Privacy Policy

Last updated:

December 1, 2025

Revo Inc (“Revo Inc”, “us”, “we”, or “our”) operates websites including www.revo.ai (each a “Website”), web and desktop applications, mobile applications (including our iOS app), and browser extensions (together with our Websites, our “Platform”). Our Platform provides an AI-powered product management and collaboration service, allowing users (“you” or “users”) to
(i) access and download certain information we provide through the Platform and
(ii) use the Services provided therein, including the transmission, storage, processing, and display of information from each user (collectively, the “Services”).

This document sets out our privacy and security policy (the “Policy”) and, among other things, informs you of our policies regarding the collection, use, and disclosure of Personal Information (as defined below) when you access any part of our Platform (whether directly or indirectly) or in any manner use our Services. Please note that third parties whose data or information is processed by our users may be affected by such processing. In such cases, our users act as data controllers and Revo Inc acts as their data processor. For more information about the roles and responsibilities between us and our users, please consult Section 2 of this Policy and our Data Protection Addendum, available at: www.revo.ai/dpa-scc.

1. Overview of this Policy


The following information in this Policy is designed to help you better understand what information we gather from you and through your access to the Platform or use of our Services, how we use and disclose this information, who we might share this information with, and to describe generally what security steps we take. By accessing our Platform, downloading any information made available via any of our Platform (e.g., guidelines, reports), and/or by using our Services in any manner (inclusive of downloading, installing, and using any of our Extensions), users provide us data that is necessary for us to collect and process in order to provide the Services and the Platform, in accordance with the statements of our Terms of Services.

Note, if you are a resident of the State of California, you may have additional personal information rights and choices.  Please see the Your California Privacy Rights section below for more information.

Note also, if you are an European Union resident, you have specific rights over your personal data. Please see the GDPR rights section below for more information.

For the proper functioning of our Platform and Services, we rely on the supply of third-party providers. For more information about them, please see the Data recipients section below.

Except as expressly stated herein, this Policy does not apply to any third-party applications or technologies that integrate with our Services (e.g., social media websites), or any other third-party products, services, or businesses, or to third-part websites that you access via links or otherwise while using the Online Platforms or our Services (Third Party Services).

Except for the scope of the data processing activities ruled by this Policy, this latest does not apply to data collected from, or provided by users to Third Party Services, and instead, such data is subject to the practices of the provider(s) of the applicable Third Party Services. You should review the privacy policies of such Third Party Services (and any other applicable terms and conditions) to determine how your data will be used before sharing any of your data with them.

2. Processing of Data

1- The parties acknowledge and agree that with regard to the processing of Personal Data, Customer may act either as a controller or processor and, except as expressly set forth in this Addendum or the Terms of Service, Revo Inc. is a processor.

2- Customer shall, in its use of the Services, at all times process Personal Data, and provide instructions for the processing of Personal Data, in compliance with Data Protection Laws. Customer shall ensure that the processing of Personal Data in accordance with Customer’s instructions will not cause Revo Inc. to be in breach of the Data Protection Laws. Customer is solely responsible for the accuracy, quality, and legality of
(i) the Personal Data provided to Revo Inc. by or on behalf of Customer,
(ii) the means by which Customer acquired any such Personal Data, and
(iii) the instructions it provides to Revo Inc. regarding the processing of such Personal Data. Customer shall not provide or make available to Revo Inc. any Personal Data in violation of the Terms of Service or otherwise inappropriate for the nature of the Services, and shall indemnify Revo Inc from all claims and losses in connection therewith.

3- Revo Inc shall not process Personal Data:

(i) for purposes other than those set forth in the Terms of Service and/or Annex I,
(ii) in a manner inconsistent with the terms and conditions set forth in this Addendum or any other documented instructions provided by Customer, including with regard to transfers of personal data to a third country or an international organization, unless required to do so by Supervisory Authority to which the Revo Inc. is subject; in such a case, the Revo Inc shall inform the Customer of that legal requirement before processing, unless that law prohibits such information on important grounds of public interest, or
(iii) in violation of Data Protection Laws.  
Customer hereby instructs Revo Inc to process Personal Data in accordance with the foregoing and as part of any processing initiated by Customer in its use of the Services.

