// legal document
This Privacy Policy explains how RevuFlex Ltd collects, uses, stores, and protects your personal data. We are committed to handling your information responsibly and in compliance with the UK GDPR, the Data Protection Act 2018, and applicable international data protection laws.
RevuFlex Ltd ("RevuFlex", "we", "us", or "our") is the data controller responsible for your personal data.
This Policy applies to revuflex.com, all applications published by RevuFlex (including The Kiss App), and our client development services. Each individual application may also have its own supplementary privacy notice, which should be read alongside this policy.
Our website is a simple informational site with no contact forms, user accounts, or analytics tracking. The only personal data we receive is when you email us directly at legal@revuflex.com.
| Data | Purpose | Legal Basis |
|---|---|---|
| Your email address and message contents | Responding to your enquiry | Legitimate interests (Art. 6(1)(f) UK GDPR) |
Applications published by RevuFlex may collect personal data depending on the app's functionality. Full details are in each app's supplementary privacy notice. Generally:
| Category | Examples | Purpose | Legal Basis |
|---|---|---|---|
| Account data | Email, username, hashed password | Authentication | Contract (Art. 6(1)(b)) |
| Usage data | Features used, session length, crash logs | Performance & improvement | Legitimate interests (Art. 6(1)(f)) |
| Communications | Messages, media, voice notes | Core service delivery | Contract (Art. 6(1)(b)) |
| Location data | GPS (only when user enables feature) | Location-sharing features | Consent (Art. 6(1)(a)) |
| Device data | Model, OS version, push token | Compatibility & notifications | Legitimate interests (Art. 6(1)(f)) |
| Payment data | Transaction records (no card details) | Subscription management | Contract (Art. 6(1)(b)) |
| Data | Purpose | Legal Basis |
|---|---|---|
| Name, job title, company name | Client identification & project management | Contract (Art. 6(1)(b)) |
| Email address, phone number | Project communication & delivery | Contract (Art. 6(1)(b)) |
| Billing address, payment info | Invoicing via Stripe or bank transfer | Contract (Art. 6(1)(b)) |
| Project materials you share | Delivering agreed scope of work | Contract (Art. 6(1)(b)) |
| Communications & emails | Project management & legal compliance | Legitimate interests / Legal obligation |
The revuflex.com website does not currently use cookies, analytics scripts, tracking pixels, or any automated data collection technologies. No cookies are set when you visit our website.
Individual applications published by RevuFlex may use cookies or equivalent technologies within the app environment, disclosed in the relevant app's privacy notice. If we introduce cookies to our website in future, we will update this policy and implement a consent mechanism before doing so.
We do not sell, rent, or trade your personal data to third parties. We may share data only in these limited circumstances:
Trusted third-party processors operating under strict data processing agreements:
We may disclose data if required by law, regulation, or legal process, or to protect the rights, property, or safety of RevuFlex, our users, or the public.
In the event of a merger, acquisition, or asset sale, your data may be transferred. We will notify you in advance and inform you of any choices regarding your data.
We may share data with third parties for other purposes where we have obtained your explicit prior consent.
RevuFlex primarily processes data within the UK and EEA. Where we transfer data outside these regions, we ensure appropriate safeguards are in place, such as UK adequacy regulations, ICO-approved standard contractual clauses, or other legally recognised mechanisms. You may request details by contacting legal@revuflex.com.
| Data Type | Retention Period |
|---|---|
| Email enquiries and correspondence | 2 years from last contact |
| Client project data and contracts | 7 years from project completion |
| Financial and billing records | 7 years (UK tax law) |
| Application account data | Duration of account + 30 days post-deletion |
| Application usage and diagnostic data | Up to 12 months, rolling |
When data is no longer required, it is securely deleted or anonymised.
We implement appropriate technical and organisational measures to protect your data, including TLS/SSL encryption in transit, encryption at rest, access controls limiting data to authorised personnel, and regular review of security practices.
No method of transmission over the internet is 100% secure. In the event of a personal data breach likely to result in high risk to your rights, we will notify you without undue delay in accordance with UK GDPR obligations.
Under UK GDPR, you have the following rights regarding your personal data:
| Right | What It Means |
|---|---|
| Access | Request a copy of the personal data we hold about you. |
| Rectification | Ask us to correct inaccurate or incomplete data. |
| Erasure | Ask us to delete your data in certain circumstances. |
| Restrict Processing | Ask us to limit how we use your data in certain circumstances. |
| Data Portability | Receive your data in a structured, machine-readable format. |
| Object | Object to processing based on legitimate interests or for direct marketing. |
| Withdraw Consent | Withdraw consent at any time where processing is consent-based. |
| Automated Decisions | Not be subject to solely automated decisions that significantly affect you. |
To exercise any of these rights, contact us at legal@revuflex.com. We will respond within one calendar month. We may need to verify your identity before processing your request.
You also have the right to lodge a complaint with the Information Commissioner's Office (ICO):
If you are based in the EU or EEA, you may also lodge a complaint with your local data protection authority.
Our website and client development services are not directed at children under 13. We do not knowingly collect personal data from children under 13 without verified parental consent. If you believe we have inadvertently collected such data, contact us at legal@revuflex.com and we will delete it promptly.
Individual applications may have specific age restrictions, disclosed clearly in each app's description and supplementary privacy notice.
RevuFlex Ltd is registered with the Information Commissioner's Office (ICO) as a data controller in accordance with the Data Protection Act 2018. Our registration details are available on the ICO's public register.
We may update this Privacy Policy from time to time. For material changes affecting how we process your data or your rights, we will provide advance notice by email or by posting a prominent notice on our website. We encourage you to review this policy periodically.
Questions about this Privacy Policy or how we handle your data?
We aim to respond to all privacy enquiries within 5 business days and formal data subject rights requests within one calendar month.