The short version.
We collect as little as possible, use it only for the reason we collected it, keep it only as long as we need to, and never sell it. This policy covers savorg.studio and every app published by SavorgStudio.
Who we are
SavorgStudio is operated by Filippo Savorgiannakis, based in Vienna, Austria. When this policy says "we", "us", or "the studio", that is us. We are the data controller for all personal data covered by this policy.
"Our services" means this website (savorg.studio) and any app, game, or tool we publish.
At a glance
The table below summarizes what we collect, why, under which legal basis, and how long we keep it. Each row is explained in detail further down.
| Data | Purpose | Legal basis | Kept |
|---|---|---|---|
| Contact form submissions | Reply to your message, and prevent spam or abuse of the form | Legitimate interest (Art. 6(1)(f) GDPR) | Up to 12 months |
| Account data (if the app requires an account) | Provide account features, authenticate, secure | Contract (Art. 6(1)(b)) | Life of the account, plus up to 30 days |
| Content you create or upload | Store, sync, and display as you direct | Contract (Art. 6(1)(b)) | Until you delete it |
| Device and usage information | Debug, secure, and improve the product | Legitimate interest (Art. 6(1)(f)) | 30 to 90 days, then aggregated or deleted |
| Crash and error reports | Diagnose and fix bugs | Legitimate interest (Art. 6(1)(f)) | Up to 12 months |
| OS-level permissions (camera, photos, location, notifications, microphone) | Power a specific feature you activate | Consent (Art. 6(1)(a)) | Only while the feature is active or the content is saved |
| Server and security logs | Protect against abuse and fraud | Legitimate interest (Art. 6(1)(f)) | 30 to 90 days |
What we collect
Information you give us directly. Contact form entries (name, email, subject, message). Account details, if an app requires an account. Content you create or upload inside an app: photos, videos, audio, text, files, settings, and preferences.
Information collected automatically. When you use our services we may log basic device and usage information: IP address, approximate location derived from IP (country or region), device type, operating system, app version, the pages or screens you visit, actions taken inside the app, and crash or error reports. Where possible we work with pseudonymous data (data that cannot identify you on its own without additional information). Note that, under GDPR, pseudonymous data is still personal data and is protected by this policy.
Information with your permission. Some app features only work with access you grant at the operating-system level: camera, photo library, microphone, precise location, contacts, calendar, push notifications, or health data. We only access these when the relevant feature is active, only for the purpose it was granted, and you can revoke any permission at any time in your device settings.
How we use it and why
We use your information only for the purposes listed in the summary table above: operating the service you are using, replying when you contact us, keeping accounts and content secure, detecting and preventing abuse, diagnosing and fixing bugs, and understanding in aggregate how features are used so we can improve them.
Under EU GDPR, every use is tied to one specific legal basis: your consent (for OS-level permissions and any non-essential cookie or tracker, if we ever add one), performance of our contract with you (accounts, uploaded content), our legitimate interests in running and improving our services (diagnostics, security, aggregate analytics), or compliance with a legal obligation.
Where we rely on legitimate interests, we ensure that these are not overridden by your rights and freedoms, and we use the minimum data necessary to achieve the purpose.
What we don't do
We do not sell your personal data. We do not rent it. We do not currently use third-party advertising SDKs or cross-app tracking in our apps. We do not build advertising profiles about you.
We do not currently use the content you create in our apps to train third-party AI models. If we ever materially change how we use personal data, we will update this policy and, where required, ask for your consent before doing so.
Automated decision-making
We do not use your personal data for automated decision-making or profiling that produces legal or similarly significant effects. No algorithm in our services decides whether you get access, what price you pay, or anything else of that kind without meaningful human involvement.
Content you create in our apps
When an app lets you create or save content, we process that content only to provide the service: for example, to store it, sync it across your devices, share it with other people you choose to share with, and back it up to reduce the risk of loss.
You can delete content from our active systems through the app where that feature is available. Some apps may keep limited shared records when needed to preserve the integrity of shared spaces or collaborative features. Where that is the case, the app-specific notice below explains it.
Diagnostics, analytics, and crash reporting
We may collect technical diagnostics and limited usage information to keep our products reliable, secure, and usable. This can include app version, operating system, device model, basic event logs, crash traces, and similar technical context.
Where possible, we prefer aggregated or pseudonymous information. We do not use third-party advertising analytics or cross-app tracking. If you send us a bug report from inside an app, we may receive the diagnostic details shown to you in that report flow. Unless you choose to include it in your message, bug reports do not include the content of your pantry, recipes, shopping lists, files, or private messages.
Cookies and similar technologies
The website currently uses only strictly necessary cookies or similar storage needed for basic functionality. Because we currently use only strictly necessary cookies on the website, a consent banner is not required under applicable law. If we later introduce non-essential cookies or similar technologies, we will ask for consent where required and update this section.
Our apps may use local device storage to keep you signed in, remember settings, cache app data for performance or offline use, and operate features you enable. We do not use third-party advertising cookies, cross-site trackers, or browser fingerprinting in our apps.
Third-party processors
We use a small number of trusted service providers to run our services. Each one is bound by a data processing agreement and can only use your data for us, not for themselves.
At the time of writing, we use:
- Netlify (US): website hosting and contact form processing.
