Legal
Privacy Policy
Last updated: June 27, 2026
1. Who We Are
Revua ("we", "us", "our") operates the Revua platform at revua.space — an AI-powered review analysis and ad creative generation tool. This Privacy Policy explains what personal data we collect, how we use it, and your rights regarding it.
For questions, contact us at: s.hapovalov.wrk@gmail.com
2. Data We Collect
Account data
When you create an account via Clerk (our authentication provider), we receive and store your email address, name, and a unique user identifier. If you sign in via OAuth (e.g., Google), we receive only the data your provider shares with us.
Job and usage data
When you submit a product URL for analysis, we store the URL, the scraped reviews, the AI-generated output (ad hooks, buyer insights, UGC scripts, product card copy), job status, timestamps, and the number of reviews processed. This data is associated with your account.
Subscription and billing data
We use RevenueCat to manage subscriptions. Payment card details are processed directly by RevenueCat's payment processor and are never stored on our servers. We store your subscription tier, status, and renewal dates.
Notification preferences
If you enable notifications, we store your email notification preference and, optionally, your Telegram Chat ID. These are used solely to deliver job completion and failure notifications.
Usage and log data
Our servers automatically log IP addresses, request paths, timestamps, and error events for security and debugging purposes. This data is retained for up to 30 days.
3. How We Use Your Data
- To provide the core Service: scrape reviews, run AI analysis, generate ad creatives
- To manage your subscription and enforce plan limits
- To send transactional emails (job completed, job failed, billing events)
- To send Telegram notifications if you have configured them
- To improve the platform: detect errors, monitor performance, fix bugs
- To comply with legal obligations
We do not sell your personal data to third parties. We do not use your job data or generated content to train our own AI models.
4. Third-Party Services
We use the following sub-processors to operate the Service:
5. Data Retention
We retain your account data and job history for as long as your account is active. If you delete your account, your personal data and associated job results are deleted within 30 days, except where retention is required by law (e.g., billing records may be retained for up to 7 years for tax purposes).
Log data is retained for a maximum of 30 days. Redis cache data expires automatically (typically within 24 hours).
6. Your Rights (GDPR / Data Subject Rights)
If you are located in the European Economic Area or United Kingdom, you have the following rights:
- Access: Request a copy of the personal data we hold about you
- Rectification: Request correction of inaccurate data
- Erasure: Request deletion of your personal data ("right to be forgotten")
- Restriction: Request that we limit how we process your data
- Portability: Request an export of your data in a machine-readable format
- Objection: Object to processing based on legitimate interests
To exercise any of these rights, email s.hapovalov.wrk@gmail.com. We will respond within 30 days.
7. Cookies and Tracking
We use minimal cookies required for authentication (session management via Clerk). We do not use advertising cookies or third-party tracking pixels. Our analytics, if any, are limited to aggregated, anonymized usage data.
8. Security
We implement industry-standard security measures including HTTPS encryption in transit, JWT-based authentication with short-lived tokens, rate limiting, input validation, webhook signature verification, and security HTTP headers. While we take security seriously, no system is completely immune to breaches. In the event of a data breach affecting your personal data, we will notify you as required by applicable law.
9. Children's Privacy
The Service is not directed at individuals under the age of 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a minor, please contact us immediately.
10. International Data Transfers
Your data may be processed by our sub-processors in various countries, including the United States. Where data is transferred outside the EEA, we rely on appropriate safeguards such as Standard Contractual Clauses (SCCs) or the adequacy decisions by the European Commission.
11. Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date at the top of this page. Material changes will be communicated to registered users via email. Continued use of the Service after changes take effect constitutes acceptance of the updated policy.
12. Contact
For privacy-related questions, data requests, or to report a concern, contact us at: s.hapovalov.wrk@gmail.com