Back to Home
Legal Document

Privacy Policy

Last updated: February 27, 2026

This Privacy Policy explains how Revyra ("Revyra", "we", "us", "our") collects, uses, stores, shares, and protects personal data when you access our website or use the Revyra application and services (the "Service").

This policy applies to: the Revyra website; user accounts and product usage; calendar synchronization features; automated or manual follow-up communications initiated by users; and analytics, security, and support operations.

By accessing or using the Service, you acknowledge that you have read and understood this Privacy Policy.

1. Who We Are

Revyra is operated by:

Clément Antoine Robert COMBIS Individual Entrepreneur (France) Address: 5 Rue Albert Perdreaux, 92370 Chaville, France Privacy contact: privacy@revyra.app

As Revyra is operated by an Individual Entrepreneur under French law (Entreprise Individuelle), there is no legal separation between the business and its operator for the purposes of data protection law. Clément Antoine Robert COMBIS is the natural person responsible for all data processing activities described in this policy.

2. Scope of This Policy

This Privacy Policy applies to all personal data processed in connection with:

  • the Revyra website and product pages;
  • user account creation and management;
  • calendar synchronization features (Google Calendar);
  • follow-up communications (email and SMS) configured and triggered by users;
  • recipient data processed on behalf of users;
  • analytics, security monitoring, and customer support.

This policy does not apply to third-party websites, services, or products that may be linked from the Service.

3. Roles and Responsibilities — Controller vs. Processor

Revyra's role differs depending on the context of processing.

3.1 Revyra as Data Controller

Revyra acts as data controller for:

  • account registration and management data;
  • website and product usage data;
  • billing and payment data;
  • security, fraud prevention, and anti-abuse signals;
  • analytics and service monitoring data;
  • customer support communications.

As data controller, Revyra determines the purposes and means of processing and is directly responsible for compliance with applicable data protection laws.

3.2 Revyra as Data Processor

Revyra acts as data processor for:

  • calendar event data synchronized from your connected calendar (e.g., Google Calendar);
  • recipient and contact data (names, email addresses, phone numbers) that you upload, configure, or import for use in follow-up communications;
  • message content and sending logs generated as part of user-configured automations.

When acting as data processor, Revyra processes this data solely on your documented instructions, solely for the purpose of providing the Service, and in accordance with the terms of this policy and our Terms of Service.

You, as the user, are the data controller for all recipient and contact data you process through the Service. You are solely responsible for:

  • having a valid legal basis to process your recipients' personal data;
  • ensuring that recipients have provided appropriate consent for the communications you send;
  • complying with all applicable data protection laws (including GDPR, CCPA/CPRA, and others).

3.3 Data Processing Agreement (GDPR — EU Users)

For users subject to the EU General Data Protection Regulation (GDPR), this Privacy Policy — together with the Terms of Service — constitutes the data processing agreement (DPA) between you (as data controller) and Revyra (as data processor), as required by Article 28 GDPR.

In this capacity, Revyra commits to:

  • process personal data only on your documented instructions;
  • ensure that authorized personnel are bound by confidentiality obligations;
  • implement appropriate technical and organizational security measures (Article 32 GDPR);
  • not engage sub-processors without general or specific authorization (the sub-processors listed in Section 7 of this policy constitute your general written authorization, which you grant by using the Service); Revyra will notify you of any intended addition or replacement of sub-processors via the notification mechanism described in Section 15, giving you a reasonable opportunity to object before such changes take effect;
  • assist you, to the extent reasonably possible, in responding to data subject rights requests;
  • notify you without undue delay if Revyra becomes aware of a personal data breach affecting your data;
  • delete or return all personal data upon termination of the Service relationship, in accordance with Section 9 of this policy;
  • make available to you, upon reasonable written request, the information necessary to demonstrate compliance with Article 28 GDPR.

If you require a separately executed, standalone DPA for your compliance program, please contact privacy@revyra.app.

