approvella← Back to home

This document is provided for general use. For questions, contact jan@approvella.com.

Privacy Policy

Last updated: June 1, 2026

This Privacy Policy explains how personal data is collected, used, and protected when you use Approvella (the “Service”). We are committed to handling your data in accordance with the EU General Data Protection Regulation (“GDPR”) and applicable data-protection law.

1. Introduction & Data Controller

The controller responsible for your account data is Jan Haratek, a sole proprietor (OSVČ) based in the Czech Republic, European Union, operating the Service at https://approvella.com. You can reach us regarding privacy matters at jan@approvella.com.

Note: when you invite clients to your projects, you (not Approvella) are the controller of those clients’ personal data, and Approvella acts as your processor. See section 11 and our Data Processing Agreement.

2. What Data We Collect

Account data

  • your name and email address;
  • your password (stored only in hashed form);
  • your company or business name, where provided.

Content data

  • projects, files, comments, messages, and client information that you and your invited clients add to the Service.

Usage data

  • log data such as IP address, browser type, device information, and actions you take in the app (including audit logs used to record approvals and activity).

Cookies

  • essential session cookies used to keep you authenticated. See section 13 for details.

3. How We Use Data

  • to provide, operate, and maintain the Service;
  • to authenticate you and keep your account secure;
  • to send transactional emails (for example, confirmations, password resets, and notifications);
  • to improve and develop the Service;
  • to detect, prevent, and address security issues and abuse;
  • to comply with our legal obligations.

4. Legal Bases for Processing (GDPR Art. 6)

  • Performance of a contract — to provide the Service you have requested and fulfil our Terms of Service;
  • Legitimate interests — to secure, maintain, and improve the Service, provided those interests are not overridden by your rights;
  • Consent — where we ask for it, such as for optional features; you may withdraw consent at any time;
  • Legal obligation — where we are required to process data to comply with the law.

5. AI Feature Disclosure

Approvella offers an optional AI workflow generation feature. When you use it, the project description text you enter is sent to Anthropic (the Claude API) to generate a suggested checklist or workflow. That text is processed by Anthropic in accordance with its own terms. Please do not enter sensitive personal data into the AI brief field. If you do not use this feature, your text is not sent to Anthropic.

6. Data Sharing & Sub-processors

We do not sell your personal data. We share data only with service providers (“sub-processors”) that help us run the Service, under appropriate contractual safeguards:

  • Supabase — database, file storage, and authentication (hosted in the EU region);
  • Resend — delivery of transactional email;
  • Vercel — application hosting and content delivery;
  • Anthropic — the optional AI workflow generation feature only.

We may also disclose data where required by law or to protect our rights, and in connection with a business transfer (such as a merger or acquisition), subject to this Policy.

7. International Transfers

Your data is primarily hosted in the European Union. Some sub-processors (such as Resend, Vercel, and Anthropic) may process data outside the EU. Where that happens, we rely on appropriate safeguards, such as the European Commission’s Standard Contractual Clauses, to protect your data in line with the GDPR.

8. Data Retention

We retain personal data for as long as your account is active or as needed to provide the Service. When you delete your account, your account and content data are deleted, except where we must retain certain information (for example, brief retention of security logs or as required to comply with legal obligations or resolve disputes).

9. Data Security

We use technical and organizational measures to protect personal data, including AES-256 encryption at rest, TLS encryption in transit, and database access controls (row-level security). No method of transmission or storage is completely secure, so we cannot guarantee absolute security, but we work to protect your data and to respond appropriately to any incident.

10. Your Rights

Subject to applicable law, you have the right to:

  • access the personal data we hold about you;
  • request rectification of inaccurate or incomplete data;
  • request erasure of your data;
  • restrict or object to certain processing;
  • request data portability;
  • withdraw consent where processing is based on consent; and
  • lodge a complaint with a supervisory authority.

To exercise any of these rights, email us at jan@approvella.com. In the Czech Republic, the supervisory authority is the Office for Personal Data Protection (Úřad pro ochranu osobních údajů, ÚOÚ); you may also contact the authority in your country of residence.

11. Data of Your Clients (Third Parties)

When you invite clients and they provide information through a portal, you are the controller of that client data and Approvella acts as your processor, processing it on your behalf to provide the Service. You are responsible for informing your clients about how their data is used and for having a lawful basis to process it. Our obligations as your processor are set out in the Data Processing Agreement.

12. Children’s Privacy

The Service is not intended for individuals under the age of 16, and we do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us so we can delete it.

13. Cookies

We use only essential cookies necessary for the Service to function, primarily session and authentication cookies that keep you signed in. We do not use advertising or third-party marketing/tracking cookies. Because these cookies are strictly necessary to provide the Service, they do not require consent under applicable law.

14. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will provide reasonable notice, for example by email or through the Service. The “Last updated” date above shows when this Policy was last revised.

15. Contact

For any privacy questions or requests, contact us at jan@approvella.com.