Amavera
Privacy Policy
Effective date: July 1, 2026
Amavera is a mobile application and web platform that helps tenants, landlords, and property managers document the condition of a rental property through AI-guided photo capture and automated report generation. This policy explains what data we collect, why we collect it, and how we protect it.
1. What We Collect
- Account information. When you create an account, we collect your email address and a password. Your password is hashed before storage and is never stored in plain text.
- Terms acceptance. When you create an account, we record the date and time at which you accepted our Terms of Service and Privacy Policy. This timestamp is stored in your account record.
- Property address. You provide a street address when starting an inspection. This appears on your report and is stored alongside your inspection data.
- Inspection type and tenant name. When starting an inspection, you select an inspection type (move-in, move-out, or condition change) and may optionally provide a tenant name. The tenant name is metadata that appears on the report and in your inspection history. It is limited to 60 characters and is entirely optional. If you provide a tenant name, you represent that you are permitted to share it.
- Photos. During an inspection, you capture photos of the property using your phone's camera. These photos are uploaded to our servers for AI analysis and are stored as part of your inspection record. Please do not photograph people or sensitive documents. We do not perform facial recognition or any biometric analysis on your photos.
- Inspection data. Our AI analyzes your photos to identify rooms, detect fixtures, assess conditions, and generate a written report. The analysis results, the generated report, and associated metadata (timestamps, coverage state, confidence signals) are stored in your account.
- Report sharing and acknowledgement data. When you share a report via Amavera's acknowledgement portal, we generate a unique share link. When someone acknowledges a shared report, we collect their name, their role (landlord/property manager or tenant), a timestamp, their IP address, and browser user agent. This information is attached to the report as part of the acknowledgement record. Before a recipient submits an acknowledgement, we show them a short notice on the acknowledgement page describing this collection and linking to this Privacy Policy. This information is collected directly from the recipient, not from you.
- Inspection invitations. If a landlord or property manager invites a tenant to inspect a property, we collect the tenant's email address and the property address. Both parties receive email notifications related to the invitation.
- Payment information. Payments made through the mobile app are processed through the platform's native billing system — Google Play on Android and the App Store on iOS. Payments made through the Amavera web portal are processed through Stripe. In all cases, we do not collect, store, or have access to your credit card number, billing address, or other payment details. We receive a purchase confirmation from Google Play or the App Store (verified through RevenueCat) or a checkout session confirmation from Stripe, which we store as proof of purchase.
- Email communications. If you have a paid report, we may send you occasional emails related to your inspection (for example, a notification that your shared report has been acknowledged). These emails are sent through Resend, our email delivery provider. You can opt out of non-essential emails at any time using the unsubscribe link in the message. We honor opt-out requests promptly and include our postal address in commercial emails, consistent with the CAN-SPAM Act.
- Web portal analytics. When you visit the Amavera web portal (amavera.app), we collect analytics data through PostHog, including pages visited, actions taken, and your approximate location based on IP address. This data is used to understand how the portal is used and to improve it. PostHog may set cookies in your browser to track sessions. We do not use this data for advertising.
2. How We Use Your Data
We use your data to operate Amavera and deliver the service you signed up for:
- To analyze your photos and generate your inspection report
- To store your inspections so you can access them later
- To process your payment and unlock your report
- To cryptographically seal your finalized report so its integrity can be independently verified
- To facilitate report sharing and record acknowledgements between parties
- To process inspection invitations and credit transfers between landlords and tenants
- To send you emails related to your inspection or account
- To record your acceptance of our Terms of Service and Privacy Policy
- To understand how the web portal is used and improve it
We do not use your data to train AI models. We do not sell your data to third parties. We do not serve advertising.
3. Third-Party Services
Amavera relies on the following third-party services to operate. Each processes some of your data as described:
- Anthropic (Claude AI) — Your photos are sent to Anthropic's API for analysis. Anthropic processes the images to produce room identification, condition observations, and report text. Under Anthropic's commercial terms, Anthropic does not use your data to train its models, and we maintain a data processing agreement with Anthropic governing this processing.
- Supabase — Stores your account, inspection data, photos, and reports. Supabase runs on AWS infrastructure with encryption at rest and in transit.
- Railway — Hosts our backend server that coordinates the inspection pipeline.
- Google Play Billing — Processes in-app payments on Android. Google's privacy policy governs their handling of your payment information.
- Apple App Store (StoreKit) — Processes in-app payments on iOS. Apple's privacy policy governs their handling of your payment information.
- Stripe — Processes web-based payments for credit bundle purchases through the Amavera web portal. Stripe receives your payment details directly and is PCI-DSS compliant. We do not receive or store your card information.
