Privacy Policy
Effective June 2, 2026
1. Who we are
Revora ("we", "us") operates the website at revoraos.com and the Revora review-reply service. This policy explains what personal data we collect, why, and what rights you have over it. If you have any questions, email hello@revoraos.com.
2. Information we collect
Account data. Name, email address, and password hash when you create an account.
Business data. The reviews you paste in or connect, your voice samples, and the replies you generate and approve.
Billing data. Subscription status, plan, and billing history. Card details are handled by Stripe — we never see or store full card numbers.
Usage data. Pages visited, features used, and error logs. We use this to keep the service running and to improve it.
Communications. Messages you send us through the contact form or by email.
3. How we use your data
- To provide the Revora service to you (generating drafts, syncing reviews, sending receipts).
- To process payments and manage subscriptions.
- To send service emails (security, billing, important changes).
- To diagnose bugs, prevent abuse, and improve reliability.
- To respond to your support requests.
We do not sell your personal data, and we do not use your business content to train shared AI models for other customers.
4. Legal bases (EEA / UK)
If you are in the EEA or UK, we rely on the following legal bases: performance of a contract (running the service you've signed up for), legitimate interests (security, fraud prevention, service improvement), legal obligation (tax, accounting), and consent (for optional marketing emails — never for service emails).
5. Sub-processors
We use a small number of trusted vendors to operate Revora:
- Supabase — application database and authentication.
- Stripe — payment processing and subscription billing.
- Cloudflare — content delivery and DDoS protection.
- OpenAI / Google AI providers — large language model inference for draft generation.
- Lovable Email — transactional and authentication emails.
Each sub-processor is contractually required to protect your data and to use it only to deliver their service to us.
6. International transfers
Our sub-processors are based primarily in the United States and the European Union. Where personal data is transferred outside your country, we rely on Standard Contractual Clauses or equivalent safeguards.
7. Data retention
We keep account and business data for as long as your account is active. If you cancel, we delete or anonymise your data within 90 days, unless we are required to retain it for legal or accounting reasons (typically up to 7 years for invoices).
8. Your rights
Subject to applicable law (GDPR, UK GDPR, CCPA and similar), you have the right to access, correct, export, or delete your personal data, to object to or restrict certain processing, and to withdraw consent at any time. To exercise any of these rights, email hello@revoraos.com from the address on your account. You can also lodge a complaint with your local data protection authority.
9. Cookies
We use only essential cookies and local storage required to keep you signed in, remember your preferences, and secure the service. We do not use third-party advertising cookies.
10. Security
Data is encrypted in transit (TLS) and at rest. Access to production systems is limited to a small number of authorised personnel and protected by multi-factor authentication. No system can be 100% secure, but we work continuously to protect your information.
11. Children
Revora is a B2B service intended for restaurant operators. It is not directed at children under 16 and we do not knowingly collect data from them.
12. Changes
We may update this policy. Material changes will be announced by email or in-app at least 14 days before they take effect.
13. Contact
Data controller: Revora. Email hello@revoraos.com for any privacy question or request.