Privacy Policy

At Revigard (operated by BEJEWEAR OÜ, “we”, “us”, or “our”), we are committed to protecting your privacy and ensuring the security of your personal data. This Privacy Policy explains how we collect, use, store, and protect your information when you use our platform and services.

We comply with the EU General Data Protection Regulation (GDPR), as BEJEWEAR OÜ is established in Estonia, a member state of the European Union.

1. Data Controller

The data controller responsible for your personal data is:

• Company: BEJEWEAR OÜ
• Location: Estonia, European Union
• Contact: privacy@revigard.com

2. Data We Collect

2.1 Account Information

When you register, we collect:

• Email address
• Password (stored securely using industry-standard hashing — we never store plaintext passwords)
• Company/business name
• Industry category

2.2 Business Data

To provide our services, we process:

• Customer reviews from connected platforms (e.g., Google Business Profile)
• AI-generated response suggestions
• Reputation analytics and metrics
• Review response history

2.3 Technical Data

We automatically collect:

• IP address and approximate geolocation
• Browser type and version
• Device type and operating system
• Pages visited, access times, and referring URLs
• Push notification subscription details

2.4 Analytics Data

We use Google Analytics 4 to understand how users interact with our platform. Google Analytics collects anonymized usage data including page views, session duration, and user flow. You can opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on.

2.5 Payment Data

Payment processing is handled by our merchant of record, Creem.io (Armitage Labs OÜ). We do not store credit card numbers or payment details on our servers. Creem acts as an independent data controller for payment-related data. Please refer to Creem’s Privacy Policy for details.

3. Legal Basis for Processing

We process your data based on the following legal grounds under GDPR:

• Contract performance: Processing necessary to provide the Service you subscribed to
• Legitimate interest: Analytics, security monitoring, fraud prevention, and service improvement
• Consent: Push notifications and optional marketing communications
• Legal obligation: Tax records, regulatory compliance, and law enforcement requests

4. How We Use Your Data

We use the collected data to:

• Provide, operate, and maintain the Revigard platform
• Authenticate users and protect account security
• Process and respond to customer reviews using AI
• Generate reputation analytics and business insights
• Send web push notifications about new reviews and alerts
• Process payments and manage subscriptions (via Creem)
• Monitor and improve service performance and security
• Comply with legal obligations

5. Data Sharing & Third Parties

We share your data only with:

• AI service providers: Review text may be sent to third-party AI services to generate response suggestions. No personal user data is shared — only business review content.
• Google: For Google Business Profile integration. Only authorized data is accessed based on your explicit consent.
• Payment provider: Payment processing is handled by a third-party merchant of record.
• Analytics providers: Anonymized usage analytics to improve the Service.
• Infrastructure providers: Cloud hosting and operational services (no direct data access).

We do not sell, rent, or trade your personal data to third parties for marketing purposes.

6. Data Security

We implement industry-standard security measures including:

• Encryption for all data in transit and at rest
• Secure password hashing (passwords are never stored in plaintext)
• Multi-layered authentication and session management
• Protection against brute-force and automated attacks
• Regular security audits and dependency updates

7. Data Retention

• Account data: Retained for the duration of your active subscription, plus 30 days after account deletion
• Review data: Retained as long as your account is active
• Billing records: Retained for 7 years as required by Estonian and EU tax law
• Server logs: Automatically purged after 90 days
• Analytics data: Subject to Google Analytics retention policy (14 months default)

8. Your Rights Under GDPR

As a data subject, you have the following rights:

• Right of access: Request a copy of all personal data we hold about you
• Right to rectification: Request correction of inaccurate personal data
• Right to erasure: Request deletion of your personal data (“right to be forgotten”)
• Right to restrict processing: Request limitation of processing in certain circumstances
• Right to data portability: Receive your data in a structured, machine-readable format
• Right to object: Object to processing based on legitimate interest
• Right to withdraw consent: Withdraw consent at any time for consent-based processing

To exercise any of these rights, contact us at privacy@revigard.com. We will respond within 30 days as required by GDPR.

9. International Data Transfers

Some of our service providers may process data outside the European Economic Area (EEA). In such cases, we ensure appropriate safeguards are in place:

• EU-US Data Privacy Framework certification of the receiving entity
• Standard Contractual Clauses (SCCs) approved by the European Commission
• Adequacy decisions by the European Commission for the receiving country

10. Cookies & Tracking

Our platform uses essential cookies required for authentication and session management. These are strictly necessary and do not require consent under GDPR.

We use Google Analytics for anonymized usage tracking. You can control analytics cookies through your browser settings or by using the Google Analytics opt-out extension.

11. Children’s Privacy

The Service is not intended for use by individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have collected data from a person under 18, we will take steps to delete that information promptly.

12. Data Breach Notification

In the event of a personal data breach that poses a high risk to your rights and freedoms, we will:

• Notify the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon) within 72 hours as required by GDPR Article 33
• Notify affected users without undue delay as required by GDPR Article 34
• Provide details of the breach, its likely consequences, and the measures taken

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users of material changes via email or through the Service at least 30 days before they take effect. The “Last updated” date at the top of this page indicates when the policy was last revised.

14. Supervisory Authority

If you are not satisfied with how we handle your data, you have the right to lodge a complaint with:

• Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon)
• Website: www.aki.ee
• Email: info@aki.ee

You may also lodge a complaint with the supervisory authority in your EU member state of residence.

15. Contact Us

For any privacy-related questions or to exercise your data protection rights:

• Email: privacy@revigard.com
• General support: support@revigard.com
• Company: BEJEWEAR OÜ, Estonia, European Union