Privacy Policy
Last updated: April 8, 2026
Privacy Policy
Last Updated: 4/7/2026
Effective Date: 4/7/2026
This Privacy Policy describes how Revvu ("we," "us," or "our") collects, uses, discloses, and protects your personal information when you use our website, applications, and services (collectively, the "Service"). By accessing or using our Service, you agree to the collection and use of information in accordance with this policy.
1. Information We Collect
We collect several types of information to provide and improve our Service.
1.1 Information You Provide Directly
Account Information:
- Full name and email address
- Profile picture (if provided or imported from authentication provider)
- Password and authentication credentials (managed securely by our authentication provider)
- Account preferences and settings
Business Information:
- Business name, address, and contact information
- Business website URL and logo
- Google Places ID and business category
- Business verification documents (if applicable)
Payment Information:
- Billing name and address
- Payment method details (processed and stored securely by Stripe; we do not store complete credit card numbers)
- Transaction history and subscription status
Content You Create:
- Customer review text that you input for video generation
- Reviewer names and ratings
- Video customization preferences (avatar selection, voice selection, emotions, formatting)
- Branding configurations (logos, colors, taglines)
- Captions and social media post content
Communications:
- Support requests and correspondence
- Feedback and survey responses
- Contact form submissions
1.2 Information Collected Automatically
Technical Information:
- IP address and approximate geographic location
- Browser type, version, and settings
- Device type, operating system, and unique device identifiers
- Referring URLs and exit pages
- Pages viewed and features used
- Date and time of access
Usage Information:
- Video generation history and statistics
- Feature usage patterns
- API calls and service interactions
- Error logs and performance data
Cookies and Similar Technologies:
- Authentication session cookies (required for login)
- OAuth state cookies (temporary, for social media connections)
- Analytics cookies (for understanding service usage)
- Preference cookies (to remember your settings)
1.3 Information from Third-Party Services
When you connect third-party accounts, we may receive:
From Social Media Platforms (Instagram, TikTok, YouTube, Facebook, LinkedIn, Twitter/X):
- Platform user ID and display name
- Profile URL and avatar
- OAuth access and refresh tokens (stored securely)
- Granted permission scopes
- Page/channel information (where applicable)
From Google Business Profile:
- Google account ID and location information
- Business reviews (reviewer names, ratings, comments, timestamps)
- OAuth tokens for API access
From Authentication Provider (Clerk):
- User ID, email, and name
- Profile image URL
- Account creation and last sign-in timestamps
2. How We Use Your Information
We use the information we collect for the following purposes:
2.1 Service Provision
- Create and manage your account
- Generate AI-powered video testimonials from customer reviews
- Process and store your videos
- Enable social media posting and scheduling
- Provide customer support and respond to inquiries
2.2 Service Improvement
- Analyze usage patterns to improve features
- Debug errors and optimize performance
- Develop new features and services
- Conduct research and analytics
2.3 Communication
- Send transactional emails (account verification, password reset, subscription confirmations)
- Notify you of important service updates
- Send team invitations and access notifications
- Respond to support requests
2.4 Billing and Payments
- Process subscription payments
- Manage billing cycles and invoices
- Prevent fraud and unauthorized transactions
- Comply with tax and financial regulations
2.5 Legal and Security
- Enforce our Terms of Service
- Protect against unauthorized access and abuse
- Comply with legal obligations
- Respond to legal requests and prevent harm
3. Information Sharing and Disclosure
We do not sell your personal information. We may share your information in the following circumstances:
3.1 Service Providers
We share information with third-party service providers who assist in operating our Service:
| Provider | Purpose | Data Shared |
|---|---|---|
| HeyGen | AI video generation | Review text, avatar/voice selections |
| Stripe | Payment processing | Customer ID, billing information, transaction data |
| Clerk | Authentication | Email, name, profile data |
| Google Cloud | Translation, AI pronunciation | Text content for translation/processing |
| Cloudflare R2 | Video storage | Generated video files |
| AWS SES | Email delivery | Email addresses, notification content |
| Sentry | Error tracking | Error logs, user context for debugging |
| Google Analytics | Usage analytics | Anonymized usage events, conversion data |
| Neon | Database hosting | All application data (encrypted) |
| Redis/Upstash | Caching and job queues | Temporary processing data |
3.2 Social Media Platforms
When you connect social media accounts and publish videos:
- Your videos and captions are shared with the connected platforms
- Platform-specific metadata (hashtags, mentions) is transmitted
- Posting activity is logged for your reference
3.3 Business Partners
If you use team or business features:
- Team members may view shared business data and videos
- Delegated users have access based on their assigned roles
- Business owners can see activity within their business account
3.4 Legal Requirements
We may disclose information:
- To comply with applicable laws, regulations, or legal processes
- To respond to lawful requests from public authorities
- To protect our rights, privacy, safety, or property
- To enforce our Terms of Service
- In connection with an investigation of suspected illegal activity
3.5 Business Transfers
In the event of a merger, acquisition, reorganization, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change and any choices you may have.