4- The subject matter, nature, purpose, and duration of this processing, as well as the types of Personal Data collected and categories of Data Subjects, are described in Annex I to this Addendum.

5- Following completion of the Services, at Customer’s choice, Revo Inc. shall delete or return Customer’s Personal Data, unless further storage of such Personal Data is required or authorized by applicable law. If destruction or return is impracticable or prohibited by law, rule or regulation, Revo Inc. shall take measures to block such Personal Data from any further processing (except to the extent necessary for its continued hosting or processing required by law, rule or regulation) and shall continue to appropriately protect the Personal Data remaining in its possession, custody, or control. If Customer and Revo Inc. have entered into Standard Contractual Clauses as described in Section
6 (Transfers of Personal Data), the parties agree that the certification of deletion of Personal Data that is described in Clause 8.1(d) and Clause 8.5 of the EU SCCs (as applicable) shall be provided by Revo Inc. to Customer only upon Customer’s request.

6- CCPA. Except with respect to Customer Account Data and Customer Usage Data, the parties acknowledge and agree that Revo Inc is a service provider for the purposes of the CCPA (to the extent it applies) and is receiving personal information from Customer in order to provide the Services pursuant to the Terms of Service, which constitutes a business purpose. Revo Inc. shall not sell any such personal information. Revo Inc. shall not retain, use or disclose any personal information provided by Customer pursuant to the Terms of Service except as necessary for the specific purpose of performing the Services for Customer pursuant to the Terms of Service, or otherwise as set forth in the Terms of Service or as permitted by the CCPA. The terms “personal information,” “service provider,” “sale,” and “sell” are as defined in Section 1798.140 of the CCPA. Revo Inc. certifies that it understands the restrictions of this Section 2.5.

3. The data processing activities subject to this Policy and responsibilities

To provide you with our Platform and Services, we need to process Personal Data. This is why we implement data processing activities, which can be performed by us as a data processor of our users or as an independent data controller, depending on which data processing activity is considered.

As a data processor of our Users, here are the data processing activities that are implemented by us on their behalf :

  • We store and host the Personal Data contained in the content generated by users of our Services and Platform;
  • We collaborate with our users when they ask us to do so and if we can when a Personal Data subject exercised one of his or her individual rights.
  • When users connect their third-party tools (such as Slack, Jira, HubSpot, Zendesk, Google Calendar, CRMs, documentation tools or other integrations available in Revo), we process the Personal Data coming from these tools only to provide the Services requested by the user and according to the user’s instructions.

On our sole responsibility of data controller we only :

  • Handle the login and authentication credentials of our users;
  • Perform a technical monitoring of the infrastructure;
  • Analyze habits of the way our product is used by users;
  • Perform audience and usage monitoring of the Platform using Plausible.io services;
  • Handle the users' rights requests related to Personal Data protection (CCPA, GDPR and Canadian individual rights);
  • Send emails to our users;
  • Send messages to our Website’s chat users; and manage the Users’ accounts creation.
  • Access, in limited cases, certain elements of your workspace or account (for example, to investigate an incident, reproduce an issue, or help configure the Services), always under confidentiality obligations and only to the extent necessary to provide support.

When you visit or log in to our Website, cookies and similar technologies may be used by our online data partners or vendors to associate these activities with other personal information they or others have about you, including by association with your email.

Please note that the Personal Data that can be processed by users using our Services and Platform are sole data controllers of the processing they decide to perform via our Services and Platform.

Thus, in case Personal Data subjects are not users, please note that the responsibility of being the data controllers of the data processing performed using our Platform and Services is assumed by our users who process the Personal Data of these data subjects. We propose to our Users, acting as data controllers, to agree to our Data Protection Addendum that is publicly available here : www.revo.ai/dpa-scc

This Data Protection Addendum provides the statements ruling the relations between us and our users using our Services and Platform to perform such data processing activities.

As part of our commitment to your privacy, we process your data for various lawful reasons:

Contractual Obligations: We process your data to:

  • Give account access;
  • Handle customer relations;
  • Manage orders and deliver products/services; and
  • Offer customer support.

