Skip to content
Reava

Privacy Policy

Reava, Inc. · Effective Date: June 1, 2025 · Last Updated: June 1, 2025

1. Introduction

Reava, Inc. ("Reava", "we", "us", or "our") operates an AI-powered product development environment at reava.co (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard personal information when you access or use our Service.

By creating an account or using the Service, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree, please do not use the Service.

2. Who We Are and How to Contact Us

Reava, Inc. is the data controller for information processed through the Service.

If you have questions, concerns, or requests related to this Privacy Policy, please contact us at:

  • Email: privacy@reava.co
  • Mailing Address: Reava, Inc., [Registered Address], United States

3. Information We Collect

3.1 Account and Profile Information

When you create a Reava account, we collect:

  • Full name and email address
  • Organisation or workspace name
  • Password (stored as a secure hash — we never store your plaintext password)
  • Role or job title (if provided)

3.2 Payment and Billing Information

Payment transactions are processed by Stripe, Inc. We do not store full credit card numbers or bank account details on our servers. We receive from Stripe a tokenised payment reference, billing address, and transaction history to manage your subscription and credit balance.

3.3 Workspace and Signal Data

The core function of Reava is to ingest and analyse customer feedback signals from sources you connect. This may include:

  • Support tickets (e.g., from Zendesk or Freshdesk)
  • Survey responses (e.g., from Typeform)
  • CRM notes and deal records (e.g., from HubSpot or Salesforce)
  • Product management data (e.g., from Jira, Confluence)
  • Document and research files (e.g., from Google Drive, Notion)
  • Customer conversation transcripts (e.g., from Gong, Otter.ai, Intercom, Slack)
  • Other text-based feedback you upload directly

You control which connectors to enable. We process this data solely to deliver the Service features you have requested.

3.4 AI-Generated Content

When you analyse signals, Reava's AI pipeline produces clustered insights, problem statements, hypotheses, and product specifications ("AI Outputs"). These AI Outputs are stored in your workspace and may contain information derived from your connected source data.

3.5 Usage and Technical Data

We automatically collect certain technical information when you use the Service, including:

  • IP address and general geolocation (country/region)
  • Browser type, operating system, and device identifiers
  • Pages visited, features used, and time spent in the application
  • API request logs and error traces
  • Session duration and interaction events

3.6 Communications

If you contact our support team or respond to our emails, we retain those communications to resolve your queries and improve our Service.

4. How We Use Your Information

We use the information we collect for the following purposes, each grounded in a lawful basis under applicable privacy law:

  • Provide, operate, and maintain the Service (performance of contract)
  • Process payments and manage subscriptions and credit balances (performance of contract)
  • Analyse and cluster your connected feedback signals using AI models (performance of contract)
  • Generate machine-readable product specifications and AI insights (performance of contract)
  • Authenticate users and secure your workspace (legitimate interest / performance of contract)
  • Send transactional emails such as account confirmations, invoices, and password resets (performance of contract)
  • Send product update and marketing emails (with your consent where required)
  • Monitor Service performance, diagnose bugs, and improve reliability (legitimate interest)
  • Conduct anonymised, aggregated analytics to understand usage patterns and improve the product (legitimate interest)
  • Comply with legal obligations such as tax, fraud prevention, and regulatory requests (legal obligation)

We do not sell your personal data. We do not use your workspace signal data or AI Outputs to train any publicly shared or third-party AI model.

5. Data Sharing and Third-Party Processors

We share information only as described below. We do not sell, rent, or trade personal information.

5.1 Service Providers (Sub-processors)

We engage trusted sub-processors to help operate the Service. Each is bound by data processing agreements and processes data only on our instructions:

  • Database & storage: Supabase (Supabase, Inc.)
  • Hosting & deployment: Vercel (Vercel, Inc.)
  • Payment processing: Stripe (Stripe, Inc.)
  • AI model inference: Anthropic (Anthropic, PBC) / OpenAI (OpenAI, LLC)
  • Infrastructure: Amazon Web Services (AWS) (via Supabase/Vercel)

A full list of current sub-processors is available at reava.co/sub-processors.

