Privacy Policy
Last updated: May 29, 2026
1. Data Controller
The data controller for information collected on reavo.co and the Reavo platform is:
- Reavo, a French simplified joint-stock company (SAS)
- Share capital: €200.00
- Registered office: 9 Rue de l'Herberie, 01600 Trevoux, France
- Registered with the Bourg-en-Bresse Trade and Companies Register under no. 105 455 240
- EUID: FR0101.105455240
- Email: contact@reavo.co
2. Data Collected
2.1 Data Provided by the User
During registration and use of the Service, we collect:
- First and last name
- Email address
- Company name
- Billing address
- Payment data (processed by Stripe, our secure payment provider)
2.2 Automatically Collected Data
During Website browsing, we may collect:
- IP address
- Browser type and operating system
- Pages visited and visit duration
- Cookie and analytics tracker data
2.3 Prospect Data
As part of the Service, Reavo collects professional contact data (names, professional emails, phone numbers, job titles) from publicly accessible sources: company websites, professional directories, professional social networks, and public registries.
3. Purposes of Processing
Personal data is processed for the following purposes:
- Contract performance (Art. 6.1.b GDPR): account creation and management, Service delivery, billing, customer support
- Legitimate interest (Art. 6.1.f GDPR): Service improvement, fraud prevention, platform security, usage statistics
- Legal obligation (Art. 6.1.c GDPR): invoice retention, tax compliance
- Consent (Art. 6.1.a GDPR): marketing communications (newsletters, product updates)
4. Dedicated Professional Mailbox
To enable the sending of prospecting emails, Reavo sets up a dedicated professional mailbox hosted under your own domain name (for example: firstname.lastname@yourdomain.com). This mailbox is created and administered by Reavo on behalf of the User.
- Technical setup: Reavo handles the configuration of the required DNS records (SPF, DKIM, DMARC) to ensure deliverability and authentication of outgoing emails.
- Hosting: the mailbox is hosted with a professional European email hosting provider.
- Access: Reavo holds administrative access to the mailbox to send campaigns, receive replies, and monitor deliverability. The User can view sent and received messages from their Reavo workspace.
- Main domain: the User's main domain is not used to send campaigns. Only the DNS records required by the dedicated mailbox are configured.
The dedicated mailbox is closed upon termination of the subscription, under the conditions set out in section 7.
5. Sub-processors and Data Recipients
Your data may be processed by the following sub-processors:
- Supabase (database): storage of account data and Prospect Data, hosted on European servers (AWS EU)
- Vercel (hosting): website and application hosting, European servers (AWS EU)
- Stripe (payment): secure payment processing (PCI-DSS certified)
- Professional email hosting provider: hosting and operation of the dedicated mailbox configured by Reavo, European servers
- Artificial intelligence providers (OpenAI, Anthropic, Mistral, or any other provider): content generation and AI features of the Service. The AI provider(s) used may be changed at any time to improve Service quality.
We never sell, rent, or transfer your personal data to third parties for commercial purposes. Data sharing is limited to what is strictly necessary for the operation of the Service.
6. Transfers Outside the EU
Our main providers (Supabase, Vercel, email hosting) host data on servers located in the European Union. Some providers (Stripe, AI providers) may process data in the United States. These transfers are governed by appropriate safeguards in accordance with the GDPR, including the European Commission's Standard Contractual Clauses (SCCs) and the EU-US Data Privacy Framework.
7. Data Retention
- Account data: retained for the duration of the subscription, then deleted within 30 days after account closure
- Billing data: retained for 10 years in accordance with legal accounting obligations
- Browsing data: retained for a maximum of 13 months (CNIL recommendation)
- Prospect Data: data collected through the Service is deleted upon account closure, within 30 days
8. Cookies
8.1 Strictly Necessary Cookies
Reavo only uses cookies strictly necessary for the operation of the Website and the application: maintaining the login session, security, and local storage of application data (user preferences, interface state). These cookies do not require your consent in accordance with Article 82 of the French Data Protection Act.
8.2 No Third-Party Cookies
Reavo does not place any advertising, profiling, or third-party tracking cookies. No browsing data is shared with advertising networks.
8.3 Preference Management
A consent banner allows you to accept or refuse non-essential cookies (where applicable) through a "Refuse" button displayed at the same level as the "Accept" button. You can also change your preferences at any time through your browser settings.
9. Your Rights
Under the GDPR, you have the following rights:
- Right of access: obtain confirmation that your data is being processed and receive a copy
- Right to rectification: correct inaccurate or incomplete data
- Right to erasure: request deletion of your data under the conditions provided by law
- Right to restriction: request restriction of processing in certain cases
- Right to portability: receive your data in a structured and commonly used format
- Right to object: object to the processing of your data on legitimate grounds
- Right to withdraw consent: at any time for processing based on consent
To exercise these rights, contact us at: contact@reavo.co. We commit to responding within one month.
If you encounter any difficulties, you may file a complaint with the CNIL (French data protection authority): www.cnil.fr.
10. Security
Reavo implements appropriate technical and organizational measures to protect your data against unauthorized access, loss, alteration, or disclosure. Connections are encrypted via HTTPS, payment data is processed by Stripe (PCI-DSS certified), and data access is restricted to authorized personnel.
11. Data Breach
In the event of a data breach likely to result in a high risk to your rights and freedoms, Reavo commits to notifying you as soon as possible and no later than 72 hours after discovering the incident, in accordance with Articles 33 and 34 of the GDPR.
12. Modifications
We reserve the right to modify this policy. In case of a substantial modification, we will inform you by email or through the Service. The date of last update is indicated at the top of this page.
13. Contact
For any questions regarding this privacy policy or your personal data: contact@reavo.co