Salt la conținutul principal

Politica de Confidențialitate

PRIVACY POLICY

Effective Date: 30.04.2026 Last Updated: 30.04.2026

This Privacy Policy explains how REVINO TECHNOLOGIES S.R.L. ("Revino", "we", "us", or "our") collects, uses, stores, and protects personal data in connection with the Revino platform and related services.

1. Who We Are

REVINO TECHNOLOGIES S.R.L. is a company incorporated and registered in Romania.

Registered office: București, Sector 2, Bulevardul Basarabia nr. 86, Bl. A3, Scara A, Etaj 1, Ap. 1

Unique Registration Code (CUI): 54581611 Trade Register No.: J2026028285009 EUID: ROONRC.J2026028285009

Email: support@revino-app.com

For the purposes of EU data protection law, including the General Data Protection Regulation (GDPR):

- Your business acts as the Data Controller with respect to your customers’ personal data processed through the platform - Revino acts as a Data Processor on your behalf for such customer data - For data relating to your own account, subscription, billing, security, and use of the platform, Revino acts as an independent Data Controller

2. Categories of Data We Process

A. Account Data (Controller role)

We may collect and process:

- Name - Business name - Email address - Phone number - Billing and subscription information - Login credentials and authentication identifiers - Account role and organization membership details

Legal basis: - Performance of a contract - Compliance with legal obligations - Legitimate interests in account security and service administration

B. Customer, Appointment, CRM, Form, Media and Communication Data (Processor role)

On behalf of our business Clients, we may process:

- Client names - Phone numbers - Email addresses - Appointment details - Service information - Communication history, including WhatsApp or other messaging conversations - Appointment notes entered by the Client - Digital form submissions - Signed consent forms and other electronically signed documents - Media files, images, and documents uploaded to customer profiles - Signature audit trail metadata, including timestamps, IP addresses, device metadata, user-agent strings, and cryptographic hashes or equivalent integrity data

Legal basis: This data is processed solely under the instructions of the Client acting as Data Controller.

Revino does not independently determine the purposes of processing such customer data.

C. Integration Data

When you connect third-party services, we may process:

- OAuth tokens and refresh tokens - WhatsApp Business Account identifiers - Messaging account metadata - Integration configuration data - Webhook-related technical identifiers

Legal basis: - Performance of a contract - Legitimate interests in maintaining secure and functional integrations

D. Technical, Usage, and Security Data

We may collect and process:

- IP addresses - Device and browser information - Operating system details - Session metadata - Log files - Error reports - Audit trail data - Security-related metadata - Platform usage events and diagnostics

Legal basis: - Legitimate interests in security, fraud prevention, platform stability, debugging, and service improvement - Performance of a contract where technically necessary to provide the platform

3. Sensitive Data Notice

Revino is not designed to function as a medical records system or as a repository for regulated medical records.

If a Client enters health-related or other sensitive personal data into appointment notes, messages, forms, uploaded documents, or media files:

- Such processing occurs solely under the responsibility of the Client as Data Controller - The Client must ensure that it has an appropriate legal basis and complies with applicable GDPR and sector-specific confidentiality obligations - Revino does not process such data for its own independent purposes except as necessary to provide the Service on the Client’s behalf

4. How We Use Data

We use personal data, depending on our role, to:

- Provide, operate, and maintain the platform - Create and manage user accounts and organizations - Facilitate appointment scheduling and customer management - Enable messaging, automation, and AI-assisted functionality - Provide customer support - Maintain security, detect abuse, and prevent fraud - Process subscriptions, invoices, and payments - Monitor performance, fix bugs, and improve service reliability - Comply with legal and regulatory obligations

We do not sell personal data.

5. AI Processing

Certain messages, prompts, and communication content may be processed through AI service providers to generate automated responses, summaries, suggestions, or workflow outputs.

Such processing is performed only as necessary to provide the functionality requested by the Client.

AI-generated outputs may be incomplete, inaccurate, or inappropriate in some cases. Clients remain responsible for reviewing, configuring, and supervising the use of AI-generated content in their communications and workflows.

