Persónuverndarstefna AYA

Phone number (for SMS login and notifications), child's first name, GPS location when scanned (from the finder only, never from the child), device information for push notifications.

We use your data exclusively to deliver the AYA service: SMS login, push notifications when scanned, showing the finder's location on a map, and order processing via Stripe.

GPS location is collected ONLY from the finder (the person scanning the QR code) — never from your child. The location is used to show you exactly where your child is. GPS data is automatically deleted after 30 days.

We use only strictly necessary cookies: aya_sid (session), NEXT_LOCALE (language preference) and Stripe payment cookies. No tracking, no advertising cookies. See our cookie policy for details.

We share data with: Twilio (SMS), Stripe (payments), Sentry (error tracking), Vercel (hosting). All process data in accordance with GDPR. We never sell your data.

Scan logs and GPS data are automatically deleted after 30 days. Account information (phone number, children's names) is retained as long as your account is active. You can request deletion at any time.

Under GDPR you have the right to: access your data, rectification, erasure, data portability, restriction of processing and objection. Contact us via the support page to exercise your rights.

We only store the child's first name — never surname, photos or other personal information. The child never interacts with AYA directly. All data is managed by the parent.

We may update this policy from time to time. Significant changes will be communicated via SMS or on the website. The latest version is always available on this page.