Vayora
vayora.com.au

Privacy Policy

Last updated: 31 March 2026

← Back

Vayora is built on a simple principle: your data is yours. We collect only what's needed to provide the service, we ask before storing anything personal, and you can delete everything at any time. This policy explains exactly what we collect, why, and how.

Contents
1. Who we are2. What we collect3. Why we collect it4. Health data5. How we store it6. Third-party services7. Your rights8. Data retention9. Cookies10. Children11. Changes to this policy12. Contact us

1. Who we are

Vayora is an AI companion app operated at vayora.com.au. We are based in Australia and subject to the Australian Privacy Act 1988 and the Australian Privacy Principles (APPs).

References to "Vayora", "we", "us" or "our" in this policy refer to the Vayora service and its operators. References to "you" or "your" refer to users of the Vayora app.

For privacy enquiries, contact us at: privacy@vayora.com.au

2. What we collect

We collect only the information needed to provide and improve the Vayora service. Here is what we collect and when:

Account information
  • ·Email address — required to create an account and send important notifications
  • ·Name — optional, used to personalise your experience
  • ·Timezone — auto-detected, used for reminders and accurate time display
  • ·Password — stored as a secure hash by Supabase, never readable by us
Conversation data
  • ·Chat messages you send and receive — stored to maintain your conversation history
  • ·Session titles and timestamps — used to organise your chat history
  • ·File uploads (PDF, images) — processed to provide AI summaries, not permanently stored beyond your session
Memory (with your consent only)
  • ·General preferences and goals — only if you enable general memory
  • ·Health information — only if you separately enable health memory
  • ·Follow-up items — only if you enable follow-up check-ins
  • ·Nothing is stored in memory without your explicit opt-in
Optional features
  • ·Reminders — stored only if you use the reminders feature
  • ·Mood and recovery entries — stored only if you use the recovery timeline
  • ·Feedback messages — if you submit feedback via the app
Technical data
  • ·Basic usage logs — for debugging and service reliability
  • ·We do not use advertising trackers, third-party analytics, or behavioural profiling

3. Why we collect it

We collect your information for these specific purposes only:

  • ·To provide the Vayora service — account creation, authentication, chat functionality
  • ·To personalise your experience — using memory you have explicitly enabled
  • ·To send transactional emails — account verification, password reset, welcome message
  • ·To display accurate times and reminders in your timezone
  • ·To improve the service — aggregated, anonymised usage patterns only
  • ·To comply with legal obligations under Australian law

We do not use your data to train AI models, sell to third parties, or serve advertising. Vayora is funded by subscriptions, not by monetising your data.

4. Health data (sensitive information)

Under the Australian Privacy Act, health information is classified as sensitive data and requires a higher standard of protection and explicit consent.

Health information in Vayora includes anything you share about medical conditions, medications, symptoms, mental health, or physical wellbeing.

We only store health information if you explicitly enable "Health information" in Privacy settings. This toggle is off by default and requires you to first enable general memory.

Health data is:

  • ·Stored in our secure Supabase database with row-level security
  • ·Never shared with third parties for any purpose
  • ·Never used to train AI models
  • ·Never used for advertising or profiling
  • ·Deletable at any time from your /memory page or Privacy settings

Vayora does not provide medical advice, diagnosis or treatment. Any health-related responses are for general informational purposes only. Always consult a qualified healthcare professional for medical decisions.

5. How we store your data

Your data is stored securely using industry-standard practices:

  • ·All data is transmitted over HTTPS — encrypted in transit
  • ·Database access is protected by Row Level Security (RLS) — only you can access your own data
  • ·Passwords are never stored in plain text — hashed by Supabase's secure auth system
  • ·API keys and secrets are stored as environment variables, never in code
  • ·Regular automated backups are maintained

Our primary database is hosted by Supabase on infrastructure located in the United States (AWS). By using Vayora, you consent to your data being processed and stored in the US under Supabase's data processing agreement.

