Aller au contenu

Privacy Policy

Last updated: March 23, 2025

1. Data Controller

The data controller for information collected on reavo.co and the Reavo platform is:

  • SARL Lux Studio
  • 24 avenue de la Gare, 69580 Sathonay-Camp, France
  • Registered with the Lyon Trade and Companies Register under no. 994 423 127
  • Email: contact@reavo.co

2. Data Collected

2.1 Data Provided by the User

During registration and use of the Service, we collect:

  • First and last name
  • Email address
  • Company name
  • Billing address
  • Payment data (processed by Stripe, our secure payment provider)

2.2 Automatically Collected Data

During Website browsing, we may collect:

  • IP address
  • Browser type and operating system
  • Pages visited and visit duration
  • Cookie and analytics tracker data

2.3 Prospect Data

As part of the Service, Reavo collects professional contact data (names, professional emails, phone numbers, job titles) from publicly accessible sources: company websites, professional directories, professional social networks, and public registries.

3. Purposes of Processing

Personal data is processed for the following purposes:

  • Contract performance (Art. 6.1.b GDPR): account creation and management, Service delivery, billing, customer support
  • Legitimate interest (Art. 6.1.f GDPR): Service improvement, fraud prevention, platform security, usage statistics
  • Legal obligation (Art. 6.1.c GDPR): invoice retention, tax compliance
  • Consent (Art. 6.1.a GDPR): marketing communications (newsletters, product updates)

4. Email Account Connection

To enable the sending of prospecting emails from your mailbox, Reavo uses the following secure authentication protocols:

  • Google OAuth 2.0 (Gmail API): to connect your Gmail or Google Workspace account
  • Microsoft OAuth 2.0 (Microsoft Graph API): to connect your Outlook or Microsoft 365 account

By connecting your email account, you authorize Reavo to send emails on your behalf via official Google or Microsoft APIs. Reavo never has access to your password. Authorization can be revoked at any time from the security settings of your Google or Microsoft account.

Reavo only accesses the permissions necessary for sending emails and tracking responses. Reavo does not read, analyze, or store the content of your personal emails.

5. Sub-processors and Data Recipients

Your data may be processed by the following sub-processors:

  • Supabase (database): storage of account data and Prospect Data, hosted on European servers (AWS EU)
  • Vercel (hosting): website and application hosting, European servers (AWS EU)
  • Stripe (payment): secure payment processing (PCI-DSS certified)
  • Google (Gmail API): email sending via Gmail/Google Workspace accounts connected by the User
  • Microsoft (Microsoft Graph API): email sending via Outlook/Microsoft 365 accounts connected by the User
  • Artificial intelligence providers (OpenAI, Anthropic, Mistral, or any other provider): content generation and AI features of the Service. The AI provider(s) used may be changed at any time to improve Service quality.

We never sell, rent, or transfer your personal data to third parties for commercial purposes. Data sharing is limited to what is strictly necessary for the operation of the Service.

6. Transfers Outside the EU

Our main providers (Supabase, Vercel) host data on servers located in the European Union (AWS EU). Some providers (Stripe, AI providers, Google, Microsoft) may process data in the United States. These transfers are governed by appropriate safeguards in accordance with the GDPR, including the European Commission's Standard Contractual Clauses (SCCs) and the EU-US Data Privacy Framework.

7. Data Retention

  • Account data: retained for the duration of the subscription, then deleted within 30 days after account closure
  • Billing data: retained for 10 years in accordance with legal accounting obligations
  • Browsing data: retained for a maximum of 13 months (CNIL recommendation)
  • Prospect Data: data collected through the Service is deleted upon account closure, within 30 days

8. Cookies

8.1 Strictly Necessary Cookies

These cookies are essential for Website operation (authentication, security). They do not require your consent.

8.2 Analytics Cookies

We use audience measurement tools to track Website traffic and improve user experience. These cookies are only placed with your consent.

8.3 Preference Management

You can change your cookie preferences at any time through your browser settings or via the consent banner displayed on the Website.

9. Your Rights

Under the GDPR, you have the following rights:

  • Right of access: obtain confirmation that your data is being processed and receive a copy
  • Right to rectification: correct inaccurate or incomplete data
  • Right to erasure: request deletion of your data under the conditions provided by law
  • Right to restriction: request restriction of processing in certain cases
  • Right to portability: receive your data in a structured and commonly used format
  • Right to object: object to the processing of your data on legitimate grounds
  • Right to withdraw consent: at any time for processing based on consent

To exercise these rights, contact us at: contact@reavo.co. We commit to responding within one month.

If you encounter any difficulties, you may file a complaint with the CNIL (French data protection authority): www.cnil.fr.

10. Security

Reavo implements appropriate technical and organizational measures to protect your data against unauthorized access, loss, alteration, or disclosure. Connections are encrypted via HTTPS, payment data is processed by Stripe (PCI-DSS certified), and data access is restricted to authorized personnel.

11. Data Breach

In the event of a data breach likely to result in a high risk to your rights and freedoms, Reavo commits to notifying you as soon as possible and no later than 72 hours after discovering the incident, in accordance with Articles 33 and 34 of the GDPR.

12. Modifications

We reserve the right to modify this policy. In case of a substantial modification, we will inform you by email or through the Service. The date of last update is indicated at the top of this page.

13. Contact

For any questions regarding this privacy policy or your personal data: contact@reavo.co