Privacy Policy

Reveal is committed to protecting your privacy. We created this Privacy Policy ("Policy") to give you confidence as you visit and use the Services. This Policy covers how we collect, use, store, and share your information which on its own, or in combination with other information, may be used to identify you as an individual ("Personal Data"). This Policy complies with the requirements of GDPR. The provisions of our Terms of Service (the "Terms") apply to this Policy as well. Do not hesitate to contact us at info@doreveal.com if you have any questions or want to discuss this Policy. Capitalized terms used but not defined herein shall have the meanings given to them in the Terms.

This Policy also describes our practices related to information of individuals with whom we communicate for marketing or promotional purposes but who may not otherwise use or access the Software (the "Marketing Recipients"). By using the Services and agreeing to this Policy, or by agreeing to this Policy as a Marketing Recipient, you consent to the privacy practices described in this Policy.

We use your data to provide and improve our Services. By using our Services, you agree to the collection and use of information in accordance with this Policy.

2. Information Collection and Use

We collect several different types of Personal Data for various purposes in order to provide and improve our Service for you.

3. Types of Data Collected

Personal Data

While using our Services, we may ask you to provide us with the following Personal Data: (a) Email address (b) First name and last name (c) Location Data (as defined below) (d) Usage Data (e) Device ID. In addition, we will receive any of your Personal Data that is included in the Company Data that you or another user affiliated with your Company submits.

If you are a Marketing Recipient we may use your Personal Data to contact you with newsletters, marketing or promotional materials and other information that may be of interest to you. You may opt-out of receiving any, or all, of these communications from us by following the unsubscribe link or emailing us at info@doreveal.com.

Usage Data

We may also collect information that your browser sends whenever you visit our Service or when you access Service by or through a mobile device ("Usage Data"). This Usage Data may include information such as your computer's Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Service that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers and other diagnostic data. When you access Service with a mobile device, this Usage Data may include information such as the type of mobile device you use, your mobile device unique ID, the IP address of your mobile device, your mobile operating system, the type of mobile Internet browser you use, unique device identifiers and other diagnostic data.

Location Data

We may use and store information about your location if you give us permission to do so ("Location Data"). We use this data to provide features of our Service, to improve and customize our Service. You can enable or disable location services when you use our Service at any time by way of your device settings.Other DataWhile using our Services, we may also collect information that, on its own, is not Personal Data, but when combined with your Personal Data, could become Personal Data.

Such information includes:
(a) Language
(b) Country
(c) Region (state)
(d) City(e) DMA (Designated Market Area)
(f) Device Type
(g) OS
(h) Carrier
(i) Device ID

4. Cookies

We use cookies and similar tracking technologies to track the activity on our Service and we hold certain information. Our cookies do not collect Personal Data. Cookies are files with a small amount of data which may include an anonymous unique identifier. Cookies are sent to your browser from a website and stored on your device. Other tracking technologies are also used such as beacons, tags and scripts to collect and track information and to improve and analyze our Service. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Service.

Examples of Cookies we use:
(a) Session Cookies: We use Session Cookies to operate our Service.
(b) Preference Cookies: We use Preference Cookies to remember your preferences and various settings.
(c) Security Cookies: We use Security Cookies for security purposes.
(d) Advertising Cookies: Advertising Cookies are used to serve you with advertisements that may be relevant to you and your interests.

5. Use of Data

Reveal uses the collected data for various purposes:

(a) to provide and maintain our Services;

(b) to notify you about changes to our Service;

(c) to allow you to participate in interactive features of our Service when you choose to do so;

(d) to provide customer support;

(e) to gather analysis or valuable information so that we can improve our Service;

(f) to monitor the usage of our Service;

(g) to detect, prevent and address technical issues;

(h) to fulfill any other purpose for which you provide it;

(i) to carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collection;

(j) to provide you with notices about your account and/or subscription, including expiration and renewal notices, email-instructions, etc.;

(k) to provide you with news, special offers and general information about other goods, services and events which we offer that are similar to those that you have already purchased or enquired about unless you have opted not to receive such information;

(l) in any other way we may describe when you provide the information;

(m) for any other purpose with your consent.