- RevenueCat — Verifies purchase tokens from Google Play and the Apple App Store. RevenueCat receives your purchase token and app user ID, not your payment details.
- Resend — Delivers emails to your email address. Resend processes your email address and the email content.
- PostHog — Provides web analytics for the Amavera web portal. PostHog collects page views, user interactions, and session data. It may set cookies in your browser. PostHog processes data on servers in the United States. You can opt out of PostHog tracking by enabling the "Do Not Track" setting in your browser.
- FreeTSA — A cryptographic timestamping authority. We submit a hash (a mathematical fingerprint) of your finalized report to FreeTSA to obtain a signed timestamp proving when the report was sealed. FreeTSA receives only the hash, not the report itself or any personal information.
4. Data Storage and Security
Your data is stored in Supabase's managed PostgreSQL database and S3-compatible object storage, hosted on AWS infrastructure. All data is encrypted in transit (TLS/HTTPS) and at rest. Access to your inspection data is restricted by row-level security — you can only access your own inspections.
Photos are stored in a private storage bucket and accessed through time-limited signed URLs. They are not publicly accessible.
Your password is hashed using Supabase Auth's built-in hashing before storage. We cannot read your password.
Shared report links use unique, randomly generated tokens. Only people with the link can view the report. Share links expire 90 days after creation by default, can be extended before expiry, and can be revoked at any time by the report owner.
We maintain reasonable administrative, technical, and physical safeguards designed to protect your data. No system is perfectly secure, and we do not guarantee absolute security. If a breach affecting your personal information occurs, we will notify affected individuals and any regulators within the time and in the manner required by applicable state law.
5. Cookies and Web Tracking
The Amavera web portal (amavera.app) uses cookies and similar tracking technologies through PostHog to collect analytics data. These cookies allow us to understand how visitors use the portal and to improve the product. We do not use cookies for advertising or to track you across other websites.
All visitors can accept or reject non-essential analytics cookies through our cookie banner and can change that choice at any time through the cookie settings link on the web portal. We do not sell personal information or use it for targeted advertising or cross-context behavioral advertising. Disabling some cookies may affect functionality of the web portal. The Amavera mobile app does not use cookies.
6. Data Retention
Your account, inspections, photos, and reports are retained as long as your account exists. Inspection reports are designed to be long-term records — both tenants and landlords may need them months or years after the inspection — so we do not automatically delete them.
If you delete an unpaid, unfinalized inspection through the app, the inspection record and its associated photos are permanently deleted.
If you want your account and all associated data deleted, contact us at the email address below and we will process your request within 30 days.
We retain account data for the life of your account; inspection records, reports, and photos as long-term records for the life of your account unless you delete them; analytics data for up to 24 months; and acknowledgement records for the life of the associated report. When you delete your account, we delete or de-identify your personal data within 30 days, except for limited records we must keep to comply with law or resolve disputes.
7. Your Rights
We offer the following rights to all Amavera users, and residents of states with comprehensive privacy laws, including California, Colorado, and Texas, have them by law.
Access and portability. You can obtain a copy of your data at any time using the in-app Export My Data feature. The export is generated immediately and delivered only to the authenticated account holder at the email address on file for the account, as a JSON file in a structured, commonly used, and machine-readable format. It includes your account information, profile, inspections, photos through download links that expire 7 days after the export is generated (or 1 hour for an in-browser download), comparisons, report shares, reviews, invitations, and credit and promotion history. Where a report has been shared and acknowledged by another person, your export includes that person's name, role, notes, and date, but not their IP address or browser information, because that technical information was collected from them rather than from you and is withheld to protect their rights.
Other requests. You may also request correction or deletion of your personal data and, where your state law provides them, opt out of any sale of personal data or targeted advertising and limit the processing of sensitive data. We do not sell personal data, use it for targeted advertising, or use it to train AI models. You will not be treated differently for exercising any right. To make any of these requests, email us at support@amavera.app or submit a request through our privacy request form at amavera.app/privacy-request, which does not require a login. We confirm that you are the account holder before acting, and we respond within 45 days, with one reasonable extension where necessary.
Appeals. If we decline your request, we will tell you why and how to appeal. To appeal, email support@amavera.app. If we deny the appeal, we will give you information on how to complain to your state attorney general.
8. Children's Privacy
Amavera is not intended for use by anyone under the age of 18. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us and we will delete it.
9. Changes to This Policy
We may update this privacy policy from time to time. If we make material changes, we will notify you through the app or by email. The effective date at the top of the first page indicates when this policy was last revised.
10. Contact
If you have questions about this privacy policy or your data, contact us at:
support@amavera.app