4. Data We Collect

4.1 Account and Website Data

When you create an account or use the Service, we collect:

  • email address;
  • name (if provided);
  • authentication credentials and session tokens;
  • service settings, preferences, and configuration data;
  • technical logs (timestamps, IP addresses, device identifiers, browser type);
  • billing data, managed by Stripe (Revyra does not store full card details).

4.2 Google Calendar Data

If you connect Google Calendar, Revyra accesses your Google account data via the Google API in read-only mode, using the following OAuth scopes:

  • https://www.googleapis.com/auth/calendar.calendarlist.readonly
  • https://www.googleapis.com/auth/calendar.events.readonly

Data accessed may include:

  • calendar identifiers and names;
  • event identifiers, titles, descriptions, and locations;
  • start and end dates and times;
  • time zone information;
  • attendees listed in the event, if present and provided by Google.

OAuth Tokens: To maintain the connection, Revyra stores OAuth access tokens and refresh tokens, along with technical webhook identifiers. These are stored securely, encrypted, and are never exposed publicly.

Local Storage: To provide the Service — including displaying your schedule and computing follow-up triggers — Revyra may copy and store a subset of calendar event data in your Revyra account.

4.3 Recipient and Contact Data

If you use email or SMS follow-up features, you may upload or configure data relating to your own clients or contacts, including:

  • name;
  • email address;
  • phone number (required if SMS is enabled);
  • sending status, delivery timestamps, and delivery error logs.

This data is processed by Revyra as a data processor on your behalf. You are solely responsible for the lawfulness of processing this data and for ensuring recipients have provided the required consents for your communications.

Phone numbers processed for SMS purposes may be transmitted to Twilio for message delivery. See Section 7 for details on sub-processors.

4.4 Usage, Logs, and Metrics

We collect operational data to maintain and secure the Service, including:

  • automation execution logs and trigger histories;
  • message delivery status (sent, delivered, failed, bounced);
  • optional open/click tracking events, if enabled by the user;
  • anti-abuse signals and rate-limiting data;
  • error logs and performance metrics.

4.5 Cookies and Analytics

The Revyra website and application may use cookies and similar tracking technologies for:

  • authentication and session management (strictly necessary);
  • security and anti-bot protection;
  • basic analytics and performance monitoring (e.g., page views, session duration).

You may be able to control cookie usage through your browser settings. Strictly necessary cookies cannot be disabled without affecting the functionality of the Service.

We do not use cookies for behavioral advertising or cross-site tracking. Revyra does not sell personal data.

4.6 Support Communications

If you contact us for support, we may process the content of your messages, any attached files or screenshots, and related technical information (such as account identifiers and logs) necessary to resolve your request.

5. How We Use Your Data

We process data for the following purposes and on the following legal bases:

PurposeLegal Basis
Providing and operating the ServicePerformance of contract (Art. 6(1)(b) GDPR)
Calendar synchronization and automation triggersPerformance of contract
Sending follow-up communications per your configurationPerformance of contract / Your instructions as controller
Billing and payment processingPerformance of contract; legal obligation
Security, fraud prevention, and anti-abuseLegitimate interests (Art. 6(1)(f) GDPR)
Customer supportPerformance of contract; legitimate interests
Service analytics and improvementLegitimate interests
Compliance with legal obligationsLegal obligation (Art. 6(1)(c) GDPR)

We do not use your data for advertising, and we do not sell personal data to third parties.

6. Communications Sent Through the Service — Important Notice

Revyra provides technical infrastructure for email and SMS communications configured by users. Revyra does not:

  • determine who receives follow-up messages;
  • review or approve message content;
  • verify whether recipients have consented to receive communications.