6. Retention of Data

We will store your Personal Data for as long as it is needed to provide the Services, however, we may not know if you have stopped using the Services so we encourage you to contact us if you are no longer using the Services. However, if required by applicable law, we may retain your Personal Data for such period as may be required by such law. To continue to provide an effective service, we may store non-Personal Data perpetually and may anonymize your Personal Data and store that anonymized information perpetually.

We will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period, except when this data is used to strengthen the security or to improve the functionality of our Service, or we are legally obligated to retain this data for longer time periods.

Additionally, as described in this Policy, we use third parties to provide the Services and do not have full control over their practices related to storage and retention of your Personal Data. However, we will work with such third parties to delete or modify your Personal Data to the extent required by GDPR and the European Commission's model contracts for the transfer of personal data to third countries (the "SCCs").

7. Transfer of Data

Your information, including Personal Data, may be transferred to - and maintained on - computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ from those of your jurisdiction.

If you are located outside United States and choose to provide information to us, please note that we transfer the data, including Personal Data, to United States and process it there. Your consent to this Policy followed by your submission of such information represents your agreement to that transfer.

Information collected in the European Union ("EU") and European Economic Area ("EEA") may be transferred, stored and processed by us or third parties (as provided in this Policy) in the United States and other countries whose data protection laws may be different than the laws of your country. Whenever we transfer your Personal Data out of the EEA, we ensure a similar degree of protection is afforded to it by entering into SCCs with the relevant third party. Please contact us at info@doreveal.com if you want further information on the specific mechanism used by us when transferring your Personal Data out of the EEA. As described in this Policy, we may share Personal Data with third parties and may be required to disclose information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements

8. Disclosure of Data

Information Shared By You Through The Services

You may, now or in the future, be able to choose to voluntarily share Personal Data collected through the Services.

Our Personnel

To be able to effectively provide you with the Services, and to improve the functionality of the Services, we may disclose your Personal Data to our personnel, including our employees, contractors, and agents, to the extent that such persons or entities have a need-to-know such information in furtherance of the Services.

Our Vendors

We work with third party service providers to provide product analytics, customer analytics, website, application development, hosting, maintenance, data processing, customer service, payment processing, and other services for us in furtherance of the Services. These third parties may have access to or process your Personal Data as part of providing those services for us. However, we limit the information provided to these service providers to that which is reasonably necessary for them to perform their functions and we have contracts in place with such vendors in line with the Article 28 requirements of GDPR, pursuant to which they are required, amongst other things, to maintain the confidentiality of the Personal Data to the extent required by GDPR. When you make a payment via our Services, we do not collect the financial information you provide. Rather, the information is collected by Stripe, a third- party payment platform which collects a user's name, email, credit card information, and other information a user provides to Stripe. We do not share any Personal Data with Stripe and we do not receive any Personal Data from Stripe. We only receive a confirmation from Stripe that there was a successful transaction completed on payment but no Personal Data is transferred between Stripe and Reveal. Stripe may also collect data from you in the capacity of data controller. Please see Stripe's privacy policies for more information:https://stripe.com/privacy.

Sale of Company or Assets

In the event that we sell all or substantially all of our company or its assets, including the Personal Data collected through our Services, we may transfer your information to the acquiring company.

