Salt la conținutul principal

Politica de Confidențialitate

PRIVACY POLICY

Effective Date: 27.02.2026 Last Updated: 27.02.2026

This Privacy Policy describes how the Revino Platform team collects, uses, and protects personal data when providing the Revino platform.

1. Who We Are Revino Platform (Formal corporate entity details pending update upon official registration in Romania). Email: support@revino-app.com

For the purposes of EU data protection law (GDPR):

Your business is the Data Controller regarding your customers’ data.

Revino acts as a Data Processor on your behalf.

For your own account data (e.g., login details), Revino acts as Data Controller.

2. Categories of Data We Process A. Account Data (Controller role)

We collect:

Name

Business name

Email address

Phone number

Billing information

Login credentials (via Supabase authentication)

Legal basis: performance of contract.

B. Customer & Appointment Data (Processor role)

We process on your behalf:

Client names

Phone numbers

Appointment details

Service information

Communication history (including WhatsApp conversations)

Appointment notes (which may contain health-related information if entered by you)

Legal basis: processing under your instructions as Data Controller.

Revino does not independently determine the purpose of processing your customers' data.

Digital form submissions and signed consent documents

Media files, images, and documents uploaded by you to a customer profile

Signature audit trail metadata (including cryptographic hashes, signing timestamps, IP addresses, and device User-Agent strings) used strictly to ensure document integrity

C. Integration Data

When connecting third-party services, we process:

OAuth tokens

WhatsApp Business Account ID

Messaging metadata

Legal basis: performance of contract.

D. Technical & Usage Data

We may collect:

IP address

Device information

Log files

Error reports

Security-related metadata

Legal basis: legitimate interest (security and service stability).

3. Sensitive Data Notice

Revino is not designed to function as a medical records system.

If users enter health-related information into appointment notes or communications:

Such processing occurs solely under the Client’s responsibility.

The Client must ensure compliance with GDPR and applicable medical confidentiality regulations.

Revino does not analyze or use health data for independent purposes.

4. How We Use Data

We process personal data to:

Provide and maintain the platform

Facilitate appointment scheduling

Enable AI-generated responses

Provide customer support

Ensure security and fraud prevention

Process subscription payments

We do not sell personal data.

5. AI Processing (OpenAI)

Messages may be processed via OpenAI’s API to generate automated responses.

Data is processed only for generating responses.

We do not use conversations to train public AI models.

OpenAI acts as a sub-processor.

AI responses are automated and may not always be accurate.

6. Sub-Processors & Infrastructure

We use trusted service providers, including:

Supabase (EU – Frankfurt region)

Vercel (EU infrastructure where applicable)

Meta Platforms (WhatsApp Business API)

Stripe (payment processing)

OpenAI (AI processing)

Some providers may process data outside the European Economic Area under appropriate safeguards (e.g., Standard Contractual Clauses).

We ensure contractual data protection obligations with all sub-processors.

7. International Data Transfers

Where data is transferred outside the EEA, we rely on:

Standard Contractual Clauses (SCCs)

Adequacy decisions

Contractual safeguards

8. Data Retention

We retain:

Account data for the duration of the subscription

Customer data as instructed by the Client

Billing data as required by Romanian accounting law

Security logs for limited periods for fraud prevention

Upon account termination:

Data may be deleted after a reasonable retention period unless legal obligations require longer storage.

9. Security Measures

We implement:

Encrypted data transmission (HTTPS/TLS)

Access controls

Role-based permissions

Infrastructure hosted in secure EU data centers

Secure authentication via Supabase

No system can guarantee absolute security.

Cryptographic hashing (SHA-256) of signed digital documents to ensure data integrity and prevent post-signature tampering

Strict isolation of uploaded media files within private storage buckets, accessible only by authenticated members of your organization

10. Your Rights (GDPR)

Depending on your role:

If you are an account holder:

Right of access

Right to rectification

Right to erasure

Right to restrict processing

Right to data portability

Right to lodge a complaint with Romanian Data Protection Authority (ANSPDCP)

If you are an end customer of a Client:

Please contact the business directly, as they are the Data Controller.

11. Data Deletion Requests (Right to Erasure)

You have the right to request the deletion of your personal and organizational data.

Instant Deletion (Self-Service): As an Organization Owner, you can permanently delete your organization, including all associated client data, appointment history, and integration settings, directly from your dashboard. Navigate to Settings > Organization > Danger Zone and click "Delete Organization". This action is irreversible and executes immediately.

Alternative Method: You may also request account deletion by emailing support@revino-app.com with the subject "Data Deletion Request". Email requests will be processed within 30 days.

You may disconnect third-party integrations (such as Meta/WhatsApp) directly from your Integrations dashboard at any time.

12. Changes to This Policy

We may update this Privacy Policy.

Material changes will be communicated via platform notification or email.

Continued use of the Service constitutes acceptance of the updated policy.