Users are the data controllers for all recipient communications and are solely responsible for:

  • selecting recipients;
  • obtaining and documenting the required consents from each recipient before sending;
  • ensuring that email communications comply with applicable laws (CAN-SPAM, CASL, GDPR/ePrivacy, etc.);
  • ensuring that SMS communications comply with applicable laws (TCPA, CTIA guidelines, carrier requirements, etc.);
  • the content, frequency, and nature of all messages sent through the Service.

For SMS communications sent to US recipients, users are solely responsible for obtaining prior express written consent as required by the TCPA, honoring opt-out requests promptly, and complying with all applicable sending-hour restrictions.

Revyra strongly recommends using manual validation and recipient filtering features to control outgoing communications before enabling automated sending.

7. Sub-Processors and Third-Party Service Providers

To provide the Service, Revyra shares data with the following trusted sub-processors, each acting on Revyra's instructions:

ProviderRoleLocation
SupabaseDatabase and authenticationUSA / EU
VercelFrontend hosting and CDNUSA / Global
Google APIsCalendar synchronizationUSA
ScalewayEmail delivery infrastructureFrance / EU
TwilioSMS delivery (where enabled)USA
StripePayment processingUSA / EU

Data transmitted to Twilio: When SMS features are enabled, recipient phone numbers, message content, and delivery metadata are transmitted to Twilio for message delivery. Twilio processes this data in accordance with its own privacy policy and data processing terms. Twilio is headquartered in the United States.

Data transmitted to Scaleway: When email features are enabled, recipient email addresses, message content, and delivery metadata are transmitted to Scaleway for message delivery. Scaleway is headquartered in France and processes data within the EU.

Revyra does not authorize sub-processors to use your data for any purpose other than providing the Service.

Revyra does not sell personal data.

Where sub-processors are located outside the EU/EEA, data transfers are conducted under appropriate safeguards (see Section 11).

8. Google API Services — Limited Use Commitment

Revyra's use of information received from Google APIs complies with the Google API Services User Data Policy, including the Limited Use requirements.

Specifically:

  • Google user data is used only to provide and improve user-visible features of the Service (calendar synchronization and follow-up trigger computation);
  • Google user data is not used for advertising purposes;
  • Google user data is not transferred to third parties for advertising;
  • Google user data is not used to train generalized artificial intelligence or machine learning models;
  • Google user data is not sold or resold to any third party.

Access to Google Calendar data is limited to read-only scopes strictly necessary for the Service to function.

9. Data Retention

We retain personal data only as long as necessary for the purposes described in this policy, or as required by applicable law.

Data CategoryRetention Period
Account dataDuration of active account, then deleted within 30 days of account closure
Google Calendar sync dataWhile account is active; deleted upon calendar disconnection or account closure
Recipient and contact dataWhile account is active; deleted within 30 days of account closure or upon your request
Automation execution logsWhile account is active; deleted upon account closure
Message delivery logsUp to 12 months, or as configured
Security and technical logsUp to 24 months
Billing records10 years from the close of the fiscal year (Article L123-22 French Commercial Code); additionally subject to 6-year fiscal inspection period (Article L. 102 B LPF)
Support communicationsUp to 3 years after resolution

You may request deletion of your data at any time by contacting privacy@revyra.app or via account settings.

10. Security

Revyra implements reasonable and appropriate technical and organizational measures to protect personal data against unauthorized access, loss, destruction, or alteration, including:

  • encryption in transit using TLS for all data transfers;
  • encryption at rest for sensitive credentials (OAuth tokens, API keys);
  • access controls and least-privilege principles for internal access;
  • logical account isolation to prevent cross-account data access;
  • monitoring, logging, and automated alerting for security events;
  • regular backups of critical data.

No system is completely secure. Revyra cannot guarantee absolute security of data transmitted over the internet.

10.1 Data Breach Notification

In the event of a personal data breach affecting your data, Revyra will:

  • notify affected users without undue delay after becoming aware of the breach, and in any case within the timeframe required by applicable law;
  • for EU users: notify the relevant supervisory authority (CNIL or other competent authority) within 72 hours of becoming aware of the breach, where required by Article 33 GDPR;
  • provide you with sufficient information to meet your own notification obligations toward your data subjects, where applicable.

