Revibu Logo

    • Privacy Policy

    Effective date: 4 December 2025

    1. Introduction

    This Privacy Policy explains how Revibu ("Revibu", "we", "us") collects, uses and protects your personal data when you visit our websites (including revibu.com and app.revibu.com), when you use the Revibu product, or when you interact with us in any other way (for example by email or during demos and events).

    By accessing or using Revibu, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with this Policy, you should not use our Services.

    We aim to be transparent and pragmatic about how we handle data: we only collect what we need to run and improve Revibu, to keep it secure, and to comply with our legal obligations.

    2. Who we are

    Revibu is a SaaS product operated by SaaSloop OÜ, a company registered in Estonia.

    • Brand: Revibu
    • Company: SaaSloop OÜ, registered in the Estonian Commercial Register under number 17245906.
    • EU VAT number: EE102863640.

    If you have any questions about this Privacy Policy or about how we process your data, you can contact us at: support@revibu.com.

    3. What information do we collect?

    The information we collect depends on how you interact with us and with Revibu. We group it into three main categories.

    3.1 Information you provide to us

    We collect the information that you choose to provide to us when you create an account, subscribe to a paid plan, contact our support or otherwise interact with us, including:

    • Account and profile information (name, email address, password in hashed form, language, role, organisation name).
    • Customer account configuration (connected app stores, connected workspaces and tools, notification settings, automation rules, templates and other configuration data).
    • Billing information handled by Stripe (billing name, company details, VAT number, billing address, last four digits of the payment card, subscription plan and invoices). Full payment card data is processed only by Stripe, not by Revibu.
    • Support and communication data (emails you send us, in-app messages, feedback, and any information you choose to share with us).
    • Content you upload or generate in the product (for example: review reply templates, internal notes, knowledge base entries, tags or labels you define).

    3.2 Information we collect automatically

    When you use Revibu, we automatically collect certain technical data necessary to operate, secure and improve the service, such as:

    • Log data (IP address, date and time of access, pages visited, HTTP status codes, referrer URL, and other standard web server logs).
    • Usage data (which features you use, clicks and interactions with pages and API requests, aggregated statistics on review volumes and automation runs).
    • Device and browser information (type of device, operating system, browser type and version, language settings).

    3.3 Information from third-party sources

    To deliver the core Revibu features, we process data retrieved from services that you connect to Revibu. This always happens under your instructions and based on the permissions you grant.

    • App store accounts: when you connect Apple App Store Connect or Google Play Console, we fetch the reviews and related metadata (ratings, review text, reply status, timestamps, territories, app identifiers) required to provide review analytics and automations.
    • Work tools and integrations: when you connect tools such as Jira, Linear, Notion, Slack, Microsoft Teams, Discord or similar, we process the data necessary to create tickets, send notifications or update items on your behalf (for example: issue titles and descriptions, links to reviews, internal tags).
    • Authentication and OAuth data: when you connect external services via OAuth, we receive technical tokens and identifiers from those services. We store these tokens encrypted and use them only to perform the actions you have enabled in Revibu.

    4. How do we use your information?

    We use the information described above for the following purposes:

    • To provide, operate and maintain the Revibu platform, including creating and managing your account, workspaces, connections and automations.
    • To provide customer support, answer your questions and communicate with you about the service.
    • To secure our infrastructure, prevent abuse, detect and investigate incidents, and enforce our terms of service.
    • To send you important service-related communications, such as changes to features, security alerts, billing information or updates to this policy.
    • To analyse usage, improve and develop our product, including by running aggregated statistics on how features are used and which reviews or automations are most active.
    • To comply with legal obligations, resolve disputes and enforce our agreements.

    6. How do we share your information?

    We do not sell your personal data and we do not share it with third parties for their own marketing purposes. We only share your information in the following situations:

    • Service providers: we use carefully selected service providers that help us operate Revibu, such as hosting and infrastructure providers, email delivery services, logging and monitoring tools and analytics providers. These providers may only process your data on our instructions and under appropriate data protection agreements.
    • Payment processing: when you subscribe to a paid plan, payments are processed by Stripe. Stripe acts as an independent data controller for your payment data. We receive limited billing information and subscription status from Stripe, but not your full payment card details.
    • Integrations you enable: when you connect app stores or work tools to Revibu, we share data with those services as necessary to provide the features you have enabled (for example, posting a reply to a review, creating an issue in Jira or sending a message to Slack). What is shared and how depends on the permissions you grant and your configuration.
    • Professional advisers: we may share information with lawyers, accountants and similar professionals when necessary for legitimate business purposes and as required by law.
    • Business transfers: if we are involved in a merger, acquisition, financing or sale of all or part of our business, your information may be transferred as part of that transaction, subject to appropriate confidentiality protections.
    • Legal compliance and protection: we may disclose information if we believe in good faith that it is reasonably necessary to comply with applicable laws, regulations, legal processes or enforceable governmental requests, or to protect the rights, property or safety of Revibu, our users or others.

    Whenever we share data with third-party service providers, we limit the data to what is strictly necessary and require appropriate security and confidentiality commitments.