Other Third Parties

In addition to our practices described above, we may share your Personal Data if we have a good-faith belief that such action is necessary to (1) comply with the law (see the section below on "Government Requests"), (2) protect and defend the rights or property of Reveal, or (3) prevent an emergency involving danger of death or serious physical injury to any person. We will only share your Personal Data for the foregoing reasons to the extent permitted by GDPR or other applicable data privacy laws.As described herein, our Services utilize numerous third-party services as part of the functionality of the Services. We may share your Personal Data with third parties as explained in this Policy. We have no control over such third parties, except to the extent required by GDPR and the SCCs. We encourage you to review the privacy practices of such third parties. We make no guarantees about, and assume no responsibility for, the information, services, or data/privacy practices of third parties, except to the extent required by GDPR and the SCCs

9. Security of Data

We use reasonable efforts to secure your Personal Data and to prevent the loss, misuse, and alteration of the information that we obtain from you. For example, we require our employees to sign confidentiality agreements that extend to your Personal Data, train our personnel on privacy issues as needed, review the privacy practices of new products and services that we integrate into our Services, and we review the privacy practices of new products and services that we integrate into our Services. In addition, we use reasonable technical safeguards such as encryption and secure hosting provided by industry leading third party vendors, to secure your Personal Data. However, loss, misuse, and alteration may occur despite our efforts to protect your Personal Data. We are not responsible to our users or to any third party due to any such loss, misuse, or alteration, except to the extent required by GDPR, the SCCs, or other applicable law.

10. Your Data Protection Rights Under General Data Protection Regulation (GDPR)

If you are a resident of the EU and EEA, you have certain data protection rights, covered by GDPR. - See more at https://eur-lex.europa.eu/eli/reg/2016/679/oj

We aim to take reasonable steps to allow you to correct, amend, delete, or limit the use of your Personal Data.

If you wish to be informed what Personal Data we hold about you and if you want it to be removed from our systems, please email us at info@doreveal.com.

In certain circumstances, you have the following data protection rights:

(a) the right to access, update or to delete the information we have on you;

(b) the right of rectification. You have the right to have your information rectified if that information is inaccurate or incomplete;

(c) the right to object. You have the right to object to our processing of your Personal Data;

(d) the right of restriction. You have the right to request that we restrict the processing of your personal information;

(e) the right to data portability. You have the right to be provided with a copy of your Personal Data in a structured, machine-readable and commonly used format;

(f) the right to withdraw consent. You also have the right to withdraw your consent at any time where we rely on your consent to process your personal information. Please note that we may ask you to verify your identity before responding to such requests. Please note, we may not be able to provide some or all of the Services without some necessary data, including Personal Data. Upon receipt of any of the above request(s), we will reflect any changes you request in our databases to the full extent required by GDPR, the SCCs, or other applicable law and we will confirm the changes to you. You have the right to complain to a Data Protection Authority about our collection and use of your Personal Data. For more information, please contact your local data protection authority in the EEA.

The legal grounds for our processing of your Personal Data for the purposes above are:

- first and foremost, you provided your consent by agreeing to this Policy, which you may withdraw at any time by emailing us at info@doreveal.com;

- it is necessary for our contractual relationship;

- the processing is necessary for us to comply with our legal or regulatory obligations; and/or

- the processing is in our legitimate interest as a provider of the Services (for example, to protect the security and integrity of our systems and to provide you with customer service and the core functionality of the Services)

11. California Users

CCPA>‍

For purposes of this Section 11 only, the terms "personal information," "collection," "sell," "business purpose" and "commercial purpose" have the meaning given to them under the California Consumer Privacy Act of 2018, as amended (the "CCPA").

If you reside in California, you may have certain rights as set forth below. These rights are in addition to any other rights you may have under this Policy. If you have any questions about these rights or how to exercise them, please contact us at info@doreveal.com. Please note that we may disclose your personal information for business or commercial purposes as described in this Policy. For more information about the categories of personal information we collect, the sources from which we collect personal information and how use, disclose and share such information, please see this Policy.

You have the right to request that we disclose to you what personal information about you we collect, use, disclose and sell. Subject to certain limitations in the CCPA, you also have the right to request that we delete your personal information. You may submit such a request by contacting us at info@doreveal.com, or by completing the form on the Website for such purpose. If you submit a request by email, your email must include "California Request" in the subject line. We will not discriminate against you for exercising your rights under the CCPA.