Where OpenAI or another AI provider is used, such provider acts as a sub-processor or service provider, depending on the context of processing.

We do not use customer conversations submitted through the platform to train public AI models unless explicitly stated otherwise and lawfully authorized.

6. Sub-Processors and Service Providers

We use trusted third-party providers to operate the platform and deliver related services. These may include, depending on the features used:

- Supabase (hosting, database, authentication, storage) - Vercel (application hosting and delivery) - Meta Platforms (WhatsApp Business API) - Twilio or similar messaging providers - Stripe or other payment processors - OpenAI or other AI providers - Email delivery and infrastructure providers - Monitoring, logging, and error reporting providers

These providers may process personal data only on our documented instructions, under contractual confidentiality and data protection obligations, or under their own legal terms where they act as independent providers.

7. International Data Transfers

Some service providers may process data outside the European Economic Area (EEA).

Where personal data is transferred outside the EEA, we seek to ensure that appropriate safeguards are in place, such as:

- Standard Contractual Clauses approved by the European Commission - Adequacy decisions - Other lawful transfer mechanisms recognized under applicable data protection law

8. Data Retention

We retain personal data only for as long as necessary for the purposes described in this Privacy Policy, unless a longer retention period is required by law.

In general:

- Account data is retained for the duration of the subscription and for a reasonable period thereafter for legal, tax, security, and support purposes - Customer data is retained in accordance with the Client’s instructions and account settings - Billing and accounting records are retained as required by Romanian law - Logs, diagnostics, and security records are retained for limited periods proportionate to fraud prevention, incident response, and platform reliability needs

Upon termination of an account or deletion request, data may be deleted after a reasonable retention period unless continued retention is required by law, necessary for the establishment or defense of legal claims, or justified by overriding legitimate interests such as security and fraud prevention.

9. Security Measures

We implement appropriate technical and organizational measures designed to protect personal data, including, where applicable:

- Encrypted transmission via HTTPS/TLS - Role-based access controls - Authentication and session security - Logical segregation of organizational data - Secure EU-based infrastructure where applicable - Private storage controls for uploaded files - Audit logging and access monitoring - Cryptographic hashing or similar integrity controls for electronically signed documents

However, no method of transmission or storage is completely secure, and we cannot guarantee absolute security.

10. Your Rights Under GDPR

If Revino acts as Data Controller for your personal data, you may have the following rights, subject to applicable law:

- Right of access - Right to rectification - Right to erasure - Right to restriction of processing - Right to data portability - Right to object, where processing is based on legitimate interests - Right to lodge a complaint with the Romanian supervisory authority (ANSPDCP) or another competent supervisory authority

If you are an end customer of one of our business Clients, that business is usually the Data Controller of your data. In such cases, you should contact that business directly to exercise your rights.

11. Data Deletion Requests

If you are an account owner or authorized representative of a Client organization, you may request deletion of your account or organization data by contacting us at support@revino-app.com.

If the platform offers self-service deletion tools, such deletion may be available directly from within the application interface. Where such functionality is available, deletion may be irreversible and may result in the permanent removal of organization data, including customer records, appointments, forms, files, and integration settings.

We may retain certain information where required by law, for legitimate security purposes, or for the establishment, exercise, or defense of legal claims.

Third-party integrations may also be disconnected by the Client through available platform settings, where supported.

12. Cookies and Similar Technologies

The platform and website may use cookies, local storage, and similar technologies necessary for authentication, security, functionality, analytics, and performance.

Where required by law, we will request consent before using non-essential cookies or similar technologies.

Additional details may be provided in a separate Cookie Policy or cookie banner.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time.

If we make material changes, we may notify users through the platform, by email, or by other reasonable means.

The “Last Updated” date at the top of this Privacy Policy indicates when this version became effective.

14. Contact

If you have questions about this Privacy Policy or about how personal data is processed, you may contact us at:

support@revino-app.com

REVINO TECHNOLOGIES S.R.L. București, Sector 2, Bulevardul Basarabia nr. 86, Bl. A3, Scara A, Etaj 1, Ap. 1 Romania