Skip to main content
RevSprint logoRevSprint

Legal

Privacy Policy

This Privacy Policy explains how RevSprint Ltd(“RevSprint”, “we”, “us”) collects, uses, and protects personal data when you visit our website, create an account, or use the RevSprintservice (the “ Service”). We are committed to the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and, where we offer the Service to individuals located in the European Economic Area, the EU General Data Protection Regulation (EU GDPR).

1. Who we are

RevSprint Ltd is the data controller for personal data processed through our website and for personal data relating to our direct customers. For personal data our customers upload into the Service about their own end users, the customer is the controller and RevSprint Ltd acts as processor under the Data Processing Agreement at /legal/dpa.

Questions about this policy, or to exercise your rights, contact: dpo@revsprint.ai.

Where we offer the Service to individuals located in the European Economic Area, we will appoint a representative under Article 27 of the EU GDPR, and that representative’s name and contact details will be published in this section before any such offering begins. Until that time, EEA data subjects may contact us directly at the email address above.

2. Personal data we collect

  • Account data: name, work email, company name, job title, password hash, team size, and preferences you provide at sign-up.
  • Billing data: billing address and VAT number. Card details are collected and stored directly by our payment processor (Stripe); we never see or store full card numbers.
  • Usage data: log entries, device and browser metadata, IP address, and product interaction events used to secure the Service and improve it.
  • Communications: messages you send us by email, support requests, and records of any calls you book with us.
  • Marketing data: subscription preferences and engagement with any emails you have consented to receive.

We do not knowingly collect special-category personal data on our website. If you connect third-party tools to the Service, the personal data inside those tools is processed under the DPA, not this Privacy Policy.

3. How we use personal data and our lawful basis

  • Performance of a contract: to create and operate your account, deliver the Service, process payments, and provide support.
  • Legitimate interests: to secure the Service against abuse, investigate incidents, keep audit records, analyse aggregate usage to improve the product, and communicate with existing customers about materially relevant product updates. You can object at any time.
  • Consent: for optional marketing emails to prospects and for any non- essential cookie or tracker we may add in future. You can withdraw consent at any time without affecting prior processing.
  • Legal obligation: to meet tax, accounting, and regulatory duties under UK law.

4. Retention

We retain account and billing records for the duration of your subscription and for six years after termination in line with UK statutory record-keeping requirements. Website and marketing data is retained for up to 24 months from last interaction. Security and audit logs are retained for up to 13 months. Customer-uploaded data is retained and deleted according to the DPA; deletion on termination is covered there.

5. Who we share personal data with

We only share personal data with service providers that help us run the Service, under written contracts that meet UK GDPR Article 28. Our current sub-processors are listed and kept up to date in the DPA. Categories include: cloud infrastructure, model providers, payment processing, email delivery, error monitoring, and analytics. We do not sell personal data.

We do not use personal data contained in Customer Data to train, fine-tune, or improve any foundational AI model, nor any model offered to other customers. Where we route personal data to a third-party model provider to deliver the Service, those providers are contractually required to exclude that data from their model training pipelines.

6. International transfers

Some of our sub-processors are located outside the United Kingdom. Where personal data is transferred outside the UK, we rely on the UK International Data Transfer Agreement, the UK Addendum to the EU Standard Contractual Clauses, or an equivalent adequacy mechanism. Copies of the transfer safeguards are available on request.

7. Your rights

Under the UK GDPR you have the right to be informed, the right of access, the right to rectification, the right to erasure, the right to restrict processing, the right to data portability, the right to object, and rights relating to automated decision-making. You can exercise any of these by emailing dpo@revsprint.ai. We will respond within one calendar month.

If you are a California resident, you have additional rights under the California Consumer Privacy Act as amended by the California Privacy Rights Act (collectively, “CCPA”): the right to know what personal information we collect, the right to delete and correct that information, the right to opt out of the sale or sharing of personal information, the right to limit the use of sensitive personal information, and the right to be free from discrimination for exercising your rights. We do not sell personal information, and we do not share personal information for cross-context behavioural advertising. You may designate an authorised agent to exercise these rights on your behalf by contacting the email address above.

8. Security

We use industry-standard technical and organisational measures to protect personal data, including encryption in transit and at rest, role-based access control, multi-factor authentication for staff, least-privilege service accounts, append-only audit logs of administrative actions, and regular backups. Details of the security measures that apply to customer-uploaded data are in the DPA.

9. Marketing communications

We only send marketing emails where you have opted in, or to existing customers about closely related features where the soft opt-in under PECR applies. Every marketing email contains an unsubscribe link. You can opt out at any time.

10. Children

The Service is a business product and is not intended for, or directed at, anyone under 16. We do not knowingly collect personal data from children.

11. Cookies

Our marketing site uses strict-necessary cookies only. Full details at /legal/cookies.

12. Changes to this policy

We may update this Privacy Policy. The “Effective date” at the top of the page will be updated. Material changes will be communicated by email to account holders.

13. Complaints

If you believe we have mishandled your personal data, please contact us first at dpo@revsprint.ai. You also have the right to lodge a complaint with the UK Information Commissioner’s Office at ico.org.uk.