Legitimate Interests: We process your data to:

  • Enhance and personalize your experience;
  • Monitor and boost our service quality;
  • Conduct internal functions and research;
  • Uphold terms of use and address legal concerns.

Consent: We may seek your consent to:

  • Send marketing materials where required by law;
  • Use cookies or similar technology; and
  • For other specific reasons we'll clarify when seeking consent.

You can revoke consent anytime via provided unsubscribe options or by contacting us as mentioned in our Privacy Policy's contact section.

For registered users, Revo Inc might occasionally email updates about security, features, or news. You can opt out of emails anytime via the unsubscribe link at the bottom of our emails. If you reach out to us (e.g., for support), we may share your request to aid our response or assist others, but your personal details will always remain private.

Training is not done on customers’ data. Customer content is processed only to provide the requested feature or as required for security. Customer data is never used to train general-purpose AI mode

Google Calendar API Access
This section applies to users who connect their Google Calendar to Revo for enhanced meeting management. Revo Inc uses the Google Calendar API to access users' meeting and calendar information under the following conditions:

- Purpose: Access occurs when a user connects their Google Calendar through an integration. This enables Revo to access meetings and join them. Additionally, when a user invites Revo to a call, Revo can save recordings (audio and video), transcripts, and meeting details for your work.

- Data Accessed: This includes meeting times, dates, titles, participants' names, participants' emails, chats, and meeting links. We store past and future meeting events to facilitate recording and leverage transcripts.

- Data Usage: The information is exclusively used to enhance your productivity by providing accessible meeting summaries and details.

This data is protected and processed in accordance with our data protection commitments and privacy policy.

Google Drive API Access

This section applies to users who connect their Google Drive account to Revo for enhanced productivity features and AI-assisted workflows. Revo Inc uses the Google Drive API to access user files and metadata under the following conditions:

  • Purpose: Access occurs only when a user explicitly connects their Google Drive through an integration in Revo. This enables the Revo AI agent to read, create, modify, and update documents and other Drive files to assist in product work, provide intelligent suggestions, and enrich Revo’s context and memory for the user’s ongoing projects.
  • Data Accessed: Depending on the requested operation, this may include:
    • File metadata (file name, type, size, owner, last modified date)
    • File content (documents, spreadsheets, presentations, and other supported Drive files)
    • Folder structure information for the folders you choose to share
    • File sharing settings and permissions (when necessary to complete user requests)
  • User Control Over Access:
    Access is limited to the specific files and folders you choose to share with Revo through the Google Drive file picker or when creating documents directly in Revo. Revo cannot access any other content in your Drive without your explicit selection and authorization.
  • Data Usage:
    The information is used solely to:
    • Read and analyze files you have authorized for AI-powered assistance
    • Create and edit documents on your behalf when requested
    • Update content in files you have selected
    • Maintain contextual memory for your projects within Revo

We do not use Google Drive data for advertising, profiling, or any purpose other than delivering and improving Revo’s features for you. Access to Google Drive data is limited to the minimum necessary to perform the requested actions.

You can revoke access at any time by disconnecting your Google Drive from Revo in your account settings or through your Google account’s security settings.

All Google Drive data is handled in accordance with this Privacy Policy, our Data Protection Addendum, and Google’s Limited Use Requirements. Revo Inc’s use of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Other Third-Party Integrations (Slack, Jira, HubSpot, Zendesk, CRMs, Documentation Tools, etc.)

Revo Inc also offers optional integrations with third-party tools such as Slack, Jira, HubSpot, Zendesk, Linear, Notion, Confluence, Intercom, CRMs, ticketing tools, calendar systems, and documentation platforms. When a user connects one of these integrations, Revo Inc processes the Personal Data and content made available through that integration solely for the purpose of providing the Services, in accordance with the user’s instructions.

Revo Inc does not use integration data for advertising, profiling, or training general-purpose AI models. Access to integration data is limited to what is strictly necessary to deliver the requested features, such as synchronizing messages, analyzing tickets, clustering feedback, or generating documentation.

Users may revoke access to any integration at any time through their account settings or through the third-party provider’s own security settings. Once access is revoked, Revo Inc can no longer retrieve or process new information from that integration.

