Privacy Policy

1. Introduction

Revuera Pty Ltd (ABN 23 308 272 266) ("Revuera", "we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, hold, use, and disclose personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

This policy applies to all personal information we handle — both for our customers ("Subscribers") who use Revuera, and for end customers ("End Customers") whose information our Subscribers upload to the platform.

By using Revuera, you consent to the practices described in this policy. If you do not agree, please do not use the Service.

2. What Personal Information We Collect

From Subscribers (business users of Revuera)

• Account information: Business name, full name, email address, phone number, business address, country
• Billing information: Payment method details processed and stored by Stripe. We do not store your card number.
• Business settings: Google review link, SMS templates, brand colour, logo URL, reply templates
• Usage data: Login timestamps, feature usage, dashboard activity
• Communications: Emails or messages you send to us

From End Customers (uploaded by Subscribers)

• Contact details: Customer name and mobile phone number
• Interaction data: SMS delivery status, star rating given (1–5), private feedback text, Google review link click
• Source data: Whether the interaction came from manual entry or an ecommerce platform (e.g. Shopify order)

Important: Revuera acts as a data processor for End Customer data. The Subscriber (the business using Revuera) is the data controller for their customers' data and is responsible for having a lawful basis to upload that data.

Automatically collected

• IP addresses (used for rate limiting and security)
• Device and browser information
• Cloudflare analytics and security logs

3. How We Collect Personal Information

We collect personal information:

• Directly from you when you sign up, fill out forms, or contact us
• When Subscribers upload customer data (names and phone numbers) to the platform
• Automatically through system logs, Cloudflare, and usage tracking
• Via Stripe when you make a payment

4. Why We Collect and Use Personal Information

We collect and use personal information for the following purposes:

For Subscribers

• Creating and managing your account
• Providing and improving the Service
• Processing payments and sending invoices
• Sending service-related emails (account verification, trial reminders, billing notices)
• Responding to support requests
• Complying with legal obligations

For End Customers

• Sending SMS review request messages on behalf of the Subscriber
• Processing and storing the End Customer's rating and feedback
• Showing the Subscriber their customer feedback in the dashboard

We will not use End Customer data for any purpose other than providing the Service to the Subscriber who uploaded that data.

5. Disclosure of Personal Information

We do not sell your personal information. We share personal information only with the following categories of third-party service providers, and only to the extent necessary to provide the Service:

• Stripe — payment processing. stripe.com/au/privacy
• Twilio — SMS delivery. End Customer phone numbers are transmitted to Twilio to send SMS messages. twilio.com/legal/privacy
• Supabase — database hosting. Your account and customer data is stored on Supabase servers. supabase.com/privacy
• Resend — transactional email delivery (account verification, billing emails). resend.com/privacy
• Cloudflare — hosting, DDoS protection, and DNS. cloudflare.com/privacypolicy

We may also disclose information if required by law, court order, or government authority, or to protect the rights, property, or safety of Revuera, our users, or the public.

6. Overseas Disclosure (APP 8)

Some of the third-party service providers listed above are based overseas, including in the United States. This means your personal information — and End Customer data — may be stored or processed in the United States.

Specifically:

• Twilio: United States — processes SMS messages including phone numbers
• Supabase: Data hosted in the AWS ap-southeast-2 (Sydney) region by default
• Stripe: United States — processes payment data
• Resend: United States — processes email addresses
• Cloudflare: Global CDN — processes request metadata

Before disclosing your personal information to overseas recipients, we take reasonable steps to ensure those recipients handle it in a way that is consistent with the Australian Privacy Principles. By using Revuera, you consent to these overseas disclosures.

7. Data Security

We take reasonable steps to protect personal information from misuse, interference, loss, and unauthorised access. Our security measures include:

• TLS/SSL encryption for all data in transit
• PBKDF2 password hashing — passwords are never stored in plain text
• Session tokens hashed with SHA-256 before database storage
• Account lockout after 5 failed login attempts
• Rate limiting on all API endpoints
• Data isolation — each business account can only access its own customer data
• All API endpoints require authenticated sessions

Despite these measures, no system is completely secure. If you believe your account has been compromised, contact us immediately at hello@revuera.com.au.

8. Data Retention

We retain personal information for as long as necessary to provide the Service and for legitimate business purposes, including:

• Active accounts: For the duration of your subscription
• After cancellation: 90 days, then permanently deleted
• Billing records: 7 years, as required by Australian tax law
• End Customer data: Retained as long as the Subscriber's account is active, then deleted with the account

You may request earlier deletion of your data (excluding legally required records) by emailing hello@revuera.com.au or using the account deletion feature in your dashboard settings.

9. Your Rights Under the Privacy Act 1988

Under the Australian Privacy Principles, you have the right to:

• Access: Request a copy of the personal information we hold about you
• Correction: Request correction of inaccurate or outdated information
• Deletion: Request deletion of your personal information (subject to legal retention obligations)
• Opt-out: Unsubscribe from marketing emails at any time
• Complaints: Lodge a complaint with us, and if unresolved, with the Office of the Australian Information Commissioner (OAIC)

To exercise these rights, email hello@revuera.com.au. We will respond within 30 days.

10. End Customers — Your Rights

If you received an SMS from a business using Revuera and want to know how your data is handled, or want it deleted, you may:

• Contact the business that sent you the message directly
• Contact us at hello@revuera.com.au and we will assist where possible

We will delete End Customer data associated with a specific phone number upon verified request.

11. Cookies and Tracking

We use the following cookies and tracking technologies:

• Essential cookies: Required for authentication and session management. Cannot be disabled without breaking the Service.
• Analytics: We may use privacy-respecting analytics (such as PostHog or Cloudflare Analytics) to understand how the Service is used. These do not identify individuals.

You can control or delete cookies through your browser settings. Disabling essential cookies will prevent you from logging in.

12. Children's Privacy

The Service is not directed at children under 18. We do not knowingly collect personal information from anyone under 18. If you believe a child has provided us with personal information, contact us at hello@revuera.com.au and we will delete it promptly.

13. Spam Act 2003 Compliance

Revuera is a tool for businesses to request reviews from their own customers. Our platform requires Subscribers to confirm they have consent from each customer before sending SMS messages. We prohibit the use of Revuera for unsolicited commercial messages and will terminate accounts found in breach of the Spam Act 2003 (Cth).

All SMS messages sent through Revuera identify the sending business. Recipients can opt out by replying STOP. We honour all opt-out requests.

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email at least 14 days before they take effect. The current version will always be available at revuera.com.au/privacy.

15. Complaints

If you have a complaint about how we have handled your personal information, please contact us first:

• Email: hello@revuera.com.au
• We will acknowledge your complaint within 5 business days and aim to resolve it within 30 days.

If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC):

• Website: oaic.gov.au/privacy/privacy-complaints
• Phone: 1300 363 992

16. Contact Us

For all privacy enquiries:

• Email: hello@revuera.com.au
• Contact form: revuera.com.au/contact

Revuera Pty Ltd · ABN 23 308 272 266 · Sydney, New South Wales, Australia