5.2 Third-Party Connector Services

When you activate a connector (e.g., Zendesk, HubSpot, Jira), you authorise Reava to access and retrieve data from that third-party platform on your behalf using OAuth tokens or API keys. The data you retrieve remains under your control. Reava does not share your workspace data with those third-party platforms beyond what is required to authenticate and sync.

5.3 Legal Requirements

We may disclose information if required by law, court order, or governmental authority, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

5.4 Business Transfers

If Reava is involved in a merger, acquisition, or asset sale, your information may be transferred. We will notify you before your data is transferred and becomes subject to a different privacy policy.

6. Data Retention

  • Account data is retained for the duration of your account and for up to 90 days after deletion.
  • Workspace signal data and AI Outputs are retained while your account is active and deleted within 30 days of a verified deletion request.
  • Billing records are retained for 7 years as required by financial regulations.
  • Server logs are retained for up to 90 days for security and debugging purposes.

You may request earlier deletion of your data at any time (see Section 8).

7. Security

We implement industry-standard technical and organisational measures to protect your data, including:

  • Encryption in transit (TLS 1.2+) and at rest (AES-256)
  • Row-level security on all workspace-scoped database queries
  • API key and OAuth token storage using server-side secrets, never exposed client-side
  • HMAC-signed internal service tokens for background processing
  • Regular security reviews and penetration testing

No method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee its absolute security.

8. Your Privacy Rights

Depending on your location, you may have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Request that we correct inaccurate or incomplete data.
  • Deletion: Request that we delete your personal data (subject to legal retention obligations).
  • Portability: Request your data in a structured, machine-readable format.
  • Restriction: Request that we restrict processing of your data in certain circumstances.
  • Objection: Object to processing based on our legitimate interests.
  • Withdraw Consent: Where processing is based on consent, withdraw it at any time without affecting prior processing.

To exercise any of these rights, contact us at privacy@reava.co. We will respond within 30 days (or as required by applicable law). We may need to verify your identity before fulfilling a request.

If you are located in the European Economic Area (EEA) or the United Kingdom, you have the right to lodge a complaint with your local data protection authority.

9. International Data Transfers

Reava is incorporated in the United States. If you access the Service from outside the United States, your information may be transferred to and processed in the United States, which may have different data protection laws than your country.

For users in the EEA or United Kingdom, transfers of personal data to the United States are conducted pursuant to Standard Contractual Clauses (SCCs) adopted by the European Commission, or other appropriate transfer mechanisms. Our sub-processors are selected in part on the basis of their compliance with applicable cross-border transfer requirements.

10. Cookies and Tracking Technologies

We use cookies and similar technologies to operate and improve the Service:

  • Essential cookies: Required for authentication, session management, and security. Cannot be disabled.
  • Preference cookies: Remember your settings and preferences across sessions.
  • Analytics cookies: Help us understand how users interact with the Service (using privacy-respecting, aggregated analytics).

You can control non-essential cookies through your browser settings or our cookie preference centre (accessible from the footer of our website). Disabling essential cookies may prevent the Service from functioning correctly.

11. Children's Privacy

The Service is intended for use by businesses and professionals and is not directed at children under the age of 16. We do not knowingly collect personal information from children. If we become aware that we have collected such information, we will take steps to delete it promptly. If you believe a child has provided us with personal data, please contact us at privacy@reava.co.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email (to the address on your account) or by displaying a prominent notice within the Service at least 14 days before the change takes effect. The "Last Updated" date at the top of this document reflects the most recent revision.

Your continued use of the Service after the effective date of a revised Privacy Policy constitutes your acceptance of the changes.

13. Contact Us

If you have any questions or concerns about this Privacy Policy or our data practices, please contact us:

  • Email: privacy@reava.co
  • Website: reava.co/privacy
  • Post: Reava, Inc., [Registered Address], United States