Business

Users

Effective from February 25, 2026

User Privacy Policy

At Revi we value your privacy. Through this policy, we inform you of your rights regarding personal data protection and explain how we collect, use, disclose, transfer and store your information when you use our services to leave reviews about stores or products.

1. Terms used in this policy

For a better understanding of this policy, we explain below some key terms used throughout the document:

“Revi” or “we”: Refers to REVI DIGITAL, S.L., the company that owns the revi.io platform, with Tax ID (NIF) B23839574 and registered office at Calle Gaudencia Torres 9 16, 46015, Valencia (Spain). Contact email: hola@revi.io. Registered in the Commercial Registry of Valencia, volume 11,473, book 8,751, folio 81, page V-214487, entry 1st. Revi acts as data controller in the cases described in this policy.
“User” or “you”: Person who accesses the revi.io platform with the purpose of leaving a review, consulting ratings or interacting with public content related to products and businesses.
“Personal data”: Any information that allows a natural person to be identified directly or indirectly. This may include, for example, your name, email address, IP address, published reviews, attached images, among others.
“Public personal data”: Information voluntarily published on the platform, visible to any visitor, such as the content of your reviews, your name or pseudonym, the score given, the publication date, or any attached file. It also includes business responses to your ratings.
“Private personal data”: Data that is not publicly displayed on Revi and is used exclusively for service management or to verify the legitimacy of a rating, such as your email address, order number or technical information collected automatically.
“Platform”: Refers to the revi.io website and all associated functionalities, such as the review form, user area, moderation systems and any other service accessible from our main domain or subdomains.
“Data processor”: Natural or legal person that processes personal data on behalf of the data controller. For example, Revi acts as a processor when it manages review invitations on behalf of a business that has contracted its services.
“Data controller”: Natural or legal person that determines the purposes and means of the processing of personal data. This may be Revi (for example, in the case of user accounts or voluntary reviews) or the business that invites you to rate its service.
“GDPR”: General Data Protection Regulation (EU Regulation 2016/679), the European regulation that governs the protection of natural persons with regard to the processing of personal data and the free movement of such data.
“Consent”: A freely given, specific, informed and unambiguous indication by which the user accepts, through a clear affirmative action, the processing of their personal data by Revi for one or more specific purposes.

2. Third-party websites

Our platform may contain links to third-party websites. The existence of these links does not mean that we recommend them or that they are governed by this privacy policy. We encourage you to carefully read the privacy policies of such sites, as their data collection, use and processing practices may differ from ours.

3. Publicly visible reviews

Revi is a public platform designed to promote transparency between consumers and businesses. When you write a review on Revi, that review —together with the information associated with your user profile— will be visible to anyone who accesses our platform.

This includes:

The content of your review and the score given.
The publication date.
Your first name and the initial of your last name (or the pseudonym you choose). In the event that your review is not anonymous.
The product or service reviewed and, where applicable, the name of the business.
Your language.
Any image, video or other content you decide to attach to your review.

When another user accesses your profile, they can see all the ratings you have published, as well as additional information related to your public interactions on Revi.

Likewise, if a business responds to your review, that response will also be publicly visible. Both your review and the business’s response form part of the public record of interactions between consumers and businesses on Revi.

We consider all this information as public personal data, accessible on our platform and on external search engines (for example, Google). You are not required to provide any additional personal data beyond what is strictly necessary to leave a verified review. You decide whether to use your real name or a pseudonym, as well as whether to attach images or additional information that identifies you.

Some technology providers may be located outside the European Economic Area. In such cases, we ensure that processing is carried out under standard contractual clauses approved by the European Commission or equivalent mechanisms in accordance with the GDPR.

4. Private personal data

When a store or business requests Revi to send an invitation for you to rate your shopping experience, it provides us with certain personal data necessary for that purpose. This data usually includes your name, email address and a reference identifier, such as the order number or other equivalent data that allows the transaction to be verified.

In addition, Revi may receive information from third parties in order to detect possible fraud or carry out internal investigations aimed at ensuring the integrity of the review system.

We also automatically collect certain technical information from your device when you access our services. This may include your IP address, approximate location, device type, browser used, operating system, as well as data about your interaction with the platform (such as pages visited, clicks made, time spent) or with our emails (such as opening or interacting with review invitations).

