This Privacy Policy explains how Skawa Innovation Ltd. collects, uses, stores, and protects your personal data when you use mnrv.ai. It is written in compliance with the EU General Data Protection Regulation (GDPR) — Regulation (EU) 2016/679.
1. Data controller
The data controller responsible for your personal data is:
Skawa Innovation Kft. (Skawa Innovation Ltd.)
Registered address: H-1093 Budapest, Gálya utca 6., Hungary
Office: H-1068 Budapest, Király utca 82, IV/3., Hungary
EU VAT number: HU14528114
Court registration: Fővárosi Bíróság, Cg.01-09-907962
Contact: info@mnrv.ai
2. What personal data we collect
We collect data you provide directly and data generated through your use of the Service:
Account data
- Name and email address (registration)
- Password (stored as a secure hash; never in plain text)
- Profile preferences and settings
Usage and content data
- Calendar events, tasks, and notes you create or import
- Messages and communication threads processed by the Service
- Interaction logs (features used, actions taken within the app)
AI interaction data
When you use AI-powered features, the following data may be processed by third-party AI providers to generate responses:
- Messages and conversation history you send to the AI assistant
- Calendar events and scheduling context (when calendar access is granted)
- Session context required to produce a relevant and coherent response
- Files or content you explicitly share within the chat
This data is collected through direct user input, calendar permissions you grant, and session context maintained during your session. It is transmitted to AI providers solely for the purpose of generating responses (see Section 4a below).
Technical data
- IP address, browser type, operating system
- Device identifiers and push notification tokens
- Log data and crash reports
Third-party integration data
If you connect external accounts (e.g. Google Calendar, email), we access only the scopes you explicitly authorise. We do not store third-party credentials; authentication is handled via OAuth 2.0 tokens.
Device contacts — phone numbers only (optional feature)
If you choose to use the "find contacts on Minerva" discovery feature, the app reads your device address book after you explicitly grant the Contacts permission on iOS or Android. Contact names and profile photos are accessed on-device only to display readable labels in the UI. Only phone numbers are ever transmitted to our servers — names, email addresses, and photos are never sent. See Section 4b for full details of how phone numbers are handled.
3. Legal basis for processing
We process your personal data on the following legal bases under GDPR Article 6:
- Contract performance (Art. 6(1)(b)) — to provide the Service you signed up for, including account management, feature delivery, and customer support.
- Legitimate interests (Art. 6(1)(f)) — for security, fraud prevention, service analytics, and improving product quality, where such interests are not overridden by your rights.
- Legal obligation (Art. 6(1)(c)) — where processing is required to comply with applicable law (e.g. tax or accounting obligations).
- Consent (Art. 6(1)(a)) — for optional data processing such as marketing communications. You may withdraw consent at any time.
4. How we use your data
- To create and manage your account
- To deliver AI-powered features (scheduling, task management, communication assistance)
- To personalise and improve the Service
- To communicate service updates, security alerts, and support responses
- To comply with legal obligations
- To detect and prevent fraud or abuse
We do not sell your personal data. We do not use your data to train third-party AI models without your explicit consent.
4a. AI data processing & third-party AI providers
This section satisfies Apple App Store guideline 5.1.1(i) and provides full transparency about how your data is used to power AI features.
What data is sent to AI providers
To generate intelligent responses, the following data is transmitted to third-party AI providers:
- Messages: the text of messages you send to the AI assistant
- Calendar context: relevant calendar events and scheduling data (only when you have granted calendar permission)
- Session context: conversation history and context needed to produce a coherent and relevant response
- Shared content: files or other content you explicitly attach or share in a conversation
Who receives your data
Your data may be sent to the following AI service providers:
- Google LLC — via the Gemini API (gemini.google.com), operated under Google's data processing terms and privacy commitments.
Additional AI providers may be used to support specific features. A current and complete list is available on request at info@mnrv.ai.
Purpose and restrictions
Data is sent to AI providers solely for the purpose of generating responses to your requests within the Service. Each provider is contractually obligated to:
- Protect your data in accordance with applicable data protection law
- Not use your data for their own advertising purposes
- Not use your data to train or improve their models without your separate, explicit consent
How your data is protected in transit
- All data is transmitted over encrypted connections (TLS)
- Minerva does not sell your personal data to AI providers or any other party
- You can request to delete all your data and your account on your profile page in the app (see Section 8)
4b. Device contacts & phone-number matching
This section describes the optional "find contacts on Minerva" feature. It is only active after you explicitly grant the Contacts permission and choose to use the feature.
What the feature does
The feature lets you discover which of your existing contacts already have a Minerva account or business profile, so you can connect with people you already know on the service.
What leaves your device — and what does not
- Transmitted to our servers: phone numbers only, sent to Firebase Cloud Functions running in the EU (europe-west1) for matching.
- Never transmitted: contact names, email addresses, profile photos, or any other address-book field. These are used solely on your device to display human-readable labels.
How the phone numbers are processed
On the server, phone numbers are normalised to E.164 format in memory and matched against existing Minerva business profiles and registered user accounts. The matched results are returned to your device. The submitted phone numbers are not stored, written to any database, or retained after the function completes. Server logs record only aggregate counts (e.g. how many numbers were submitted and how many matched) — the numbers themselves are never logged.
Local caching & deletion
Match results are cached only on your device using on-device storage, with a maximum retention period of 7 days. The cache is cleared automatically when you sign out. No match data is stored on our servers or shared with any third party.
Purpose limitation
Phone numbers submitted through this feature are used exclusively to identify which contacts are already on Minerva. They are not used for advertising, marketing, profiling, sold to third parties, or used to train AI models.