4. Authorized Sub-Processors

1- Customer acknowledges and agrees that Revo Inc may:

(i) engage its affiliates and the Authorized Sub-Processors on the List (defined below) to access and process Personal Data in connection with the Services and

(ii) from time to time engage additional third parties for the purpose of providing the Services, including without limitation the processing of Personal Data. By way of this Addendum, Customer provides general written authorization to Revo Inc to engage sub-processors as necessary to perform the Services.

2- A list of Revo Inc’s current Authorized Sub-Processors will be made available to Customer at Data Processors.  Such List may be updated by Revo Inc from time to time.  Revo Inc will notify by email Customer of new Authorized Sub-Processors and Customer. At least ten (10) days before enabling any third party other than existing Authorized Sub-Processors to access or participate in the processing of Personal Data, Revo Inc will add such third party to the List and notify subscribers, including Customer, via the aforementioned notifications. Customer may object to such an engagement by informing Revo Inc in writing within ten (10) days of receipt of the aforementioned notice by Customer, provided such objection is in writing and based on reasonable grounds relating to data protection. Customer acknowledges that certain sub-processors are essential to providing the Services and that objecting to the use of a sub-processor may prevent Revo Inc from offering the Services to Customer.

3- If Customer reasonably objects to an engagement in accordance with Section 4.2, and Revo Inc cannot provide a commercially reasonable alternative within a reasonable period of time, Customer may discontinue the use of the affected Service by providing written notice to Revo Inc.  Discontinuation shall not relieve Customer of any fees owed to Revo Inc under the Terms of Service.

4- If Customer does not object to the engagement of a third party in accordance with Section 4.2 within ten (10) days of notice by Revo Inc, that third party will be deemed an Authorized Sub-Processor for the purposes of this Addendum.

5- Revo Inc will enter into a written agreement with the Authorized Sub-Processor imposing on the Authorized Sub-Processor data protection obligations comparable to those imposed on Revo Inc under this Addendum with respect to the protection of Personal Data.  In case an Authorized Sub-Processor fails to fulfill its data protection obligations under such written agreement with Revo Inc, Revo Inc will remain liable to Customer for the performance of the Authorized Sub-Processor’s obligations under such agreement.

6- If Customer and Revo Inc have entered into Standard Contractual Clauses as described in Section 6 (Transfers of Personal Data), (i) the above authorizations will constitute Customer’s prior written consent to the subcontracting by Revo Inc of the processing of Personal Data if such consent is required under the Standard Contractual Clauses, and (ii) the parties agree that the copies of the agreements with Authorized Sub-Processors that must be provided by Revo Inc to Customer pursuant to Clause 9(c) of the EU SCCs may have commercial information, or information unrelated to the Standard Contractual Clauses or their equivalent, removed by the Revo Inc beforehand, and that such copies will be provided by the Revo Inc only upon request by Customer.



5. Recipients of the Personal Data

For the good functioning of our Platform that makes the Services available to the Users, we  rely on third-party companies and individuals to facilitate our Services and manage our Platform and to provide our Services on our behalf. In the strict frame of the provision of services, these third parties (also called “our Data Processors”) might have access to your PersonalInformation only to perform specific tasks on our behalf and are obligated not to disclose or use your information for any other purpose.

You can find the list of our Data Processors, implementing data processing on our behalf, in our Security Center:

  • Amazon Web Services (AWS) – Cloud provider, hosting data and our application (US).
  • Open AI – Engineering, providing Large Language Model APIs (GPT-4, GPT-3.5, GPT-5) (US).
  • Google Cloud – Cloud provider, hosting data and infrastructure (US).
  • Assembly AI – Engineering, processing audio data through AI (US).
  • Crisp – Cloud service supporting customer service tickets and communication (France).
  • Hyperdoc (Recall.ai) – IT tool for meeting processing (US).
  • Mixpanel – Data analytics platform to gain customer insights (US).
  • Google Workspace – Identity and collaboration provider for email, document hosting, and sharing (US).
  • Datadog – Cloud monitoring platform for infrastructure and production (US).
  • Customer.io – Platform for transactional and promotional email notifications (US).
  • Segment – Data analytics and Customer Data Platform (US).
  • Stripe – Finance and payment processing service provider (US).
  • Slack – Messaging platform for team collaboration and updates (US).
  • Webflow – Visual web design and hosting (US).
  • Firecrawl.dev - API for web crawling and data extraction (US).
  • Mistral - AI company providing open-weight large language models (FR).
  • ConvertAPI - API service for file format conversion (US).
  • x.ai (Grok) – Engineering, providing Large Language Model APIs (US).