All this information is used exclusively to provide the service securely, improve the user experience and ensure that published reviews are authentic and verifiable.

4.1. Who is the controller of your data?

According to the General Data Protection Regulation (Regulation (EU) 2016/679), the data controller is the one who determines the purposes and means of the processing of your personal data, while a data processor acts following their instructions.

When you receive an invitation to leave a review about a store or business that uses Revi’s services (whether sent directly by us on their behalf or by the business itself), that business acts as the data controller with respect to the data used for that invitation (for example, your name, email or order number). Revi, in this case, acts as the data processor, providing the service on behalf of the business.

Therefore, if you wish to exercise your rights over the personal data used for sending review invitations, such as access, rectification or erasure, you should contact the business that invited you directly, as it is the one that determines the use of that data.

On the other hand, with respect to other personal data linked to the use of the Revi platform —such as creating an account, publishing a review, responding to ratings or using interactive features— Revi acts as the data controller.

Additionally, depending on the services contracted by our clients (the businesses), they may also act as controllers with respect to certain data visible in reviews, such as your name, the content of the review or the experience date, when these are published on their business profile.

Revi has entered into the corresponding data processing agreements with the Businesses in accordance with Article 28 of the GDPR.

4.2. What do we use your personal data for?

At Revi we process your personal data for various purposes, all of which are based on the legitimate use of the platform, your consent, or the fulfillment of legal obligations. These are the main purposes for which we may use your information:

Providing our services: Displaying your reviews publicly on store profiles and giving you access to your user account or functionalities available on the Revi platform.
Improving the platform: Analyzing system usage, conducting internal testing, detecting errors and developing new features that enhance your experience.
Responding to your inquiries: Answering messages or requests you send through contact forms, support or email.
Sending you communications: If you have subscribed, we may send you newsletters, updates or other relevant communications, always with your consent.
Personalizing your experience: Adapting content, recommendations or the way we display ratings based on your behavior on the platform.
Internal management and analysis: Performing tasks such as statistical analysis, audits, fraud detection, quality control, content moderation or identifying usage trends.
Training and process improvement: Using your interactions (for example, questions or ratings) in an anonymized or pseudonymized manner to train our staff and improve service quality.
Legal compliance and exercise of rights: Retaining or disclosing information when necessary to fulfill a legal obligation, a court order or a request from a competent authority, as well as to defend Revi’s legitimate rights and interests.

In all cases, we apply technical and organizational measures to ensure that the processing of your data is appropriate, secure and in accordance with current regulations.

4.3. Legal basis for the processing of your data

At Revi we process your personal data in accordance with the legal bases established by the General Data Protection Regulation (GDPR), depending on the type of interaction you have with us. In particular, we process your data on the basis of:

Performance of a contract: We need to process your data to provide you with our services, allow you to leave verified ratings, give you access to your user account or fulfill other obligations arising from our relationship with you or the business you represent.
Compliance with legal obligations: We process personal data when necessary to comply with applicable regulations, including legal, tax, data protection or judicial requirements.
Legitimate interest: We process certain data to manage our platform, improve our services, ensure system security, prevent fraud or carry out statistical analyses. We always ensure that these processing activities are relevant, proportionate and do not unjustifiably affect your rights and freedoms.
Defense of legal rights: We retain or use your data if necessary to establish, exercise or defend legal claims.
Explicit consent: In cases where we request your consent (for example, to send you newsletters or install non-essential cookies), we will process your data only if you have given us free and informed permission. You may withdraw your consent at any time from the relevant panel or by writing to us (see “Contact” section).

Please remember that, even if you withdraw your consent, Revi may continue to process your data if there is another legal basis that justifies it.

Revi does not make solely automated decisions, including profiling, that produce legal effects on the User or similarly significantly affect them.

You also have the right to object to the processing of your data or to request its restriction in certain cases.

4.4. Retention period for your personal data

At Revi we retain your personal data only for the time necessary to fulfill the purposes for which it was collected, or while there is a legal basis that justifies its processing. The exact period will depend on the type of interaction you have had with us, the service provided and our legal or contractual obligations.

