Privacy Policy

Last updated: May 2026

1. Information We Collect

1.1 Information You Provide

We collect information you provide directly to us when you:

• Create an account (email address, password)
• Create and manage ad campaigns (ad text, URLs, targeting preferences)
• Subscribe to a paid plan (payment information is processed by Creem and is not stored on our servers)
• Contact us for support

1.2 Information Collected Automatically

When you use our service, we may collect:

• Ad impression and click data (language, timezone, user agent)
• API usage data (request timestamps, endpoints used)
• Device and browser information for ad targeting

1.3 Information We Do Not Collect

• We do not collect personally identifiable information from end users who view ads
• We do not use tracking cookies across websites
• We do not build user profiles for advertising purposes

2. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve the Revme service
• Process payments and manage subscriptions via Creem
• Provide ad performance analytics and reporting
• Send service-related notifications (billing, account changes)
• Prevent fraud and abuse
• Comply with legal obligations

3. Data Storage and Security

Your data is stored with Supabase, a secure cloud database provider hosted on AWS.
We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction.

• All data in transit is encrypted via TLS/HTTPS
• Authentication uses JWT tokens with secure session management
• API keys are hashed and never stored in plaintext
• Database access is restricted via role-based permissions

4. Third-Party Services

We use the following third-party services that may process your data:

• Supabase — Database and authentication. Data processed under their Privacy Policy and SOC 2 compliance.
• Creem — Payment processing.
  Creem handles all payment card data and is PCI compliant.
  We only receive transaction confirmations and subscription status updates.

We do not sell, rent, or share your personal information with any other third parties.

5. Data Retention

• Account data — Retained while your account is active. Deleted within 30 days of account deletion request.
• Ad campaign data — Retained while campaigns are active and for 90 days after deactivation for reporting purposes.
• Analytics data — Aggregated statistics retained indefinitely. Raw event data retained for 12 months.
• Billing records — Retained as required by law for financial record-keeping.

6. Your Rights

Depending on your jurisdiction, you may have the right to:

• Access the personal data we hold about you
• Request correction of inaccurate data
• Request deletion of your data
• Export your data in a machine-readable format
• Object to processing of your data
• Withdraw consent at any time

To exercise any of these rights, contact us at the email below.

7. Cookies

We use minimal cookies necessary for the service to function (authentication session tokens).
We do not use advertising cookies, tracking pixels, or third-party analytics cookies.

8. Children's Privacy

Revme is not intended for use by individuals under the age of 16. We do not knowingly collect personal information from children.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the updated policy on this page with a new "Last updated" date.

10. Contact

If you have questions about this Privacy Policy or your data, contact us at: support@revme.io