For the complete and up-to-date list of all our subprocessors, including their purposes and locations, please visit our Security Center.



6. Personal Data retention

To pursue the purposes exposed in section 3 of this Policy, we collect the categories of Personal data detailed in its section 2.

However, we also want to inform you that we don’t store this data for an unlimited period. Hereinafter you will find the details of the duration rules that we respect in terms of retention of these Personal data.

Generally, we don’t retain data more than the period of time that is necessary to achieve our purposes detailed in section 3.

So first, all the data processed to ensure security are stored for a 12 months period.

The relevant data processed to improve the experience and enrich our products are stored for a 6 months period, except if the users resigned their contract and deleted their account.

Concerning the data that are necessary to process for making our users able to actually use our Platform and Services, we store their data only for the period of time that corresponds to the moment when they created their account until the one when they resigned their account.

The data processed for making us able to inform our users about changes in our public legal documents is also only stored for this period of time.

Concerning the data processed to notify our users about the eventual occurrence of data breaches, we store it for a period of 5 years (the duration of limitation duration for legal actions in France).

The data processed to promote our products is stored from the moment of their collection (they are provided by the users during the subscription process) until 2 years after they resigned their account.

All the data processed to interact by messages, be it through emails or our chat available on the Website, is stored for 12 months, except if the users have an account, in this case the data is stored until they resign their account.

Finally, all the data we process to respond to data subject requests are stored for a period of 1 year after the receipt of each request.


7. Security


The security of your Personal Information is important to us, and we strive to implement and maintain reasonable, commercially acceptable security procedures and practices appropriate to the nature of the information we store, in order to protect it from unauthorized access, destruction, use, modification, or disclosure. Substantially all information we receive from you or via your use of our Services are copied, stored and managed through computer servers owned or controlled by us.  

For example, our servers are not located at our principal place of business but rather are managed and located at a third-party Infrastructure-as-a-Service provider (an “IAAS”).  We have taken commercially reasonable steps to choose a professional IAAS provider, whose name you may find in the section “Recipients of the Personal Data”, but we cannot guarantee the performance of the IAAS provider, its security measures, or the actions or inactions it takes in the future. By using our services, you understand and agree that we have no liability for the actions, behaviors or failings of our IAAS provider.

While we attempt to employ security techniques commensurate with industry norms to protect your Personal Information and all other information we may host from unauthorized access by users inside and outside the organization, you should be aware that"perfect security" does not exist on the internet or any other method of electronic transmission or storage; third parties may unlawfully or improperly intercept or access transmissions, personal information, or private communications. As such, we cannot make any assurances or guarantee in any manner that a security breach will not occur that may expose your personally identifiable information to others.  

We endeavor to only require the collection of as much Personal Information as required to provide you access to our Services, ensure our ability to send you the communications described above, and meet our legal obligations.  In addition, we will use commercially reasonable efforts to attempt to store Personal Information in a secure location. We do not represent that any Personal Information provided to us will be encrypted in any manner.


8. Transfer of Information to the EU; Storage in the EU.


All information you provide to us, including Personal Information, is transferred, processed, and stored in the European Union.  

However, we are an American company. This means that all the Personal data we process might be subject to potential transfers outside the EU, for reasons related to the legal obligations that apply to us.

To secure these data transfers, we provide to our users a document based on the Standard Contractual Clauses agreed by the European commission. You can take a look at it at the following URL : www.revo.ai/dpa-scc

9. Business Transaction


If we are involved in a merger, acquisition or asset sale, your Personal Information maybe transferred as a business asset. In such cases, we will attempt in good faith to provide notice before your Personal Information is transferred and/or becomes subject to a different Policy.