This means we may retain your data while:

You have a user account on Revi.
An active contractual relationship exists between you or the business you represent and Revi.
It is necessary to provide you with our services, display your ratings or ensure the traceability of verified reviews.
A legal retention obligation exists (for example, tax, commercial or data protection regulations).
We have a legitimate interest that justifies its retention (such as fraud prevention, platform security or defense against potential claims).

Once these purposes have ceased to apply and there is no legal obligation or legitimate basis that justifies storage, your data will be securely deleted or anonymized, so that it can no longer be associated with you as an identifiable person.

You may exercise your right to request the deletion of your personal data at any time.

At Revi, the security of your personal information is a fundamental priority. Therefore, we implement appropriate technical, organizational and administrative measures to protect your data against unauthorized access, loss, alteration or improper disclosure.

These measures include, for example:

The use of secure transmission protocols (HTTPS).
Restricted access controls for authorized personnel.
Intrusion detection and prevention systems.
Regular backups.
Periodic review and auditing of our platforms and systems to detect vulnerabilities.

However, please note that no data transmission over the Internet is completely secure. Although we constantly work to improve the protection of our systems, we cannot 100 % guarantee the security of the information you send us through electronic means.

For this reason, we recommend that you do not include sensitive or confidential data in the emails you send us, as these messages may not be encrypted. If you need to communicate particularly sensitive information, contact us and we will provide you with the most secure means to do so.

5. Right to lodge a complaint

You have the right to lodge a complaint with the Spanish Data Protection Agency (www.aepd.es) if you consider that the processing does not comply with current regulations.

6. Use of cookies and similar technologies

At Revi we use cookies and equivalent technologies, such as pixels and tracking codes, in order to improve your user experience, optimize our platform, personalize content, carry out statistical analyses and show you relevant advertising.

6.1. What are cookies?

Cookies are small text files that are stored on your device (computer, mobile phone, tablet, etc.) when you access our website. These files allow the site to remember relevant information for future visits, such as your preferences, settings or previous interactions.

6.2. What other technologies do we use?

In addition to cookies, we may use:

Pixels: small transparent graphic files that are inserted in emails or web pages. They help us understand whether you have opened a message or interacted with certain content.
Tracking codes: code snippets that allow us to analyze how you browse our platform, which sections you visit or how you interact with our services.

6.3. Purposes of use

These technologies are used to:

Identify your user session and facilitate your navigation.
Remember your preferences, such as language or regional settings.
Analyze browsing behavior on the site and improve our services.
Personalize the experience based on your interests.
Show relevant advertising, based on your previous visits or reviews submitted.
Measure the effectiveness of marketing campaigns and traffic sources.

6.4. Who installs these cookies?

Cookies may be:

First-party: managed directly by Revi, for example, to keep your session active or remember your privacy settings.
Third-party: managed by external platforms such as Google, Meta (Facebook), LinkedIn, among others, which assist us with tasks such as analytics, advertising or social media integration.

6.5. Do I need to give my consent?

Yes. According to current regulations, non-essential cookies (for example, analytics or advertising cookies) require your informed and explicit consent. When you access our website for the first time, we will display a configuration panel where you can accept or reject each category of cookies.

You may change your choice at any time through the Cookie Management Panel, accessible from the footer.

6.6. What happens if I reject them?

You can use Revi without accepting non-essential cookies. However, if you decide to reject them, some website functions may not be available or may not work correctly (for example, remembering your language or showing relevant recommendations).

6.7. Where can I get more information?

You can consult all the details about the types of cookies we use, their purposes, duration and third parties involved in our general Cookie Policy or write to us at hola@revi.io if you have additional questions or wish to exercise your rights.

7. Your data protection rights

As a Revi user, you have a series of rights recognized by the General Data Protection Regulation (GDPR) in relation to your personal data. You may exercise them at any time, free of charge and without the need for justification, by writing to us at hola@revi.io, indicating your identity and the specific request you wish to make.

7.1. Right of access

You have the right to obtain confirmation as to whether or not Revi is processing personal data concerning you, and if so, to access said data, as well as additional information about the processing we carry out (purposes, categories of data, recipients, retention period, etc.).

7.2. Right to rectification

You may request the correction or updating of your personal data if it is inaccurate, incomplete or outdated. This includes, for example, modifying your username, country, or correcting errors in your reviews.

