Back

Privacy Policy

Learn how we collect, use, and protect your personal information.

Last updated: February 5, 2025

1. Introduction

Revyme ("we," "our," or "us"), operated as an auto-entrepreneur under French law, is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website builder service, in compliance with the EU General Data Protection Regulation (GDPR) and French data protection law (Loi Informatique et Libertés).

2. Information We Collect

2.1 Information You Provide

Account Information:

  • Name and email address
  • Username and password
  • Payment information (processed through secure third-party providers)
  • Profile information and preferences

Content and Files:

  • Websites you create using Revyme
  • Images, text, and other content you upload
  • Design preferences and templates
  • Domain names and hosting settings

Communications:

  • Support requests and feedback
  • Survey responses
  • Email correspondence

2.2 Automatically Collected Information

Usage Data:

  • Pages visited and features used
  • Time spent on the platform
  • Click patterns and navigation paths
  • Device information (browser, OS, screen resolution)

Technical Information:

  • IP address
  • Browser type and version
  • Device identifiers
  • Cookies and similar technologies

2.3 Information from Third Parties

We may receive information from:

  • OAuth providers (Google, GitHub, etc.) if you sign up using social login
  • Payment processors (Stripe, PayPal)
  • Analytics providers
  • Marketing partners

3. How We Use Your Information

We use your information to:

Provide Our Service:

  • Create and maintain your account
  • Process your transactions
  • Generate AI content and suggestions
  • Host and publish your websites
  • Provide customer support

Improve Our Service:

  • Analyze usage patterns and trends
  • Develop new features and functionality
  • Test and optimize our platform
  • Fix bugs and technical issues

Communicate With You:

  • Send service updates and notifications
  • Respond to your inquiries
  • Send marketing communications (with your consent)
  • Conduct surveys and collect feedback

Ensure Security:

  • Prevent fraud and abuse
  • Monitor for security threats
  • Enforce our Terms of Service
  • Comply with legal obligations

4. AI and Machine Learning

We use artificial intelligence to provide website generation features. Here's how we handle your data:

4.1 No Internal AI Training

Revyme does NOT train AI models.

We use third-party AI services (Google Gemini, Replicate) via their APIs. When you use AI features, your prompts are sent to these external services for processing, but:

  • We do not collect or store data for AI training
  • We do not train our own AI models
  • We do not use your designs, content, or data to improve AI models

4.2 Third-Party AI Services

We use the following external AI services that process your data:

Google Gemini (for AI design features)

  • Your prompts and requests are sent to Google for processing AI-powered design suggestions
  • See Google's privacy policy for how they handle data
  • Data is transferred to the United States with appropriate safeguards (Standard Contractual Clauses)

Replicate (for image generation)

  • Your image generation requests are sent to Replicate for processing
  • See Replicate's privacy policy for how they handle data
  • Data is transferred to the United States with appropriate safeguards (Standard Contractual Clauses)

Important: These third-party services may use data according to their own privacy policies. We recommend reviewing their policies to understand how they process your data.

5. How We Share Your Information

We do not sell your personal information. We share information only in these circumstances:

Service Providers:

  • Cloud hosting providers
  • Payment processors
  • Email service providers
  • Analytics platforms
  • Customer support tools

Business Transfers:

  • In connection with a merger, acquisition, or sale of assets
  • With advance notice and opportunity to delete your account

Legal Requirements:

  • To comply with legal obligations
  • To protect our rights and property
  • To prevent fraud or illegal activity
  • In response to valid legal requests

With Your Consent:

  • When you explicitly authorize sharing
  • When you publish websites publicly
  • When you share content with other users

6. Third-Party Service Providers (Subprocessors)

We use the following third-party services to operate Revyme. Each is bound by Data Processing Agreements (DPAs) and Standard Contractual Clauses (SCCs) where applicable:

Infrastructure:

  • Cloudflare (USA) - CDN and DDoS protection

Payment Processing:

  • Stripe, Inc. (USA) - Payment processing and subscription management

AI Services:

  • Google LLC (USA) - AI design features (Gemini)
  • Replicate, Inc. (USA) - Image generation

Communication:

  • Resend (USA) - Transactional emails

6.1 International Data Transfers

Where subprocessors are located outside the EEA/UK, we ensure adequate protection through:

  • EU-US Data Privacy Framework certification
  • Standard Contractual Clauses (SCCs)
  • UK International Data Transfer Agreement (IDTA)
  • Adequacy decisions by the European Commission

We may add, replace, or remove subprocessors as needed. Enterprise customers with specific approval requirements should review their Data Processing Agreement (DPA).

7. Data Storage and Security

7.1 Where We Store Data

Your data is stored on secure servers in:

  • Primary: Germany (Hetzner)
  • CDN/Distribution: Global (Cloudflare)

7.2 Security Measures

We implement industry-standard security measures:

Technical Safeguards:

  • Encryption in transit (TLS/SSL)
  • Encryption at rest for sensitive data
  • Regular security audits
  • Intrusion detection systems

Access Controls:

  • Role-based access permissions
  • Two-factor authentication option
  • Regular access reviews
  • Employee security training

Monitoring:

  • 24/7 system monitoring
  • Automated threat detection
  • Incident response procedures

7. Your Privacy Rights

7.1 Access and Control

You have the right to:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate information
  • Deletion: Request deletion of your data ("right to be forgotten")
  • Portability: Export your data in a standard format
  • Restriction: Limit how we process your data
  • Objection: Object to certain processing activities

7.2 How to Exercise Your Rights

To exercise these rights:

  1. Log into your account settings
  2. Contact us at hello@revyme.com
  3. We will respond within 30 days

7.3 Cookie Preferences

You can control cookies through:

  • Browser settings
  • Our cookie preference center
  • Opt-out tools for analytics cookies

9. Data Retention

We retain your data only as long as necessary for the purposes stated:

Active Accounts:

  • Account data: Until account deletion + 30 days
  • Website designs: Until you delete them or account closure
  • Usage logs: 90 days
  • Security logs: 1 year

Inactive Accounts:

  • Accounts inactive for 2+ years may be deleted after 60-day notice

Deleted Accounts:

  • Soft deletion for 30 days (recoverable)
  • Hard deletion after 30 days (permanent)
  • Backup retention: 90 days maximum
  • Legal/tax records: 7 years (as required by law)

Marketing Communications:

  • Unsubscribed contacts: 3 years (to honor opt-out)

Payment Records:

  • Transaction history: 7 years (tax compliance)
  • Card data: Never stored (handled by Stripe)

You can request early deletion of your data at any time by contacting hello@revyme.com, subject to legal retention requirements.

10. Legal Basis for Processing (GDPR)

As a French company, we process all personal data under GDPR and French law. We process your data based on:

Consent (Article 6(1)(a)):

  • Marketing emails and promotional communications
  • Optional analytics cookies beyond essential ones
  • AI training data (anonymized, with opt-out available)

Contract Performance (Article 6(1)(b)):

  • Account creation and authentication
  • Providing website building and hosting services
  • Processing payments and managing subscriptions
  • Customer support and service communications

Legitimate Interests (Article 6(1)(f)):

  • Fraud prevention and security monitoring
  • Service improvement and analytics (aggregated data)
  • Business operations and internal administration

Legal Obligation (Article 6(1)(c)):

  • Tax and accounting records (7 years retention)
  • Compliance with lawful requests from authorities
  • Data breach notification requirements

You may withdraw consent at any time without affecting the lawfulness of processing before withdrawal. For contract-based processing, withdrawal may mean we cannot provide services to you.

11. Data Breach Notification

In the event of a data breach that affects your personal information:

Our Response Time:

  • Internal detection and assessment: Within 24 hours
  • Notification to supervisory authority (if required): Within 72 hours of discovery
  • Notification to affected users: Without undue delay

What We'll Tell You:

  • Nature of the breach and data affected
  • Likely consequences and our assessment of risk
  • Measures taken to address the breach
  • Recommendations for protecting yourself
  • Contact point for further information

How We'll Contact You:

  • Primary method: Email to your registered address
  • Backup: In-app notification banner
  • Public notice: Only if we cannot reach you directly

Your Rights After a Breach: You may have the right to compensation if you suffered damage due to a breach caused by our violation of GDPR.

To report a security concern: hello@revyme.com

12. Children's Privacy

Revyme is not intended for users under 16. We do not knowingly collect information from children. If we discover that we have collected information from a child, we will delete it immediately.

13. International Data Transfers

As a French company, we may transfer your data outside the European Economic Area (EEA):

Transfers to the United States:

  • Some of our subprocessors are located in the US (see Subprocessors section)
  • We use Standard Contractual Clauses (SCCs) for these transfers
  • We verify Data Privacy Framework certification where applicable
  • All transfers comply with GDPR Chapter V requirements

Your Rights: You may request information about the safeguards we use for international transfers by contacting hello@revyme.com

14. Third-Party Links

Our service may contain links to third-party websites. We are not responsible for:

  • Privacy practices of third-party sites
  • Content on third-party sites
  • Data collection by third parties

Always review the privacy policies of third-party sites.

15. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have additional rights under the CCPA and CPRA:

Enhanced Rights (Effective 2026):

  • Right to Know: What personal information we collect and how we use it
  • Right to Delete: Request deletion of your personal information
  • Right to Correct: Request correction of inaccurate personal information
  • Right to Limit: Limit use of sensitive personal information
  • Right to Opt-Out: Opt out of automated profiling decisions
  • Non-Discrimination: We will not discriminate against you for exercising your rights

Sensitive Personal Information We Collect:

  • Account credentials (password hashes only)
  • Payment information (processed by Stripe, not stored by us)

Our Use of Sensitive Information: We only use sensitive information to provide services you requested - not for profiling or targeted advertising.

Sale/Sharing of Personal Information: We do not sell your personal information. We share data with service providers only as needed to operate our services (see Subprocessors section).

To exercise your rights: hello@revyme.com or use the "Privacy Requests" form in your account settings.

16. Changes to This Policy

We may update this Privacy Policy to reflect:

  • Changes in our practices
  • Legal requirements
  • New features or services

We will notify you of material changes by:

  • Email notification
  • Prominent notice on our website
  • In-app notification

Your continued use after changes constitutes acceptance.

17. Contact Us

Email: hello@revyme.com

Company: Revyme

Legal Name: Nikita Kofman

SIRET: 89119005000023

Country: France

Response Time: We respond to privacy requests within 30 days (45 days if complex) as required by GDPR.

French Data Protection Authority (CNIL): If you're unsatisfied with our response, you may lodge a complaint with:

  • CNIL (Commission Nationale de l'Informatique et des Libertés)
  • Website: https://www.cnil.fr
  • Address: 3 Place de Fontenoy, TSA 80715, 75334 Paris Cedex 07, France
  • Phone: +33 1 53 73 22 22

For other EU countries: You may also contact your local data protection authority: https://edpb.europa.eu/about-edpb/board/members_en

This policy is effective as of the date listed above.