My People
Get started

Privacy Policy

Effective date: 6 June 2026

ViaVia UG (haftungsbeschränkt) (“ViaVia”, “we”, “us”) operates My People (“the Service”). My People is a private, single-person relationship memory: a place to store who the people you know are and the context of each, which your own AI agents can read and write through MCP. This policy explains how we handle personal data in line with the EU General Data Protection Regulation (GDPR).

1. Data Controller

ViaVia UG (haftungsbeschränkt), Marchgrabenplatz 4, 80805 München, Germany. Commercial Register: Amtsgericht München, HRB 308987. Contact: info@viavia.travel.

2. Data We Process

2.1 Account data

Your email address and, if provided via Google Sign-In, your display name. Legal basis: Art. 6(1)(b) GDPR (performance of the contract).

2.2 Content you store (“your people”)

The names, identities (emails, phone numbers, handles), relationship notes, and interaction history you add about the people you know — whether typed, imported from CSV/vCard or Google Contacts, or written by your agents over MCP. This may include personal data of third parties. You control this content; we process it on your behalf to provide the Service. Legal basis: Art. 6(1)(b) and 6(1)(f) GDPR.

2.3 Billing data

If you subscribe to Pro, payments are processed by Stripe. We store a mirror of your subscription status (e.g. active/canceled) and Stripe customer/subscription identifiers — never your card details. Legal basis: Art. 6(1)(b) GDPR.

2.4 MCP tokens

We store only a one-way hash of any MCP access token you create, plus a short non-secret prefix for display. The token itself is shown once and never stored.

3. Where Your Data Lives

Application data is hosted in the European Union (Supabase, Frankfurt / eu-central-1) and served via Vercel functions in the Frankfurt region. We do not perform server-side AI processing of your content.

4. Processors

  • Supabase (database, authentication) — EU hosting.
  • Vercel (application hosting).
  • Stripe (payments) — only if you subscribe.
  • Google (only if you choose Google sign-in / Contacts sync; we request read-only contacts access and import the results).

Each processor acts under a data-processing agreement.

5. Retention

We keep your data for as long as your account exists. When you delete your account, your account and all associated content are permanently removed (see Section 7).

6. Your Rights

Under the GDPR you have the right to access, rectify, erase, restrict, and port your data, and to object to processing. You can export all your data as JSON and delete your account and all data at any time from Settings, or by contacting info@viavia.travel.

7. Deletion

Deleting your account removes your account record and cascades to all your people, identities, interactions, merge history, MCP tokens, and billing mirror. Any active subscription is cancelled.

8. Supervisory Authority

You may lodge a complaint with the competent authority: Bayerisches Landesamt für Datenschutzaufsicht (BayLDA), Promenade 18, 91522 Ansbach, Germany.

9. Changes

We may update this policy; material changes will be reflected by the effective date above.

← Back to My People