6. Third-party services

Vayora uses the following third-party services to operate. Each receives only the minimum data needed for their function:

Supabase
Database, authentication and file storage
Data location: United States (AWS)
Privacy policy →
OpenAI
AI responses — your messages are sent to OpenAI's API for processing. OpenAI does not use API data to train models.
Data location: United States
Privacy policy →
Vercel
Web hosting and deployment
Data location: United States / Global CDN
Privacy policy →
Resend
Transactional email delivery (verification, welcome, password reset)
Data location: United States
Privacy policy →
Tavily
Live web search — search queries only, no personal data sent
Data location: United States
Privacy policy →
Stripe
Payment processing for subscriptions — card details are handled directly by Stripe and never seen by us
Data location: United States
Privacy policy →
Google Places API
Local search results — your search query and approximate location are sent when you use local search features
Data location: United States
Privacy policy →
OpenWeatherMap
Weather data — your location or city name is sent when you request weather information
Data location: United States / Global
Privacy policy →
CoinGecko
Cryptocurrency price data — no personal data sent, only asset identifiers
Data location: Malaysia / Global
Privacy policy →
Yahoo Finance (via yfinance)
Stock and financial market data — no personal data sent
Data location: United States
Privacy policy →
AviationStack
Flight status data — flight numbers only, no personal data sent
Data location: United States
Privacy policy →
CricAPI
Cricket scores and match data — no personal data sent
Data location: India
Privacy policy →

We do not share your data with any other third parties. We do not use Google Analytics, Facebook Pixel, or any advertising networks.

7. Your rights

Under the Australian Privacy Act and applicable law, you have the following rights:

  • ·Access — view all data stored about you at any time via /memory and Privacy settings
  • ·Correction — update your name, timezone and preferences via Account settings
  • ·Deletion — delete individual memory items, clear all memory, or delete your entire account and all associated data
  • ·Export — download all your data as a JSON file from Privacy settings
  • ·Withdrawal of consent — turn off any memory feature at any time from Privacy settings
  • ·Complaint — if you believe we have mishandled your data, contact us at privacy@vayora.com.au

If you are an EU resident, you also have rights under the GDPR including the right to data portability and the right to lodge a complaint with your local supervisory authority.

To exercise any of these rights, you can use the built-in controls in the app or email us at privacy@vayora.com.au. We will respond within 30 days.

8. Data retention

We keep your data for as long as your account is active. Specifically:

  • ·Account data — kept until you delete your account
  • ·Chat history — kept until you delete individual sessions or your account
  • ·Memory items — kept until you delete them individually or clear all memory
  • ·Reminders and recovery timeline — kept until you delete them or your account
  • ·Email logs — kept by Resend for up to 30 days for delivery tracking

When you delete your account, all of the above is permanently deleted from our database immediately. Backups are purged within 30 days.

Some anonymised, aggregated usage data (e.g. total number of active users) may be retained indefinitely as it cannot be linked back to any individual.

9. Cookies and tracking

Vayora uses minimal cookies:

  • ·Session cookies — used by Supabase to keep you logged in. These are essential for the app to function.
  • ·No advertising cookies
  • ·No third-party tracking cookies
  • ·No analytics cookies

You can clear cookies at any time through your browser settings, which will sign you out of Vayora.

10. Children

Vayora is not intended for children under the age of 16. We do not knowingly collect personal information from children under 16. If you believe a child under 16 has created an account, please contact us at privacy@vayora.com.au and we will delete the account promptly.

11. Changes to this policy

We may update this Privacy Policy from time to time. When we make significant changes, we will:

  • ·Update the 'Last updated' date at the top of this page
  • ·Send an email notification to all registered users
  • ·Display an in-app notice on your next login

Your continued use of Vayora after changes are notified constitutes acceptance of the updated policy. If you do not agree with changes, you can delete your account at any time.

12. Contact us

For any privacy-related questions, requests or complaints:

Response time: Within 30 days

If you are not satisfied with our response, you can contact the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.

© 2026 Vayora · vayora.com.au · Last updated 31 March 2026
Privacy settings →Back to Vayora →