Introduction
This Privacy Policy outlines how Reviy ("we", "us", "our"), as the Data Controller, collects, uses, discloses, and protects your personal information when you interact with our web application. We are committed to protecting your privacy in compliance with the General Data Protection Regulation (GDPR) and other relevant data protection laws.
This policy also details the role of PostHog, Inc. ("PostHog"), Firebase (Google), and Mailchimp (The Rocket Science Group LLC) as our Data Processors for analytics, backend services, and marketing purposes.
Data controller and data processors
- Data controller: Reviy (matteo.beltrame@reviy.app)
Responsible for determining the purposes and means of processing your personal data.
- Data processors:
Processes personal data for specific purposes (analytics, backend, marketing), based on our instructions.
Information we collect
We collect information to provide and improve our service. The legal basis for processing depends on the specific context:
Account registration data
When you create an account with Reviy, we collect and store the personal information you explicitly provide during registration.
Registration via Google OAuth:
- Name
- Email address
- Profile photo URL
The data collected depends on what you authorize during the sign-in popup with your chosen provider. We only receive and store the information you explicitly consent to share through the OAuth provider's authorization flow.
PostHog analytics & enhancement
We use PostHog to collect data about how you interact with our application. This processing relies on different legal bases depending on the cookie/data category:
- Device Information: (e.g., device type, operating system, browser type)
- Usage Data: (e.g., features used, pages visited, interaction patterns, session duration, anonymous click tracking via $autocapture, anonymous session recordings)
- For strictly necessary technical data required for PostHog to function minimally: Legitimate Interest.
- For Performance & Analytics cookies/data: Your explicit Consent obtained via our cookie banner.
- For Functional Enhancement & Personalization cookies/data (e.g., session recordings): Your explicit Consent obtained via our cookie banner.
How we use your information
We use your information based on the legal bases outlined above for the following purposes:
- To provide and improve our application: delivering features, fixing bugs, enhancing usability.
- To analyze user behavior and trends: understanding how the application is used via analytics to improve features and performance.
- To personalize your experience: using data (potentially including insights from PostHog features like A/B testing, if implemented) to tailor the service.
- To manage your account: maintaining your profile information and authentication.
- To communicate with you: sending service-related notifications and updates.
- To comply with legal requirements: fulfilling legal or regulatory duties.
Newsletter and marketing communications
We use Mailchimp to manage our newsletter and marketing communications.
How we collect your consent:
- During account creation: You can opt in to our newsletter by checking the subscription box on the registration form
- Via website: You can subscribe through the dedicated newsletter section on our website
What we share with Mailchimp:
- Email address (required)
- Name (if provided)
Your rights:
- You can unsubscribe at any time using the unsubscribe link in any newsletter email
- You can update your subscription preferences through your account settings or by contacting us
We do not send marketing communications without your explicit consent. Mailchimp processes this data according to their Privacy Policy.
Sharing your information
We only share your information under specific circumstances:
- Service providers (Data processors)
- Firebase: used for backend services, authentication, and data storage. See their policy at
Firebase Privacy and Security. - PostHog, Inc.: used for analytics and application usage insights as described above. They process data based on our instructions.
- Google: for authentication purposes if you use Google sign-in.
- Mailchimp: for newsletter and marketing communications if you opt in.
- Firebase: used for backend services, authentication, and data storage. See their policy at
- Search engines: for indexing public users data, based on your consent.
- Law Enforcement or Regulatory Authorities: if required by law or to protect rights, property, or safety (Basis: Legal Obligation).
Cookies and Similar Technologies
What are cookies?
Cookies are small text files stored on your device. We also use similar technologies like localStorage which might be employed by services like PostHog. These help our website function and provide insights.
Cookies & technologies we use
We categorize the cookies and technologies used as follows:
Performance & analytics
- Purpose: help us understand how visitors use our website by collecting anonymous data about:
- Pages visited
- Time spent on site
- Navigation paths
- Anonymous clicks tracking
- Device/Browser information
- Geographic location (approximate)
- Duration:
up to 12 months
- Provider: PostHog, Inc.
Functional enhancement & personalization
- Purpose: Allow us to improve usability and potentially tailor your experience using PostHog features like:
- Anonymous session recordings: to understand user interaction patterns and identify usability issues.
- A/B Testing/Feature Flags: to test new features or personalize content.
- Provider: PostHog, Inc.
Your choices regarding cookies
- You can accept or decline cookies/technologies via our cookie banner when you first visit, or change your preferences anytime through the link in the footline of the website.
- You can also control cookies through your browser settings (blocking, deleting), though this may affect site functionality.
Data security & retention
We implement technical and organizational security measures reasonably designed to protect your personal information from unauthorized access, disclosure, alteration, and destruction. This includes using secure services like Firebase for data storage and authentication, PostHog for analytics processing, and Mailchimp for marketing communications.
However, no method of transmission over the internet or electronic storage is 100% secure.
Data processed by PostHog on our behalf is stored within the European Economic Area (EEA).
We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including for the duration of your account activity, and as required for legal, accounting, or reporting requirements.
- Account data: retained until you delete your account or request erasure, subject to legal obligations.
- Analytics data: collected via PostHog is typically retained for up to 12 months or until you withdraw consent.
- Newsletter data: retained in Mailchimp until you unsubscribe or request deletion.
International data transfers
While we prioritize storing your data within the European Economic Area (EEA), some of our service providers process certain data in the United States:
- Firebase Authentication (Google): Authentication services are processed in Google's US infrastructure, even when your primary Firebase region is set to europe-west.
- PostHog analytics data: Stored within the EEA.
- Mailchimp: May process data in the US, depending on configuration.
- Standard Contractual Clauses (SCCs): Our processors (Google/Firebase, Mailchimp) use EU-approved Standard Contractual Clauses as mandated by GDPR.
- Additional Security Measures: Our processors implement supplementary technical and organizational measures to protect data transferred to the US.
You can request more information about these safeguards by contacting us at matteo.beltrame@reviy.app.
Age restrictions and minors
Our service is intended for users who are at least 16 years of age. We do not knowingly collect personal information from individuals under 16 years old.
If you are under 16, please do not register for an account or provide any personal information to us. If we become aware that we have collected personal data from someone under 16 without parental consent, we will delete that information immediately upon request or discovery.
Parents/Guardians: If you believe your child under 16 has provided us with personal information, please contact us at matteo.beltrame@reviy.app and we will promptly delete such information.
Your rights under GDPR
You have the following rights regarding your personal data:
- Right to access: Request a copy of the personal data we hold about you
- Right to rectification: Request correction of inaccurate data
- Right to erasure: Request deletion of your data (subject to legal obligations)
- Right to restrict processing: Request limitation of how we use your data
- Right to data portability: Receive your data in a structured, machine-readable format
- Right to object: Object to processing based on legitimate interests
- Right to withdraw consent: Withdraw consent for newsletter or analytics at any time
To exercise these rights, please contact us at matteo.beltrame@reviy.app
Right to lodge a complaint: You have the right to lodge a complaint with a supervisory authority, in particular in the EU member state of your habitual residence, place of work, or place of alleged infringement.
Since Reviy is established in Italy, the competent supervisory authority is:
Garante per la protezione dei dati personali
Piazza di Monte Citorio n. 121
00186 Roma, Italy
garante@gpdp.it
Changes to this privacy policy
We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements.
Contact us
If you have any questions about this Privacy Policy or our practices, please write at
