Privacy Policy

This privacy policy explains how personal data is processed when you visit revelflow.com or use the Revelflow shopping assistant service.

1. Data controller and contact

The data controller responsible for processing personal data in connection with this website is:

EVYNTRA SRL
VAT: RO53935796
Bucharest, Romania
Primary contact email: hello@revelflow.com

EVYNTRA SRL operates the Revelflow service. For questions about this privacy policy or personal data processing, you can reach out via email.

2. Types of data we process

In the context of operating revelflow.com, we may process the following categories of data:

  • Technical usage data: IP address, date and time of access, requested URL, HTTP status codes, user-agent information and basic device information, as contained in standard server logs.
  • Chat input and responses: the messages you send, as well as the AI-generated responses and any product recommendations shown.
  • Session data: anonymous session identifiers used for rate limiting and continuity within a browsing session. No account creation is required.
  • Interaction data: information about how you use the service (for example, shopping queries, navigation events and error messages).
  • Communication data: if you contact us by email, we will process the content of your message and your contact details.

3. Purposes and legal bases

We process data for the following purposes:

  • Providing the service: to generate shopping recommendations and product research based on your input, operate the website and deliver core functionality. Legal basis: performance of a contract or pre-contractual measures where applicable (Art. 6(1)(b) GDPR) and legitimate interests (Art. 6(1)(f) GDPR) in providing an online service.
  • Security and stability: to detect misuse, enforce rate limiting, ensure availability and prevent attacks on the infrastructure. Legal basis: legitimate interests (Art. 6(1)(f) GDPR).
  • Improvement and diagnostics: to analyse errors, refine AI prompts and improve service quality at a high level. Legal basis: legitimate interests (Art. 6(1)(f) GDPR).
  • Communication: to handle support requests or other inquiries sent to hello@revelflow.com. Legal basis: legitimate interests (Art. 6(1)(f) GDPR) and, where applicable, performance of a contract (Art. 6(1)(b) GDPR).

4. Use of AI infrastructure and processors

The service relies on third-party infrastructure providers to operate core features, including AI generation and website hosting. When you submit a chat message, the message content and related technical request data may be transmitted to these providers to generate a response and run the service.

These providers may include hosting partners, analytics providers and AI service providers such as OpenAI, depending on the relevant processing activity. Where required, appropriate data processing agreements and safeguards are used.

We do not intentionally publish your chat messages or generated outputs. Data is processed only to the extent needed to operate, secure and improve the service.

5. Affiliate links and third-party stores

The service may display links to third-party stores and merchants. These are affiliate links, meaning we may receive a commission if you make a purchase through them. Clicking on an affiliate link will redirect you to the third-party store's website, which has its own privacy policy.

We do not control and are not responsible for the privacy practices of these third-party websites.

6. Storage periods

We retain personal data only for as long as it is required for the relevant purpose, or as long as storage is required by law.

  • Server log data is generally kept for a short retention period and then deleted or anonymised.
  • Chat messages are processed in real-time and not permanently stored on our servers. Session data is held in memory only and cleared periodically.
  • Communication data is stored for as long as the underlying issue remains relevant and for reasonable retention thereafter.

7. Cookies and similar technologies

The website uses a session cookie to maintain service continuity and enforce rate limiting. This cookie contains only an anonymous session identifier and does not track you across websites.

The website may also use analytics technologies such as Google Analytics to understand traffic and improve the service. Depending on the visitor's location and the applicable legal requirements, analytics tools may rely on cookies or similar identifiers.

8. Data sharing and recipients

We may share data with the following categories of recipients where relevant:

  • Hosting and infrastructure providers
  • AI service providers (for chat processing and response generation)
  • Analytics providers
  • Security and monitoring providers, where required to secure the service
  • Legal advisors and authorities, where we are legally obliged to do so

Data is only shared to the extent necessary, based on clear contracts and with appropriate safeguards.

9. International data transfers

Some service providers may be located outside the European Economic Area (EEA). In such cases, we rely on adequacy decisions, standard contractual clauses or equivalent safeguards to ensure that your data remains protected according to applicable data protection standards.

10. Your rights

Subject to the legal requirements, you have the following rights in relation to your personal data:

  • Right of access (information about which data we process about you)
  • Right to rectification (correction of inaccurate data)
  • Right to erasure (“right to be forgotten”)
  • Right to restriction of processing
  • Right to data portability
  • Right to object to processing based on legitimate interests

To exercise these rights, you can contact us at hello@revelflow.com. We may need to verify your identity before handling your request.

You also have the right to lodge a complaint with a data protection supervisory authority. For users in Romania, this is generally the National Supervisory Authority for Personal Data Processing (ANSPDCP).

11. Changes to this policy

EVYNTRA SRL may update this privacy policy from time to time to reflect changes in the service, in applicable law or in the underlying infrastructure. The latest version will always be available on this page.

Material changes will be highlighted in a way that makes them reasonably visible to returning users.