Privacy policy
Last updated: 3 May 2026
1. Introduction
This Privacy Policy explains how Tiravu SIA (“Tiravu”, “we”, “us”, or “our”) collects, uses, and
protects personal data when you visit our website tiravu.com or any related subdomains (the “Website”).
Tiravu is a road-assistance platform operated from Riga, Latvia. At this stage, the Website is a
pre-launch presence with a waitlist, a contact form, and a provider sign-up form. This policy describes
how we handle the personal data you submit through these forms and through your interaction with the
Website.
This Privacy Policy should be read together with our Cookie Policy, which describes the cookies and
similar technologies we use.
We follow the EU General Data Protection Regulation 2016/679 (“GDPR”) and the Latvian Personal Data
Processing Law.
2. Who we are
Tiravu SIA is the data controller for the personal data described in this policy.
Email: [email protected]
Location: Riga, Latvia
If you have questions about how we handle your personal data, or you want to exercise any of the rights
listed in Section 8, please contact us at the email above.
3. Personal data we collect and why
We only collect personal data that you actively submit through one of the forms on our Website, plus limited technical data described in our Cookie Policy. We do not collect special categories of data (such as health, biometric, or political data).
3.1 Waitlist form
Available on our home page and About Us page, this form lets you join the waitlist for the Tiravu app launch in Latvia.
| Data collected | Purpose | Legal basis (GDPR) | Retention |
|---|---|---|---|
| Name | To address you correctly when we send launch updates. | Consent (Art. 6(1)(a) GDPR) | Until the app launch + 12 months, or until you withdraw consent. |
| Email address | To notify you when the app launches and to send waitlist-related updates. | Consent (Art. 6(1)(a) GDPR) | Until the app launch + 12 months, or until you withdraw consent |
| Message (optional) | To understand what you expect from the service so we can improve it. | Consent (Art. 6(1)(a) GDPR) | Until the app launch + 12 months, or until you withdraw consent. |
3.2 Contact form
Available on the Contact Us page, this form lets you ask us a question or share feedback.
| Data collected | Purpose | Legal basis (GDPR) | Retention |
|---|---|---|---|
| Name | To address you correctly in our reply. | Legitimate interest (Art. 6(1)(f) GDPR) — responding to enquiries. | 24 months from last contact, then deleted unless an active conversation requires longer. |
| Email address | To send you our reply and any necessary follow-up. | Legitimate interest (Art. 6(1)(f) GDPR) — responding to enquiries. | 24 months from last contact. |
| Phone number (optional) | To call you back if your enquiry is easier to resolve by phone, where you have provided this option. | Legitimate interest (Art. 6(1)(f) GDPR) — responding to enquiries by your preferred channel. | 24 months from last contact. |
| User type (provider or service receiver) | To route your enquiry to the right team and tailor our response to your context. | Legitimate interest (Art. 6(1)(f) GDPR) — responding to enquiries appropriately. | 24 months from last contact. |
| Message | To understand and answer your enquiry. | Legitimate interest (Art. 6(1)(f) GDPR) — responding to enquiries. | 24 months from last contact. |
3.3 Provider sign-up form
Available on the For Providers page, this form lets road-assistance companies and self-employed providers express interest in joining the Tiravu network.
| Data collected | Purpose | Legal basis (GDPR) | Retention |
|---|---|---|---|
| Name (contact person) | To identify the person submitting the form and address them in follow-up. | Steps prior to entering a contract (Art. 6(1)(b) GDPR). | 5 years from submission, in line with Latvian accounting and commercial recordkeeping rules. |
| Email address | To respond to your application and send onboarding information. | Steps prior to entering a contract (Art. 6(1)(b) GDPR). | 5 years from submission. |
| VAT number | To verify that the applicant is a registered business and to prepare future invoicing if you join the network. | Steps prior to entering a contract (Art. 6(1)(b) GDPR); legal obligation (Art. 6(1)(c)) once a commercial relationship begins. | 5 years from submission, or longer if required by tax law once you become a partner. |
If you do not wish to provide the data marked as required, we will not be able to process your waitlist registration, reply to your enquiry, or evaluate your provider application.
