REVO Logo
← Back

Privacy Policy

Effective 1 October 2024

This Privacy Policy describes how Valjan Ventures ("REVO," "we," "us," or "our") collects, uses, and shares personal data when you access the REVO mobile application, web experience, and related services (collectively, the "Service").

We are committed to protecting your privacy and complying with applicable data protection laws, including the EU General Data Protection Regulation (“GDPR”) and the California Consumer Privacy Act (“CCPA”).

1. Personal Data We Collect

We collect personal data that you voluntarily provide and information that is automatically generated when you interact with the Service.

  • Account Data: name, email address, phone number, authentication credentials, and identifiers created for your account.
  • Profile Data: profile photos, bios, interests, social circles, and any content you choose to share in connection with activities.
  • Activity Data: details about activities you create or join, invitations, RSVPs, messages, reactions, and feedback you provide.
  • Payment and Payout Data: order history, ticket purchases, currency, pricing, Stripe payment intent identifiers, connected account information, payout preferences, and tax-related details provided for compliance.
  • Usage and Device Data: IP address, device type, operating system, app version, time zone, language, and diagnostics generated through cookies, SDKs, and similar technologies.
  • Location Data: approximate location derived from your device or from activities you choose to join when you grant permission.
  • Media and Files: photos, videos, and documents you upload, as well as camera, photo library, and microphone access when you choose to share content.
  • Contacts and Calendar Data: address book entries or calendar events you choose to import or sync to invite people or add activities (only when you explicitly grant access).
  • Third-Party Login Data: identifiers and profile details made available by providers such as Apple or Google when you choose to sign in with those services.
  • Communications: support requests, survey responses, and interactions with our team.

2. How We Use Personal Data

We process personal data for the following purposes:

  • Provide and maintain the Service, including creating accounts, enabling social discovery, processing invitations, and facilitating activities.
  • Personalise features and content, including recommendations relevant to your location, interests, or groups.
  • Communicate with you about updates, security alerts, transactional messages, payouts, and support responses.
  • Facilitate payments and payouts, detect fraud, issue refunds, and comply with financial reporting obligations.
  • Monitor and improve performance, fix bugs, and develop new features.
  • Protect the Service, enforce our Terms of Service, investigate fraud or abuse, and ensure community safety.
  • Comply with legal obligations and establish, exercise, or defend legal claims.

3. Legal Bases for Processing

Where the GDPR or similar laws apply, we rely on the following legal bases:

  • Performance of a Contract when we provide the Service you request.
  • Legitimate Interests for operating, securing, and improving our Service while balancing those interests against your rights.
  • Consent when required by law, including for push notifications, marketing communications, or accessing device features such as location services. You may withdraw consent at any time.
  • Legal Obligations when we process data to comply with tax, accounting, or statutory requirements.

4. Sharing and Disclosure

We do not sell personal data. We share personal data only with:

  • Infrastructure and database providers that host the Service (including Supabase and Vercel/Expo), subject to confidentiality and security obligations.
  • Payment processors (Stripe) and financial partners that enable ticketing, order processing, payouts, and related compliance checks.
  • Notification and communications partners such as OneSignal that deliver transactional and marketing messages when you opt in.
  • Other users when you choose to share activity content, invitations, or profile information.
  • Integration partners you authorise, such as calendar or ticketing platforms, consistent with your settings.
  • Professional advisers and auditors operating under confidentiality agreements.
  • Authorities or third parties when required by law or necessary to protect rights, safety, or property.
  • Successors in a corporate transaction, subject to the new entity honouring this policy.

5. International Data Transfers

We operate globally. Personal data may be processed in the European Union (for example, on Supabase infrastructure in the EU) and in other countries such as the United States when we use providers including Stripe, Vercel, Expo, or OneSignal. When personal data is transferred outside of your jurisdiction, we use safeguards such as Standard Contractual Clauses or other approved mechanisms and ensure receiving parties protect the data as described in this policy.

6. Data Retention

We retain personal data for as long as necessary to deliver the Service, comply with legal obligations, resolve disputes, and enforce agreements. Account and profile data are kept until you delete your account. Transactional and payout records may be retained for up to ten years to comply with tax and accounting laws. We anonymise or delete data when it is no longer required. You may request deletion of your account at any time, subject to our legal obligations.

7. Your Rights and Choices

Subject to applicable law, you may have rights to:

  • Access, correct, update, or delete personal data associated with your account.
  • Object to or restrict certain processing, or request portability of your data.
  • Opt out of marketing communications by following unsubscribe instructions or adjusting device settings.
  • Withdraw consent where processing is based on consent.
  • Lodge a complaint with your supervisory authority if you believe we have infringed your rights.

8. Security

We implement administrative, technical, and physical safeguards designed to protect personal data against unauthorised access, loss, misuse, or alteration. Despite our efforts, no system can be completely secure, and we cannot guarantee absolute security.

9. Children's Privacy

The Service is not directed to children under 13 (or the age required by local law). We do not knowingly collect personal data from children, and we delete such information if we learn that a child has provided it.

10. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices or applicable laws. We will notify you of material changes by posting the updated policy in the app, on our website, or by other appropriate means. The revised policy becomes effective when posted unless otherwise stated.

11. Contact Us

If you have questions or wish to exercise your rights, contact us at max.valjan@gmail.com or by mail at: Valjan Ventures, Eulenbergstr. 37, 51065 Köln, Germany.