7.3. Right to erasure (“right to be forgotten”)

You may ask us to delete your personal data when it is no longer necessary for the purposes for which it was collected, when you withdraw your consent or when it is being processed unlawfully. This right will apply provided there is no legal obligation or legitimate interest that requires us to retain it (for example, in cases of fraud prevention or exercise of legal rights).

7.4. Right to restriction of processing

You may request that we restrict the processing of your data when you contest its accuracy, the processing is unlawful and you oppose its erasure, we need to retain it for the exercise of claims, or you have objected to the processing and we are assessing the prevalence of our legitimate interests.

7.5. Right to object

You have the right to object to the processing of your personal data when it is based on our legitimate interest, especially in cases where it is used for direct marketing purposes or profiling. In such cases, we will stop processing your data unless there are compelling legitimate grounds.

7.6. Right to data portability

If the processing of your data is based on your consent or a contract, and is carried out by automated means, you may request to receive your data in a structured, commonly used and machine-readable format, or request that we transfer it directly to another controller, provided it is technically feasible.

7.7. Right to withdraw consent

When we have requested your consent to process your data (for example, for sending commercial communications or using non-essential cookies), you may withdraw it at any time, without this affecting the lawfulness of the processing carried out previously.

7.8. Limitations of these rights

Please note that some rights may be subject to certain limitations. For example, we will not be able to delete data that we are legally obligated to retain or if its erasure affects third-party rights. We will evaluate each case with transparency and duly inform you.

8. Information about minors

The Revi platform is not intended for persons under 18 years of age, and we do not knowingly collect personal data from minors of that age.

If you are a mother, father or legal guardian and believe that a minor in your care has provided us with personal data without your consent, please notify us as soon as possible by writing to hola@revi.io. We will proceed to review the situation and, if applicable, will securely delete said information in accordance with current regulations.

9. Changes to this policy

At Revi we may update this Privacy Policy at any time to reflect legal, technical or commercial changes that affect the processing of users’ personal data.

We will publish the modifications on this same page, indicating the date of the last update at the end of the document. We recommend that you periodically review this policy to stay informed about how we protect your information.

In the event that the changes substantially affect your privacy rights, we will notify you clearly and prominently, whether through our platform, by email (if you are registered) or through other appropriate means.

Continued use of our services after the publication or communication of said modifications shall imply acceptance of the changes introduced.

10. Data controller

REVI DIGITAL S.L.
Tax ID (NIF): B23839574
Registered office: Calle Gaudencia Torres 9 16, 46015, Valencia, Spain
Email: hola@revi.io
Registered in the Commercial Registry of Valencia, volume 11,473, book 8,751, folio 81, page V-214487, entry 1st

Cookie or technology	Description and purpose	Provider or domain	Retention
revi_jwt_session	Identifies the user session and protects essential site functionality.	revi.io	Up to 24 hours of inactivity (depends on session settings)
XSRF-TOKEN	Improves form and request security by preventing CSRF attacks.	revi.io	Depends on session configuration
revi_cookie_consent_v2	Stores your cookie consent preferences to apply your choice.	revi.io	6 months (rejection) or 24 months (acceptance)
server_pageview_measurement	Records pageviews and basic CMP events server-side for security, service reliability and product improvement without using cookies or persistent identifiers.	revi.io	Nothing is stored on your device
reCAPTCHA	Protects forms and access points from bots or abuse through Google reCAPTCHA.	google.com	Depends on Google security settings

Cookie or technology	Description and purpose	Provider or domain	Retention
_ga	Distinguishes users for aggregated statistical analysis in Google Analytics.	revi.io	2 years
_ga_*	Maintains session state and event measurement in GA4.	revi.io	2 years
_gid	Distinguishes users for 24 hours for usage analytics.	revi.io	24 hours

Cookie or technology	Description and purpose	Provider or domain	Retention
af_revi_jwt_session	Links the visit to an affiliate identifier for commercial attribution.	revi.io	7 days
_fbp	Identifies browsers for Meta campaign measurement and optimization.	revi.io	3 months
_fbc	Associates visits with Meta ad clicks when applicable.	revi.io	3 months
_gcl_au	Helps measure Google advertising conversions.	revi.io	3 months

User Privacy Policy

Your privacy, under control