    7. International data transfers

    Our main infrastructure (application servers, databases and storage) is hosted on a virtual private server (VPS) located in Paris, France, provided by Hostinger. This means that your data is primarily stored and processed within the European Economic Area (EEA).

    Some of our service providers or integration partners may be located outside the EEA or may process data in other countries (for example, Stripe for payments or some cloud-based tools). When we transfer personal data outside the EEA, we do so in compliance with applicable data protection laws, using appropriate safeguards such as the European Commission's Standard Contractual Clauses or equivalent mechanisms.

    8. How do we protect your information?

    We use a combination of technical and organisational measures to protect your personal data and the content you process through Revibu. These include in particular:

    • Encryption in transit (HTTPS/TLS) for all connections to our application and APIs, and encryption at rest for our databases and backups where technically possible.
    • Access control and least-privilege principles, ensuring that only authorised personnel and systems can access production data, and only to the extent necessary.
    • Regular monitoring, logging and backup procedures aimed at detecting anomalies, restoring data in case of incident and maintaining the availability of the service.

    9. How long do we keep your information?

    We keep personal data only for as long as it is necessary for the purposes described in this policy, unless a longer retention period is required or permitted by law.

    In practice, this generally means:

    • Account and workspace data: kept for the lifetime of your account. If your organisation closes its account, we will delete or anonymise data within a reasonable period, subject to technical backups and legal obligations.
    • Backups and logs: kept for limited periods that are appropriate for security, continuity and troubleshooting purposes (typically from a few days to several months), after which they are deleted or anonymised.
    • Billing and contractual information: kept for the period required by applicable commercial and tax laws (which may range from 7 to 10 years, depending on the jurisdiction).

    10. Your rights

    Depending on your location and applicable law (in particular under the GDPR in the EEA, the UK GDPR or similar laws), you may have the following rights regarding your personal data:

    • Right of access - to obtain confirmation as to whether we process personal data about you and, if so, to receive a copy of that data.
    • Right to rectification - to request that inaccurate or incomplete personal data be corrected.
    • Right to erasure - to request the deletion of your personal data in certain circumstances (for example, when it is no longer necessary for the purposes for which it was collected).
    • Right to restriction - to request that we temporarily or permanently stop processing some or all of your personal data in certain circumstances.
    • Right to data portability - to receive your personal data in a structured, commonly used and machine-readable format and to transmit it to another controller, where technically feasible.
    • Right to object - to object at any time, on grounds relating to your particular situation, to processing based on our legitimate interests, and to object to direct marketing.
    • Right to withdraw consent - where processing is based on your consent, you may withdraw it at any time without affecting the lawfulness of processing before withdrawal.

    To exercise any of these rights, please contact us at support@revibu.com. We may ask you for additional information to verify your identity before responding.

    You also have the right to lodge a complaint with a data protection supervisory authority, in particular in the EEA country or UK region where you live or work, or where you consider that your rights have been infringed.

    11. Cookies and similar technologies

    We use cookies and similar technologies to operate and secure the Revibu platform, to remember your preferences and, in some cases, to analyse how the service is used.

    You can configure your browser to block or alert you about cookies, or to delete them. Some features of Revibu may not function properly if you disable certain cookies. Where required by law, we will ask for your consent before using non-essential cookies.

    12. Connections, integrations and AI features

    Revibu is built to connect to external services such as app stores, ticketing tools, collaboration platforms and AI providers. When you enable these connections, we process and exchange data with those services strictly as necessary to provide the features you have configured.

    For example, our AI-powered features may analyse the content of your app reviews, your reply templates and knowledge base entries in order to generate suggested replies or insights. When we use third-party AI providers, this is done under data processing agreements that prohibit using your data to train their models beyond what is necessary to provide the service, unless we explicitly state otherwise and obtain your consent.

    • Access to third-party services is always controlled via the permissions you grant when connecting them to Revibu, and you can revoke those permissions at any time from the third-party service or from within Revibu.
    • We store OAuth tokens and API keys encrypted and limit their use to the operations required to implement your automations (for example fetching reviews, posting replies or creating tickets).
    • You are responsible for ensuring that you have a valid legal basis (for example, your own users' consent or legitimate interest assessment) to process the personal data of your end-users through Revibu and the connected services.

    13. Children's privacy

    Revibu is designed for use by professionals and businesses, not by children. We do not knowingly collect personal data from children under 16. If you believe that a child has provided us with personal data, please contact us so that we can delete it where appropriate.

    14. “Do Not Track” signals

    Some browsers include a “Do Not Track” (DNT) setting that can signal to websites that you do not wish to be tracked. There is currently no universally accepted standard on how to respond to DNT signals.

    At this time, we do not respond specifically to DNT signals. We will update this policy if a standard is adopted that we are legally required to follow in the future.

    15. Changes to this policy

    We may update this Privacy Policy from time to time, for example to reflect changes to our services or to applicable laws. When we make material changes, we will update the “Effective date” at the top of this page and, when appropriate, notify you by email or through the product. We encourage you to review this page regularly.

    16. How to contact us

    If you have any questions, comments or requests regarding this Privacy Policy or our handling of your personal data, please contact us at support@revibu.com.

    SaaSloop OÜ - Revibu Company registration number: 17245906 EU VAT number: EE102863640 Registered in Estonia.