Legal basis (GDPR)
Processing is based on your consent (Art. 6(1)(a)), given when you grant the Contacts permission and activate the feature. You may revoke the permission at any time in your device settings, which will prevent any further transmission of phone numbers.
5. Data storage & international transfers
Your data is stored on infrastructure provided by Google Firebase (Google LLC), which operates data centres within the European Economic Area (EEA). Where processing involves data transfers outside the EEA, such transfers are safeguarded by the European Commission's Standard Contractual Clauses (SCCs) or an adequacy decision.
6. Data retention
- Account data: retained for the duration of your account, plus up to 2 years after closure for legal and audit purposes.
- Usage and content data: retained while your account is active. You may request deletion at any time (see Section 8).
- Technical / log data: retained for up to 12 months for security and debugging purposes.
- Legal/financial records: retained for the period required by Hungarian accounting law (currently 8 years).
7. Who we share data with
We share personal data only with:
- Service providers acting as data processors (e.g. cloud infrastructure, analytics, error tracking) — bound by data processing agreements compliant with GDPR.
- Third-party integrations you explicitly authorise (e.g. Google Calendar) — data is shared only as needed to fulfil the integration.
- Legal authorities — when required by applicable law or a valid court order.
A list of current sub-processors is available on request at info@mnrv.ai.
8. Your rights under GDPR
As a data subject, you have the following rights under the GDPR:
- Right of access (Art. 15) — request a copy of the personal data we hold about you.
- Right to rectification (Art. 16) — request correction of inaccurate or incomplete data.
- Right to erasure / "right to be forgotten" (Art. 17) — request deletion of your personal data, subject to legal retention obligations.
- Right to restriction of processing (Art. 18) — request that we limit how we use your data in certain circumstances.
- Right to data portability (Art. 20) — receive your data in a structured, machine-readable format and transfer it to another controller.
- Right to object (Art. 21) — object to processing based on legitimate interests, including profiling.
- Right to withdraw consent — where processing is based on consent, withdraw it at any time without affecting prior lawful processing.
To exercise any of these rights, contact us at info@mnrv.ai. We will respond within 30 days.
9. Right to lodge a complaint
You have the right to lodge a complaint with a supervisory authority. The competent authority in Hungary is:
Nemzeti Adatvédelmi és Információszabadság Hatóság (NAIH)
Address: 1055 Budapest, Falk Miksa utca 9-11.
Website: www.naih.hu
Email: ugyfelszolgalat@naih.hu
You may also lodge a complaint with the supervisory authority in your country of habitual residence.
10. Cookies & tracking
We use technically necessary cookies and similar technologies to operate the Service (e.g. session management, authentication). Optional analytics and marketing cookies are listed below; we load them only after you accept the cookie banner on your first visit.
Google Analytics
The mnrv.ai website uses Google Analytics 4 (measurement ID: G-3D9MFYKN4J), a web analytics service provided by Google LLC, to understand how visitors interact with our website. Google Analytics sets cookies in your browser and collects:
- Pages visited and time spent on each page
- Referring website or search term that brought you here
- Browser type, operating system, and approximate geographic region
- Anonymised IP address (the last octet is masked before storage)
This data is processed by Google LLC and may be transferred to Google servers in the United States. Such transfers are safeguarded by the European Commission's Standard Contractual Clauses. Google is contractually prohibited from using this data for its own advertising purposes.
Legal basis: Consent (Art. 6(1)(a) GDPR) — we ask for your permission via a banner on your first visit before loading Google Analytics. You can withdraw consent at any time by clicking reset cookie preferences, which will re-show the banner on the next page load.
Opt-out: You can also prevent Google Analytics from collecting data by installing the Google Analytics opt-out browser add-on, or by using a browser extension that blocks tracking scripts.
For more information on how Google handles data, see Google's Privacy Policy and Google Analytics data safeguarding.
Meta Pixel
The mnrv.ai website uses the Meta Pixel (pixel ID: 994689823150284, provided by Meta Platforms Ireland Limited), a marketing analytics tool, to measure how visitors interact with our pages after clicking Meta ads (Facebook, Instagram, etc.) and to improve our advertising. If you accept the cookie banner, the Pixel may set cookies in your browser and collect:
- Pages visited and actions taken (e.g. clicks on links to the Minerva app)
- Referring website or ad that brought you here
- Browser type, operating system, and approximate geographic region
- Hashed or pseudonymous identifiers used for ad measurement and attribution
This data is processed by Meta and may be transferred to Meta servers in the United States and other countries. Such transfers are safeguarded by the European Commission's Standard Contractual Clauses and Meta's data processing terms. Meta may use this data to provide aggregated reporting to us and, where permitted, for its own advertising services.
Legal basis: Consent (Art. 6(1)(a) GDPR) — the Meta Pixel loads only if you accept the cookie banner. You can withdraw consent at any time by clicking reset cookie preferences, which will re-show the banner on the next page load. Previously set Meta cookies may remain until you clear them in your browser.
Opt-out: You can manage ad preferences in your Meta account ad settings, use a browser extension that blocks tracking scripts, or decline cookies on our banner. Meta also offers an opt-out for certain data uses at Meta's privacy controls.
For more information, see Meta's Privacy Policy and About the Meta Pixel.
11. Children's privacy
The Service is not directed at children under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.
12. Changes to this policy
We may update this Privacy Policy periodically. We will notify you of material changes by email or via a prominent notice within the Service. The "last updated" date at the top of this page reflects the most recent revision.
13. Contact & data protection enquiries
For any questions, requests, or concerns relating to this Privacy Policy or your personal data, please contact:
Skawa Innovation Kft.
H-1068 Budapest, Király utca 82, IV/3., Hungary
info@mnrv.ai