- Google Fonts (US): typography delivery for the website.
- Apple and Google: distribution of our apps through the App Store and Google Play, including store-level analytics where enabled by the user.
- Supabase (Frankfurt, EU): account authentication, database storage, and transactional email (such as password reset links) for our apps that have accounts.
- Expo Application Services (US): push notification routing from our backend to Apple Push Notification service and Firebase Cloud Messaging.
Each app's store listing and in-app settings list the processors actually used by that app.
International transfers
SavorgStudio is in Austria, inside the European Economic Area. Some of our processors (Netlify, Google, Apple, and others listed above) are outside the EEA, typically in the United States. When that is the case we rely on safeguards permitted by European law, primarily the European Commission's Standard Contractual Clauses, and, where applicable, adequacy decisions such as the EU-US Data Privacy Framework. We also assess, where necessary, whether additional technical measures are required to protect your data. You can ask us for a copy of these safeguards at any time.
How long we keep your data
We keep personal data only as long as we need it for the purpose for which it was collected, as described in this policy and any app-specific notice below. In many cases, deleting your account or content removes it from our active systems and then from backups on our normal backup retention schedule, generally within thirty days.
Some apps may preserve limited shared records after account deletion where this is necessary to keep shared spaces, collaboration history, or other multi-user features intact. Where that applies, we explain it in the app-specific notice for that app.
Your rights
Under EU GDPR and similar laws, you have the right to: access the personal data we hold about you, correct it if it is wrong, ask us to delete it (the "right to be forgotten"), restrict how we use it, receive a copy in a portable format, object to processing based on legitimate interests, and withdraw any consent you previously gave. To exercise any of these, email info@savorg.studio. We reply within a few days and resolve requests within thirty days.
If you are not happy with our response, you can complain to your local data protection authority. In Austria, that is the Datenschutzbehörde (dsb.gv.at).
Data Protection Officer
We have not appointed a Data Protection Officer because we are not required to do so under Article 37 GDPR. For any privacy matter, contact info@savorg.studio.
Security
We protect personal data with encryption in transit (HTTPS), encryption at rest where appropriate, strong authentication for the studio's own systems, and access controls that keep data visible only to people who need it. No system is perfectly secure. If a breach ever affects you, we will notify you and the appropriate authorities as required by law.
Children
Our services are not directed to children under sixteen, or the lower age permitted by applicable law in your country. We do not knowingly process personal data from children in those age groups. If we discover that we have collected personal data from a child without a parent or guardian's authorization, we will delete it promptly. If you are a parent or guardian and believe your child has given us personal data, email us and we will take care of it within a few days.
Deleting your account or data
You can delete your account inside any SavorgStudio app that offers account deletion, usually in Settings. You can also email info@savorg.studio and we will handle the request for you.
Deleting an account removes the account's sign-in access, personal profile, and data that is personal to that account. In apps with shared or collaborative spaces, some content may remain in those shared spaces if removing it would break the experience for other members. Where that applies, the app-specific notice below explains exactly what stays and what is removed.
App-specific notices
Some apps may provide additional privacy notices specific to their features (for example, if a particular app uses health data, location data, or payment processing). Those notices supplement this policy and, where they conflict with it, take precedence for that specific app.
Larderly
Larderly is a pantry and grocery-planning app with shared households or shared pantry spaces. In Larderly, we process account information, pantry membership, pantry items, recipes, shopping-list entries, preferences, invite codes, and technical diagnostics needed to operate the app.
Account and sign-in data. Larderly supports email/password sign-in and may also support Sign in with Apple and Google Sign-In. We process the account identifiers, authentication records, and basic profile information needed to let you access your account securely.
Pantry and shopping data. Larderly stores the pantry items, recipes, shopping-list entries, and related metadata you create so that the app can display them to you and, where applicable, to other members of the same pantry.
Push notifications. If you enable notifications, Larderly may store a push token associated with your account so it can send shopping-list updates and similar app notifications. If you disable push notifications in the app, we stop using that token for push delivery and clear it from the active profile record where applicable.
Local device storage. Larderly uses local device storage to keep you signed in, remember preferences, cache pantry data for performance or offline resilience, and store notification settings.
Bug reports and diagnostics. If you send a bug report from inside Larderly, we may receive technical details such as app version, operating system, device model, and your internal account identifier or user ID. Bug reports do not automatically include the contents of your pantry, recipes, or shopping lists unless you choose to include them in the message you send us.
Account deletion in Larderly. When you delete your Larderly account, we delete the account login, personal profile, and data that belongs only to you. If you contributed pantry items, recipes, or shopping-list entries to a pantry shared with other people, those shared records may remain with that pantry so the pantry continues to function for the remaining members. In that case, your name is removed from the contribution history associated with those records. If a pantry belongs only to you and is not shared with others, it may be deleted in full as part of account deletion. Backup copies are removed on our normal backup retention schedule, generally within thirty days.
Changes to this policy
If we update this policy, we will change the "last updated" date below. If the change is material, we will give at least thirty days' notice on this page and, where appropriate, inside the affected app. Continued use of our services after a change means you accept the updated policy.
Contact
Questions, requests, or concerns? Write to info@savorg.studio.
Last updated: April 29, 2026. Last reviewed: April 29, 2026.