Privacy Policy

Last updated: June 2026

1. Who we are

Revliq ("Revliq", "we", "us", or "our") is a software-as-a-service platform available at revliq.co. The platform is operated by [OPERATOR LEGAL NAME], an individual sole operator based in Portugal, who acts as the data controller for personal data processed about Revliq account holders.

This Privacy Policy explains what personal data we collect, why, how we use and protect it, and the rights you have under the EU General Data Protection Regulation (GDPR) and applicable Portuguese law. For any privacy question or to exercise your rights, contact us at privacy@revliq.co.

2. Our two roles (controller and processor)

We act as a data controller for the personal data of our account holders (for example, your registration details and billing information).

When you use Revliq to run campaigns, track clicks, filter traffic, or manage landing pages, Revliq processes data about the visitors and end users of your campaigns (such as IP address, device and browser information). For that data, you are the controller and Revliq acts as a processor on your behalf and under your instructions. You are responsible for having a lawful basis and an appropriate privacy notice for the data you collect through your campaigns.

3. Information we collect

  • Account information: name, email address, and a hashed password when you register.
  • Billing information: subscription plan, billing status, and payment identifiers. Card payments are processed by Stripe; we do not store full card numbers.
  • Integration credentials: OAuth tokens, API keys, and credentials you provide to connect third-party platforms (e.g. TikTok). Credentials stored in the Accounts Vault and integration tokens are encrypted at rest.
  • Content you create or upload: landing pages, creatives, images, avatars, and chat-style mockups, together with metadata about exports you generate.
  • Campaign and tracking data: click identifiers (including ad-network click IDs such as ttclid), conversion events, attribution data, and performance metrics for your campaigns.
  • Visitor / traffic data: for tracking and traffic-filtering features, we process the IP address, user agent, referrer, approximate location, and device signals of visitors to your campaign links, on your behalf.
  • Usage and device data: pages visited, features used, actions taken, and technical log data (IP, browser, timestamps) when you use the platform.

4. How we use your information and our legal bases

Under the GDPR we rely on the following legal bases:

  • Performance of a contract (Art. 6(1)(b)): to create and operate your account, provide the platform's features, connect to third-party APIs you authorise, and process your subscription.
  • Legitimate interests (Art. 6(1)(f)): to secure the platform, prevent fraud and abuse, moderate generated content, and improve our services. We balance these interests against your rights.
  • Legal obligation (Art. 6(1)(c)): to keep records required by tax, accounting, or other laws.
  • Consent (Art. 6(1)(a)): where required, for example for certain non-essential communications. You may withdraw consent at any time.

We use the data to provide, maintain, secure and improve Revliq; to process payments; to send transactional emails (verification, password resets, billing, security notices); to respond to support requests; and to detect and prevent misuse.

5. Cookies and similar technologies

We use strictly necessary cookies and local storage to keep you signed in (authentication tokens) and to operate core features. We use a limited amount of usage data to understand how the platform is used and to improve it. We do not use third-party advertising cookies on the Revliq dashboard.

6. Third parties and sub-processors

We share personal data only with service providers that help us run Revliq, under appropriate data-processing terms. We do not sell your personal data. Our main sub-processors are:

  • Stripe — payment and subscription processing.
  • TikTok — when you connect a TikTok advertiser or, in the future, a TikTok content/creator account, we exchange data with TikTok's APIs to provide the features you request.
  • Railway — application hosting and PostgreSQL database hosting.
  • Verification and engagement providers — providers used for SMS/email verification features and for engagement-order features (e.g. JAP), where you choose to use them.

We may also disclose data where required by law, to enforce our terms, or to protect the rights, safety, and security of Revliq, our users, or others.

7. International transfers

Some of our sub-processors (such as Stripe and TikTok) may process data outside the European Economic Area. Where this happens, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses or an adequacy decision, so that your data remains protected.

8. Data retention

We keep account and billing data for as long as you have an account and as required to comply with legal obligations. Campaign, tracking, and content data are retained while your account is active or until you delete them. When you close your account, we delete or anonymise your personal data within a reasonable period, except where we must keep certain records (for example, invoices) to meet legal requirements.

9. How we protect your data

We apply technical and organisational measures appropriate to the risk, including encryption of integration credentials and vault entries at rest, hashing of passwords, encrypted connections (HTTPS) in transit, access controls, and short-lived authentication tokens. No method of transmission or storage is completely secure, but we work to protect your data and to address any incident promptly.

10. Your rights

Subject to applicable law, you have the right to:

  • access the personal data we hold about you;
  • have inaccurate data corrected;
  • have your data erased ("right to be forgotten");
  • restrict or object to certain processing;
  • receive your data in a portable format;
  • withdraw consent where processing is based on consent.

To exercise any of these rights, email privacy@revliq.co. You also have the right to lodge a complaint with your local data protection authority. In Portugal this is the Comissão Nacional de Proteção de Dados (CNPD).

US residents (including California): if you are a US resident, you have the right to know what personal information we collect about you and how we use it, to request access to or deletion or correction of that information, and to not be discriminated against for exercising your rights. We do not sell your personal information, and we do not share it for cross-context behavioral advertising. To make a request, email privacy@revliq.co.

11. Children

Revliq is intended for users aged 18 and over and is not directed to children. We do not knowingly collect personal data from anyone under 18. If you believe a minor has provided us with personal data, contact us and we will delete it.

12. Changes to this policy

We may update this Privacy Policy from time to time. We will revise the "Last updated" date above and, where changes are significant, take reasonable steps to notify you. Continued use of the platform after an update constitutes acceptance of the revised policy.

13. Contact

For any privacy question or request, contact us at privacy@revliq.co.