Important Notice: Reva is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your data when you use our AI phone agent services.
1. Information We Collect
1.1 Information You Provide Directly
We collect information that you provide directly to us, including:
- Account Information: Name, email address, phone number, business name, and billing information
- Business Configuration Data: Service details, pricing information, FAQs, booking rules, and custom scripts
- Payment Information: Credit card details, billing address (processed securely through our payment processor)
- Communications: Messages, feedback, and support requests you send to us
1.2 Information Collected Automatically
When you use our services, we automatically collect:
- Call Data: Phone numbers, call duration, timestamps, call recordings, transcripts, and conversation metadata
- Usage Data: Features accessed, appointment bookings, SMS messages sent, and interaction patterns
- Device Information: IP address, browser type, operating system, device identifiers
- Log Data: System activity, error logs, performance metrics, and diagnostic information
- Cookies and Tracking: Session identifiers, analytics data, and preference settings
1.3 Information from Third Parties
We may receive information from:
- Calendar Services: Appointment data from integrated calendar systems
- Payment Processors: Transaction confirmation and billing verification
- Telecommunications Providers: Call routing and delivery information
- Analytics Services: Aggregated usage statistics and performance data
2. How We Use Your Information
We use the collected information for the following purposes:
2.1 Service Provision
- Operating and maintaining our AI phone agent service
- Processing and fulfilling appointment bookings
- Sending SMS notifications and confirmations
- Managing your account and preferences
- Providing customer support and responding to inquiries
2.2 Service Improvement and Development
- Training and improving our AI models and algorithms
- Analyzing usage patterns to enhance functionality
- Developing new features and services
- Conducting research and testing
2.3 Business Operations
- Processing payments and managing billing
- Detecting and preventing fraud and abuse
- Ensuring system security and integrity
- Complying with legal obligations
- Enforcing our Terms of Service
2.4 Communications
- Sending service updates and notifications
- Providing technical support
- Marketing and promotional communications (with your consent)
- Responding to your requests and inquiries
3. Legal Basis for Processing
We process your personal information based on the following legal grounds:
- Contract Performance: Processing necessary to provide our services
- Legitimate Interests: Improving our services, security, and fraud prevention
- Legal Compliance: Meeting regulatory and legal requirements
- Consent: Where you have provided explicit consent for specific processing activities
4. Information Sharing and Disclosure
4.1 Third-Party Service Providers
We share information with trusted service providers who assist us in operating our business:
- Cloud Infrastructure: AWS, Google Cloud, or similar providers for data hosting and processing
- Payment Processing: Stripe and other payment processors for transaction processing
- Telecommunications: Twilio, Vonage, or similar providers for call routing and SMS delivery
- Analytics Services: Google Analytics, Mixpanel, or similar platforms for usage analysis
- AI Services: Anthropic Claude, OpenAI, or similar providers for AI processing
- Customer Support: Help desk and ticketing systems
Method of Disclosure: All third-party service providers are bound by data processing agreements and are required to implement appropriate security measures. Data is transmitted using encrypted channels (TLS 1.3 or higher) and access is limited to what is necessary for service provision.
4.2 Business Partners
With your consent, we may share data with:
- Calendar integration partners (Google Calendar, Microsoft Outlook, etc.)
- CRM systems you choose to integrate
- Marketing automation platforms you authorize
4.3 Legal Requirements
We may disclose information when required by law or to:
- Comply with legal processes, court orders, or government requests
- Enforce our Terms of Service and other agreements
- Protect the rights, property, or safety of Reva, our users, or others
- Investigate and prevent fraud, security breaches, or illegal activities
4.4 Business Transfers
In the event of a merger, acquisition, reorganization, or sale of assets, your information may be transferred. We will notify you of any such change and provide choices regarding your information.
4.5 Aggregated Data
We may share aggregated, anonymized data that cannot identify you individually for research, analytics, and business purposes.