4. Data Retention
We retain your information for as long as necessary to provide the Service and fulfill the purposes described in this policy:
| Data Type | Retention Period |
|---|---|
| Account information | Until account deletion |
| Generated videos | Until deleted by user or account termination |
| Usage records | 24 months for analytics; indefinitely for billing records |
| Error logs | 90 days |
| Social media tokens | Until disconnected or expired |
| Payment records | As required by tax/financial regulations (typically 7 years) |
| Support correspondence | 3 years after resolution |
After account deletion:
- We will delete or anonymize your personal data within 30 days
- Some data may be retained in backups for up to 90 days
- Aggregated, anonymized data may be retained indefinitely for analytics
5. Data Security
We implement industry-standard security measures to protect your information:
Technical Safeguards:
- Encryption in transit (TLS/HTTPS) and at rest
- Secure authentication with multi-factor options
- Regular security audits and vulnerability assessments
- Access controls and authentication for internal systems
- Encrypted database connections
Operational Safeguards:
- Limited employee access to personal data
- Security training for personnel
- Incident response procedures
- Regular backup and disaster recovery testing
Third-Party Security:
- All service providers are vetted for security practices
- Data processing agreements with sub-processors
- SOC 2 and/or ISO 27001 certified providers where available
Despite these measures, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.
6. Your Rights and Choices
Depending on your location, you may have the following rights:
6.1 Access and Portability
- Request a copy of the personal information we hold about you
- Export your data in a machine-readable format
- Access your video library and usage history
6.2 Correction
- Update your account information at any time through your account settings
- Request correction of inaccurate personal data
6.3 Deletion
- Delete your account and associated data
- Delete individual videos and content
- Request erasure of personal information (subject to legal retention requirements)
6.4 Restriction and Objection
- Object to processing based on legitimate interests
- Request restriction of processing in certain circumstances
6.5 Withdrawal of Consent
- Disconnect social media accounts at any time
- Revoke Google Business Profile access
- Opt out of non-essential communications
6.6 Opt-Out Rights
- Unsubscribe from marketing emails via link in each email
- Disable analytics cookies through browser settings
- Limit ad tracking through device settings
To exercise these rights, contact us at [email protected] or use the account settings in your dashboard.
7. Cookie Policy
7.1 Essential Cookies
Required for the Service to function:
- Authentication session cookies
- Security tokens (CSRF protection)
- OAuth state cookies (temporary, for social connections)
7.2 Functional Cookies
Remember your preferences:
- Language and locale settings
- UI preferences and theme
7.3 Analytics Cookies
Help us understand usage:
- Google Analytics (_ga, _gid, _gat)
- Performance monitoring
7.4 Managing Cookies
You can control cookies through:
- Browser settings (block or delete cookies)
- Our cookie consent banner (where applicable)
- Google Analytics opt-out: https://tools.google.com/dlpage/gaoptout
Note: Disabling essential cookies may prevent the Service from functioning properly.
8. International Data Transfers
Your information may be transferred to and processed in countries other than your country of residence, including the United States, where our servers and service providers are located.
For users in the European Economic Area (EEA), United Kingdom, or Switzerland:
- We rely on Standard Contractual Clauses (SCCs) approved by the European Commission
- Our service providers maintain appropriate safeguards for data protection
- You may request a copy of the safeguards by contacting us
9. Children's Privacy
The Service is not intended for children under the age of 16 (or 13 in jurisdictions where permitted). We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately at [email protected], and we will take steps to delete such information.
10. California Privacy Rights (CCPA/CPRA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):
Right to Know: You may request disclosure of the categories and specific pieces of personal information we have collected, the purposes for collection, and the categories of third parties with whom we share information.
Right to Delete: You may request deletion of your personal information, subject to certain exceptions.
Right to Opt-Out of Sale/Sharing: We do not sell your personal information or share it for cross-context behavioral advertising.
Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.
Right to Correct: You may request correction of inaccurate personal information.
Right to Limit Use of Sensitive Personal Information: We only use sensitive personal information for purposes permitted under CPRA.
To exercise these rights, contact us at [email protected] or call us at the number provided on our website.
11. European Privacy Rights (GDPR)
If you are in the European Economic Area, United Kingdom, or Switzerland, you have rights under the General Data Protection Regulation (GDPR):
Legal Basis for Processing:
- Contract: Processing necessary to provide the Service you requested
- Consent: Where you have given explicit consent (e.g., marketing communications)
- Legitimate Interests: For fraud prevention, security, and service improvement
- Legal Obligation: Where required by law
Additional Rights:
- Right to lodge a complaint with a supervisory authority
- Right to withdraw consent at any time
- Right to data portability
- Right to object to automated decision-making
Data Controller: Revvu is the data controller for your personal information.
12. Third-Party Links and Services
The Service may contain links to third-party websites or integrate with third-party services. This Privacy Policy does not apply to those third parties. We encourage you to review the privacy policies of any third-party services you access.
Third-party services we integrate with have their own privacy policies:
- HeyGen: https://www.heygen.com/privacy
- Stripe: https://stripe.com/privacy
- Google: https://policies.google.com/privacy
- Clerk: https://clerk.com/privacy
- Social media platforms: Refer to each platform's privacy policy
13. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by:
- Posting the updated policy on our website
- Updating the "Last Updated" date
- Sending an email notification for significant changes
- Displaying a notice within the Service
Your continued use of the Service after changes become effective constitutes acceptance of the updated policy. We encourage you to review this policy periodically.
14. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
Email: [email protected]
Legal Inquiries: [email protected]
For data protection inquiries from the EU/UK, you may also contact our Data Protection Officer at [email protected].
We will respond to your request within 30 days (or sooner where required by law).
15. Supplemental Notices
15.1 AI-Generated Content
The videos created through our Service use artificial intelligence technology provided by third-party partners. Review text and related information you provide is processed by AI systems to generate video content. We do not use your content to train AI models.
15.2 Reviews and Testimonials
When you convert customer reviews to videos, you represent that you have the right to use such reviews. We are not responsible for the accuracy or authenticity of review content you provide.
15.3 Biometric Data
We do not collect biometric data. The AI avatars used in video generation are pre-created digital representations, not based on your biometric information.