Privacy policy
Last updated: April 21th, 2025
Thank you for trusting Thryve (the “App”). Protecting your privacy is a priority for Maverick Bits S.R.L., CUI 46518982 (“we”, “us”, “our”).
1. Scope
This Policy explains what personal data we collect, how we process it, the third-party services involved, and your rights. It applies to the App, our website https://getthryve.app, and related services (collectively, the “Service”).
2. Data we collect
We collect only the personal data that is strictly necessary to run and improve the Service. All information is stored on our secure EU-based cloud servers located in Frankfurt, Germany and is encrypted at rest.
| Category | Mandatory? | Purpose |
|---|---|---|
|
E-mail address (including Apple “private relay” addresses) |
Yes (registered users) | Sign-in, account recovery, service messages |
| Display name | Optional | Personalising quotes, greetings and reminders |
| Saved content & custom categories | Automatic | Provide favourites and feed functionality |
| Reminder schedules & device push token | Automatic | Send notifications at the time slots you choose |
| Subscription transaction data | Automatic (after purchase) | Validate entitlements and manage billing |
| Crash & diagnostic logs | Automatic on error | Maintain stability and security of the Service |
3. Third-Party Processors
We work with a handful of specialised service providers. Each acts as our data processor under GDPR Article 28 and may process your personal data only on our documented instructions.
| Category / Provider | Data they process | Purpose | Location & Safeguards |
|---|---|---|---|
|
EU-based cloud infrastructure provider (Amazon Web Services) |
Account data, saved content, server logs | Hosting, database and backend logic |
Frankfurt (EU) data centre; ISO 27001 certification; GDPR DPA |
|
Push-notification platform (Google Firebase Cloud Messaging) |
Device push token, coarse IP | Deliver your reminders and alerts | Standard Contractual Clauses for any US transfer |
|
Subscription & payment platform (RevenueCat) |
Purchase receipts, device IDs | Manage subscriptions and validate receipts |
EU storage; SCCs with US sub-processors |
|
Error-monitoring platform (Sentry) |
Crash traces, anonymised IDs, truncated IP | Diagnose and fix app errors |
EU data centre; PII scrubbing; SCCs |
4. Legal Basis for Processing
We process your personal data only when we have a valid legal ground under GDPR Article 6:
| Purpose | Legal Basis |
|---|---|
| Account registration & login | Performance of a contract with you |
| Core features (feed, saves, reminders) | Performance of a contract with you |
| Service e-mails (verification, deletion confirmation) | Our legitimate interests |
| Push notifications & marketing messages | Your consent (you may withdraw at any time) |
| Subscription billing & receipt validation | Performance of a contract with you |
| Analytics, crash reporting, fraud prevention | Our legitimate interests |
| Legal & tax compliance | Compliance with legal obligations |
5. Retention Period
We retain your account data for as long as your account remains active or until you request deletion. Back-ups are stored on a rolling 30-day cycle and then overwritten. Transaction records required for Romanian tax and accounting laws are retained for ten (10) years.
6. International Transfers
Our main database is hosted in Frankfurt, Germany (EU). When data is transferred outside the European Economic Area (e.g., to U.S. sub-processors), we rely on Standard Contractual Clauses and Data Privacy Framework certifications. All transfers are protected by TLS 1.2+ in transit and AES-256 at rest.
7. Security Measures
We implement industry-standard safeguards, including:
• Bcrypt-hashed credentials and least-privilege IAM roles
• Continuous monitoring via AWS CloudWatch & Sentry
• Annual penetration tests and vulnerability scans
While no system is impervious, we follow ISO 27001 and SOC 2 best practices.
8. Children's Privacy
The Service is not directed at children under 13 years of age (or the higher age of digital consent in your jurisdiction). We do not knowingly collect personal data from children. If you believe a child has provided us with data, please contact us so we can delete it promptly.
9. Your Rights
Under GDPR and Romanian law, you have the right to access, rectify, erase, restrict or object to processing, data portability, and withdraw consent at any time. You may also lodge a complaint with the Romanian data protection authority. To exercise any right, contact us via our deletion page or email.
10. Account & Data Deletion
You can delete your account and personal data by following the steps described at https://getthryve.app/request-deletion.
We will verify your identity and complete deletion within 30 days (45 days under
CCPA), except where retention is required by law.
11. Contact
If you have any questions or wish to exercise your rights, please reach out:
Email: contact@getthryve.app
Postal: Maverick Bits S.R.L., street Slatinei 21 ap.16, Oradea, Bihor County, Romania
12. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be announced in-app and on our website at least 30 days before they take effect. Continued use of the Service after the effective date constitutes acceptance.