Notifications will be sent to the email address associated with your Revyra account.

11. International Data Transfers

Revyra is operated from France (EU). Some of the sub-processors listed in Section 7 are located in the United States or other countries outside the EU/EEA.

When personal data is transferred outside the EU/EEA, Revyra ensures that appropriate safeguards are in place, in accordance with Chapter V of the GDPR, including:

  • Standard Contractual Clauses (SCCs) adopted by the European Commission, where applicable;
  • reliance on sub-processors that have implemented recognized compliance frameworks (e.g., EU-US Data Privacy Framework, Binding Corporate Rules, or equivalent).

By using the Service, you acknowledge that your personal data may be transferred to the sub-processors listed in Section 7, and that such transfers take place under the safeguards described above.

12. Your Choices and Controls

You have the following controls over your data at any time:

  • Disconnect Google Calendar from your Revyra account settings — this immediately stops synchronization. Calendar data previously stored may remain in your account until you delete it or close your account.
  • Revoke Google OAuth access directly from your Google account settings at https://myaccount.google.com/permissions.
  • Delete recipient data from your Revyra account at any time.
  • Request account deletion by contacting support@revyra.app — your account and associated data will be deleted within 30 days.
  • Export your data by contacting privacy@revyra.app.

13. Your Rights

Depending on your location, you may have specific rights regarding your personal data. We respond to all verified requests within the timeframes required by applicable law.

13.1 EU / EEA Users (GDPR)

Under the GDPR, you have the right to:

  • Access the personal data we hold about you;
  • Rectification of inaccurate or incomplete data;
  • Erasure ("right to be forgotten"), subject to legal retention obligations;
  • Restriction of processing in certain circumstances;
  • Data portability — receive your data in a structured, commonly used, machine-readable format;
  • Object to processing based on legitimate interests;
  • Withdraw consent at any time, without affecting the lawfulness of prior processing.

You also have the right to lodge a complaint with your local data protection authority. In France, this is the CNIL (Commission Nationale de l'Informatique et des Libertés): www.cnil.fr.

13.2 California Residents (CCPA / CPRA)

The California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), applies to businesses that meet specific thresholds (annual gross revenue above $26.625 million, personal data of 100,000+ consumers, or 50%+ revenue from selling consumer data). Revyra does not currently meet these thresholds.

However, Revyra voluntarily extends the following rights to California residents:

  • Right to know what categories of personal data we collect and how we use it;
  • Right to access specific pieces of personal data we hold about you;
  • Right to delete your personal data, subject to applicable exceptions;
  • Right to correct inaccurate personal data;
  • Right to opt out of the sale of personal data — Revyra does not sell personal data.

To exercise these rights, contact privacy@revyra.app.

13.3 All Users

To exercise any of the rights described above, contact: privacy@revyra.app

We will respond within 30 days (or within the shorter period required by applicable law). We may need to verify your identity before processing your request.

14. Children

The Service is intended exclusively for professional and business use. It is not directed at, and we do not knowingly collect personal data from, children under 13 years of age (or the applicable minimum age in your jurisdiction).

If we become aware that we have collected personal data from a child without verified parental consent, we will delete it promptly.

15. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes to the Service, applicable law, or our data practices.

When we make material changes, we will notify you by email or through an in-app notice prior to the change taking effect. The updated policy will always be available at https://www.revyra.app/privacy.

Continued use of the Service after the effective date of any update constitutes your acceptance of the revised policy.

16. Contact

For any questions, requests, or concerns regarding this Privacy Policy or your personal data:

privacy@revyra.app

Revyra — Clément Antoine Robert COMBIS 5 Rue Albert Perdreaud, 92370 Chaville, France

© 2026 Revyra. All rights reserved.