5. Data Security Practices
We implement comprehensive security measures to protect your information:
5.1 Technical Safeguards
- Encryption: All data is encrypted in transit (TLS 1.3) and at rest (AES-256)
- Access Controls: Role-based access with multi-factor authentication required
- Network Security: Firewalls, intrusion detection systems, and DDoS protection
- Secure Infrastructure: SOC 2 Type II compliant cloud hosting
- API Security: Rate limiting, authentication tokens, and request validation
5.2 Organizational Safeguards
- Employee Training: Regular security and privacy training for all staff
- Access Limitation: Strict need-to-know basis for data access
- Background Checks: Comprehensive vetting of employees with data access
- Confidentiality Agreements: All personnel bound by confidentiality obligations
5.3 Operational Safeguards
- Regular Audits: Quarterly security assessments and penetration testing
- Vulnerability Management: Continuous monitoring and patch management
- Incident Response: 24/7 monitoring with rapid response procedures
- Data Backups: Encrypted, geographically distributed backups
- Logging and Monitoring: Comprehensive audit trails and anomaly detection
5.4 Compliance Certifications
- PCI DSS Level 1 compliant payment processing
- GDPR and CCPA compliant data handling
- SOC 2 Type II certified infrastructure
- HIPAA-ready architecture for healthcare clients
Data Breach Protocol: In the unlikely event of a data breach, we will notify affected users within 72 hours and provide detailed information about the incident, impacted data, and remediation steps taken.
6. Data Retention
We retain your information for as long as necessary to provide our services and comply with legal obligations:
- Account Data: Retained while your account is active and for 30 days after closure
- Call Recordings: Stored for 90 days by default (customizable based on your needs)
- Transaction Records: Retained for 7 years for tax and accounting purposes
- Analytics Data: Aggregated data retained indefinitely after anonymization
- Backup Data: Automatically deleted after 90 days unless required for legal holds
You may request earlier deletion of your data subject to our legal obligations.
7. Your Rights and Choices
7.1 Access and Portability
You have the right to:
- Access your personal information
- Receive a copy of your data in a portable format
- Request transmission of your data to another service
7.2 Correction and Deletion
You may:
- Update or correct your account information
- Request deletion of your personal data
- Close your account at any time
7.3 Opt-Out Rights
You can opt out of:
- Marketing communications (unsubscribe links provided)
- Non-essential cookies through browser settings
- Certain data sharing with third parties
7.4 California Privacy Rights (CCPA)
California residents have additional rights:
- Right to know what personal information is collected
- Right to know if personal information is sold or disclosed
- Right to opt-out of the sale of personal information (we do not sell your data)
- Right to non-discrimination for exercising privacy rights
7.5 European Privacy Rights (GDPR)
EU/EEA residents have the right to:
- Object to processing based on legitimate interests
- Restrict processing in certain circumstances
- Lodge a complaint with your supervisory authority
- Withdraw consent where processing is based on consent
8. International Data Transfers
Your information may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place:
- Standard Contractual Clauses approved by the European Commission
- Adequacy decisions by relevant data protection authorities
- Privacy Shield framework compliance where applicable
- Binding Corporate Rules for intra-group transfers
9. Children's Privacy
Our services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a child, please contact us immediately for deletion.
10. Cookies and Tracking Technologies
We use cookies and similar technologies:
- Essential Cookies: Required for service operation and security
- Analytics Cookies: Help us understand usage patterns
- Preference Cookies: Remember your settings and preferences
You can control cookies through your browser settings, though this may affect service functionality.
11. Third-Party Links
Our service may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies.
12. Changes to This Privacy Policy
We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. We will:
- Post the updated policy with a new "Last Updated" date
- Notify you via email of material changes
- Provide 30 days notice before material changes take effect
- Obtain your consent where required by law
13. Contact Us
You may also submit requests through your account dashboard or by contacting our support team.