legal reasons.

9. Security

We use reasonable technical and organizational measures to protect your data, including:

• Using trusted infrastructure providers such as Firebase (Google Cloud).
• Authentication and access controls for internal tools.
• Storing passwords only in hashed form via Firebase Authentication.

However, no system can be 100% secure. You are responsible for keeping your password and account details confidential.

10. Your rights

Depending on your location, you may have rights such as:

• Accessing a copy of your personal data.
• Correcting inaccurate or incomplete data.
• Requesting deletion of your data (“right to be forgotten”).
• Objecting to or restricting certain types of processing.
• Data portability (receiving your data in a structured, commonly used format).
• Withdrawing consent when processing is based on consent.

To exercise these rights, contact us at support@viviapp.co. We may need to verify your identity before responding.

11. Children’s privacy

ViviApp is not intended for children under 16. We do not knowingly collect data from children under 16. If you believe a child under 16 has provided us with personal data, please contact us so we can delete it.

12. Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in our services or legal requirements. When we do, we will change the “Last updated” date at the top and, where appropriate, notify you via the app or email.

13. Contact us

If you have questions or requests about this Privacy Policy or your personal data, you can contact us at:
support@viviapp.co