The CCPA also provides California consumers the right to opt out of the sale of their personal information. As explained in this Policy, we do not sell the personal information of our users.

We reserve the right to verify any request made under the CCPA by asking you to provide supporting documentation that the request is submitted by you, although we are not obligated to verify a request. You may also choose to have an agent submit a request on your behalf, in which case we may, but are not obligated to, verify that the agent is authorized to act on your behalf. We assume no responsibility for responding to any consumer requests.

We do not track you or collect your information across third party websites or online services. Thus, we do not receive Do-Not-Track signals, or other similar signals. To the extent that we do receive any such signals, we will not comply with them as it is not an aspect of the functionality of the Services.

12. Links to Other Sites

Our Services may contain links to other sites that are not operated by us. If you click a third-party link, you will be directed to that third party's site. We strongly advise you to review the Policy of every site you visit.

We have no control over and assume no responsibility for the content, privacy policies or practices of any third-party sites or services.

13. Children's Privacy

Our Services are not intended for children under 16 years of age. No one under age 16 may provide any Personal Data to us via the Services or otherwise. We do not knowingly collect Personal Data from children under 16. If you are under 16, do not provide any Personal Data on the Services or on or through any of its features (such as by registering for an account), make any purchases through the Services, or provide any information about yourself to us, including your name or email address. If we learn we have collected or received Personal Data from a child under 16 without verification of parental consent, we will delete that information. If you believe we might have any information from or about a child under 16, please contact us at info@doreveal.com.

14. Customer End User Data

Reveal is the controller of Personal Data that is processed under this Policy, which includes Personal Data Reveal collects from: (i) visitors to the Website; (ii) Customers (as defined below) when our use of the Services register to use the Software through the Website or access their account through the account portal; and (iii) when we receive Personal Data from Marketing Recipients.

Reveal is not the controller of Personal Data of Customer End Users (as defined below). "Customers" are individuals or entities that register to use the Reveal Services. With respect to Reveal's Customers, Reveal is a processor, and Reveal processes the Personal Data collected by our Customers and shared with Reveal only in accordance with the instructions of our Customers. Our Customers may integrate into their mobile applications, websites or other services (collectively, 'Customer Applications') certain aspects of our Services in order to understand how their own users ('Customer End Users') engage with the Customer Applications ('Customer End User Data').

Our Customers, not Reveal, choose the type of Customer End User Data collected by Customer Applications, and processed, transferred and stored through our Customers' use of the Services. We process the Customer End User Data only according to the instructions of Customers and, our legal obligations with respect to the Customer End User Data is set forth in the agreement between us and our Customers. The collection of Customer End User Data through Customer Applications is governed by our Customers' privacy policies, and if you are a Customer End User then you should review the Customer's privacy policy to learn more about the Customer's data handling practices.

While Reveal recognizes that an individual has the right to access, delete and amend the data collected about that individual, Reveal does not have a relationship with the Customer End Users but rather only with our Customers. If you are a Customer End User and you would like to access, amend or delete your data, then you need to contact the Customer directly and Reveal will respond within a reasonable period of time to any such request by our Customer.

Reveal only retains the Customer End User Data we process on behalf of our Customers for as long as necessary to provide the Product to our Customers or as required to comply with legal obligations, resolve disputes and enforce any agreement.

15. Changes to This Policy

We may update our Policy from time to time. We will notify you of any changes by posting the amended Policy on this page.

We will let you know via email and/or a prominent notice on our Services, prior to the change becoming effective and update "effective date" at the top of this Policy.

You are advised to review this Policy periodically for any changes. Changes to this Policy are effective when they are posted on this page.

16. Contact Us

If you have any questions about this Policy, please contact us by email: info@doreveal.com.