Privacy Policy

This Privacy Policy describes how RevealRed ("we," "us," or "our") collects, uses, discloses, and otherwise processes personal information in connection with the RevealRed service (the "Service"). By using the Service, you acknowledge the practices described here.

Controller. The data controller is the RevealRed entity responsible for the Service in your region — your counsel should identify the correct legal entity name and registered address for filings and registrations (e.g., GDPR Art. 13).

1. Information we collect

1.1 You provide directly

• Account data: name, email address from your sign-in provider, phone number if collected, and profile details you choose to add. We do not maintain a separate password for your account (Google sign-in only).
• Location (if required by the product): country, region, or district labels used to match features such as Resolver discovery.
• User Content: posts, comments, ratings, attachments (e.g., images, PDFs), applications or messages sent through the Service, and Resolver profile or verification materials you submit.
• Support communications: information you send when you contact us (including via email or third-party messaging such as WhatsApp if you choose that channel).
• Billing (Resolvers): if you purchase credits or paid features, payment-related data may be processed by our payment providers; we typically receive limited transaction metadata, not full card numbers, depending on integration.

1.2 Collected automatically

• Technical and usage data: IP address, device or browser type, general log data, timestamps, pages or screens viewed, and diagnostic data used for security and reliability.
• Cookies and similar technologies: as described in our Cookie Policy.

1.3 From others

• Authentication providers: if you sign in with a third party (e.g., Google), we receive profile identifiers and email as permitted by that provider and your settings.
• Reports and legal requests: information provided by users, regulators, or courts in connection with safety or legal process.

2. How we use information

• Provide, maintain, and improve the Service and features you request.
• Authenticate users, prevent fraud and abuse, and secure the Service.
• Send transactional and service-related messages (e.g., sign-in and security notices, critical notices).
• Send optional marketing only where permitted and with appropriate consent or opt-out mechanisms.
• Moderate content, enforce our Terms and Community Guidelines, and protect users.
• Comply with legal obligations and respond to lawful requests.
• Analyze usage in aggregate or de-identified form to understand product performance.

3. Legal bases (EEA, UK, and similar jurisdictions)

Where GDPR or similar laws apply, we rely on one or more of: contract (necessary to provide the Service), legitimate interests (security, improvement, and proportionate analytics, balanced against your rights), legal obligation, and consent (where required for optional cookies or marketing). You may withdraw consent where processing is consent-based, without affecting prior lawful processing.

4. Anonymous posts and identity

When you choose to post anonymously, we design the Service so that your name and public profile are not shown to other users in the normal presentation of that content. Operating the Service still requires us to process data as needed for security, account linking (for logged-in users), notifications, and integrity of the platform.

Legal and safety disclosure. We may disclose information when we believe in good faith that disclosure is required by law, regulation, legal process, or governmental request, or is necessary to protect the rights, property, or safety of RevealRed, our users, or the public. We do not promise that we can withhold identity or account information in every situation where a court, regulator, or other lawful authority orders or compels production to the extent applicable law requires us to comply.

Court or authority orders. If we receive a valid subpoena, court order, regulatory demand, or lawful request from law-enforcement or a competent authority, we may be legally required to identify the account behind content (including content posted anonymously). In such cases, we disclose only what we reasonably believe is required under applicable law.

When anonymity may not hold. We work hard to protect your data and to separate anonymous content from what the public sees, but no website can offer a perfect guarantee. In rare cases—such as a serious security breach, a sophisticated attack, a configuration or software error, or other events outside our day-to-day control—information that we normally keep private could be exposed despite our efforts. Similarly, if the law requires us to identify an account or tie content to a person, we may be unable to keep that connection secret. We will handle such matters carefully and only share what we reasonably believe we must under law or legitimate safety needs, but we cannot promise anonymity in every conceivable future scenario.

5. Sharing and subprocessors

We share information with:

• Service providers who host, store, deliver email, authenticate users, process payments, or provide analytics — for example, cloud hosting, object storage (e.g., S3-compatible storage for uploads), transactional email providers, and authentication services. They process data on our instructions and under contractual safeguards where appropriate.
• Professional advisers (lawyers, auditors) where confidential and necessary.
• Law enforcement and regulators when required or permitted by law.
• Corporate transactions: a successor in a merger, acquisition, or asset sale, subject to appropriate notices where required.

A current list of categories of subprocessors should be maintained internally and published or provided where your counsel recommends (e.g., linked schedule or DPA exhibit).

6. Retention

We retain personal information for as long as your account is active, as needed to provide the Service, and as required to comply with law, resolve disputes, and enforce agreements. Retention periods vary by data category; backup copies may persist for a limited period after deletion. User Content may remain in backups or logs for a window consistent with security practice before being overwritten.

7. Security

We implement technical and organizational measures appropriate to the risk, including encryption in transit where standard for web services, access controls, and vendor diligence. No method of transmission or storage is completely secure; we cannot guarantee absolute security.

8. International transfers

If we transfer personal data across borders (for example, to servers in the United States or other countries), we use mechanisms recognized by applicable law, such as Standard Contractual Clauses or adequacy decisions. Your counsel should confirm the mechanisms that apply to your entity and hosting locations.

9. Your rights

Depending on where you live, you may have rights to access, correct, delete, restrict, or object to certain processing, and to data portability. You may have the right to lodge a complaint with a supervisory authority. To exercise rights, contact us through the Service; we may need to verify your identity. We will respond in accordance with applicable law.

10. Children

The Service is not directed to children under the age required for lawful consent in their jurisdiction. We do not knowingly collect personal information from children in violation of applicable law. If you believe we have, contact us and we will take appropriate steps.

11. U.S. state privacy notices (summary)

Residents of certain U.S. states may have additional rights (e.g., access, deletion, opt-out of "sale" or "sharing" for cross-context behavioral advertising, where those concepts apply). RevealRed does not sell personal information for money in the traditional sense; if you use advertising or analytics that constitute a "sale" or "sharing" under state law, your counsel should add precise disclosures and a clear opt-out mechanism.

12. Changes to this Policy

We may update this Privacy Policy. We will post the new version and revise the "Last updated" date. Where required, we will provide additional notice or obtain consent.

13. Contact

For privacy requests and questions, use our Contact page. For formal data protection contacts (e.g., EU representative), add the addresses your counsel designates.