3.4 Technical data
When you visit the Website, we automatically receive limited technical information such as your IP address, browser type, device information, referring URL, and pages viewed. This is described in detail in our Cookie Policy. We use this information to keep the Website secure, measure usage in aggregate (via Google Analytics 4), and run advertising campaigns (via the Facebook Pixel).
4. Children
The Website is intended for adults. We do not knowingly collect personal data from anyone under 16. If you believe a minor has submitted personal data through one of our forms, please contact us at [email protected] and we will delete it.
5. Who we share your data with
We do not sell your personal data. We share it only with the service providers we need to operate the Website and the forms, and only to the extent strictly necessary.
| Recipient | Purpose | Location |
|---|---|---|
| Hosting and infrastructure providers | Operating the Website, storing form submissions, and protecting against abuse. | EU / EEA |
| Email service provider | Sending replies, waitlist updates, and notifications related to your enquiry. | EU / EEA |
| Google (Google Analytics 4) | Aggregated traffic and usage analytics. Only activated if you consent to analytics cookies. | United States (with EU-US Data Privacy Framework safeguards). |
| Meta Platforms Ireland (Facebook Pixel) | Advertising measurement, retargeting, and look-alike audiences. Only activated if you consent to marketing cookies. | Ireland (EU) and United States. |
We may also disclose personal data when required by law, court order, or a competent authority, or where necessary to defend our legal rights.
6. International data transfers
Where data is transferred outside the European Economic Area (for example, to Google or Meta servers in the United States), we rely on appropriate safeguards under Articles 45 and 46 GDPR. These include the European Commission’s Standard Contractual Clauses and, for transfers to certified US recipients, the EU-US Data Privacy Framework.
7. How long we keep your data
We keep personal data only for as long as needed for the purposes set out in Section 3, after which we delete or anonymise it.
- Waitlist data: until app launch + 12 months, or until you withdraw consent.
- Contact form data: 24 months from your last contact, unless an active matter requires longer.
- Provider applications: 5 years, in line with Latvian accounting and commercial recordkeeping rules.
- Technical and analytics data: as set out in our Cookie Policy.
8. Your rights
Under the GDPR, you have the following rights regarding your personal data:
- Access — you can ask for a copy of the personal data we hold about you.
- Rectification — you can ask us to correct data that is inaccurate or incomplete.
- Erasure — you can ask us to delete your data where it is no longer necessary for the original purpose.
- Restriction — you can ask us to limit how we use your data in certain circumstances.
- Objection — you can object to processing based on legitimate interests, including direct marketing.
- Data portability — you can ask to receive your data in a structured, commonly used, machine-readable format.
- Withdraw consent — where we rely on consent (such as the waitlist or marketing cookies), you can withdraw it at any time, without affecting the lawfulness of processing before withdrawal.
- Lodge a complaint — you have the right to lodge a complaint with the Latvian Data State Inspectorate (Datu valsts inspekcija) at www.dvi.gov.lv, or the supervisory authority in your EU country of residence.
To exercise any of these rights, contact us at [email protected]. We will respond within one month, as required by Article 12(3) GDPR. We may need to verify your identity before acting on a request.
9. How we protect your data
We apply appropriate technical and organisational measures to protect personal data against unauthorised
access, alteration, disclosure, or destruction. These measures include encryption in transit (HTTPS),
access controls limiting who in our team can see form submissions, and regular review of our hosting and
tooling providers.
No method of transmission over the internet is 100% secure. If we become aware of a personal data breach
affecting your data, we will notify the Latvian Data State Inspectorate within 72 hours where required
by Article 33 GDPR, and notify you directly where the breach is likely to result in a high risk to your
rights.
10. Cookies
We use a limited set of cookies and similar technologies on the Website, including Google Analytics 4 and the Facebook Pixel. Full details, including the legal bases and how to manage your preferences, are in our Cookie Policy.
11. Changes to this Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, in the law, or in the services we offer. The “Last updated” date at the top shows when the policy was last revised. Material changes will be communicated via the Website or by email if you have given us your address.
12. Contact us
If you have questions, concerns, or requests regarding your personal data, please contact us:
Email: [email protected]
Website: tiravu.com
Supervisory authority: Latvian Data State Inspectorate (Datu valsts inspekcija), Elijānas iela 17, Rīga, LV-1050, www.dvi.gov.lv