10. Links To Other Websites


Our Services and our Online Platforms may contain links to other websites that are not operated by us. If you click on a third-party link, you will be directed to that third-party's Online Platforms. We strongly advise you to review the Policy of every Online Platforms you visit.  We have no control over, and assume no responsibility for the content, privacy policies or practices of any third-party websites or services.


11. Children's Privacy


Only persons age 18 or older have permission to access our Services. Our Services are meant for working professionals only and, therefore, are not meant to be used or accessed in any manner by anyone under the age of 16 ("Children").  We do not knowingly collect personally identifiable information from Children. If you are a parent or guardian and you learn that your Children have provided us with Personal Information, please contact us. If we become aware that we have collected Personal Information from children under age 16 without verification of parental consent, we take steps to remove that information from our servers.

12. Enforcement


We will actively monitor its relevant privacy and security practices to verify adherence to this Privacy Policy. Any agents, contractors, service providers, or other third parties subject to this Policy that we determine to be in violation of this Policy or applicable data protection laws will be subject to disciplinary action up to and including termination of applicable services. Please contact us immediately at privacy@revo.ai if you believe there has been a material violation of this Privacy Policy.

13. Changes To This Policy

This Policy is effective as of the date listed at the top of this Policy and will remain in effect except with respect to any changes in its provisions in the future, which will be in effect immediately after being posted on this page.

We reserve the right to update or change our Policy at any time and you should check this Policy periodically. Your continued use of our Services after we post any modifications to the Policy on this page will constitute your acknowledgment of the modifications and your consent to abide and be bound by the modified Policy.

If we make any material changes to this Policy, we will notify you either through the email address you have provided us, or by placing a prominent notice on our Websites.


14. Consent revoke


For any data processing activities under this Policy that rely on your consent, you may revoke your consent at any time by sending an email to privacy@revo.ai.

Additionally, for any electronic communications we send, you may unsubscribe from future communications by clicking the link included in those emails (e.g., “If you do not wish to receive these emails in the future, you can click here to unsubscribe.”).

15. Your California Privacy Rights

Because we provide our California users with the ability to exercise his or her "opt out" rights as described above, pursuant to Section1798.83(c)(2) of the California Civil Code, we are in compliance with theCalifornia "Shine the Light" law and are not obligated to provideCalifornia users with the names and addresses of all the third parties that received personal information from the Company for the third parties' direct marketing purposes during the preceding calendar year.


16. Canadian Privacy Rights


Canadian residents have a right to request access or correction of Personal Information held by us. We will endeavor to process any requests for access or correction to Personal Information within a reasonable period of time. Where possible, we will provide you with access to that PersonalInformation either by providing you with copies of the information requested, allowing you to inspect the information requested, or providing you with a summary of the information held. If we need to deny your request for access we will let you know why and inform you how you may lodge a complaint regarding this decision.

We will otherwise try to ensure that all Personal Information we collect, use or disclose about you is accurate, complete, up-to-date and relevant to the service being provided.

Please forward your request for access or correction to our Data Protection Officer in writing at the relevant address or email address below.

17. European Union Privacy Rights (GDPR)


In accordance with the GDPR, you have the right to request access to your Personal Data. You may also exercise your right to rectify your Personal Data, request the erasure of your Personal Data, or object to one or more processing activities carried out on your Personal Data. In addition, you have the right to request the portability of your Personal Data.

When exercising any of the rights mentioned above, you also have the right to request the restriction of processing concerning your Personal Data.

Furthermore, if you encounter any issue related to the processing of your Personal Data, you may file a complaint with your national data protection authority.

Our lead supervisory authority within the European Union is the CNIL, located at:

3 Place de Fontenoy, TSA 80715, 75334 PARIS CEDEX 07, France.

18. Contact Us

Please do not hesitate to contact us with any questions, complaints, or requests with respect to your Personal Information, this Privacy Policy, and/or our privacy practices.

We appointed the french company DATAJURISTES SAS, located at 14 rue du vieux faubourg in Lille (France, 59000) and represented by its President François-Xavier Cao, as our Data Protection Officer.

You may contact our Data Protection Officer at privacy@revo.ai

Enforcement starting date : November 14, 2025