Skip to main content
ReevyReevy

Privacy Policy

Last updated: February 21, 2026

1. Introduction

We take the protection of your personal data very seriously. This privacy policy informs you about how we collect, process, and use your personal data when you use our website and services ("Reevy"), and about your rights under the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG).

2. Controller

The controller responsible for data processing on this website within the meaning of Art. 4(7) GDPR is:

SX Solutions GbR
Hollerallee 87, 28209 Bremen, Germany
Email: info@reevy.ai

3. Legal Basis for Processing

We process your personal data on the following legal bases under Art. 6(1) GDPR:

  • Consent (Art. 6(1)(a) GDPR) – Where you have given us explicit consent to process your data for specific purposes, such as receiving marketing communications.
  • Performance of a contract (Art. 6(1)(b) GDPR) – Where processing is necessary for the performance of a contract with you or to take pre-contractual steps at your request, such as creating your account or providing our services.
  • Legitimate interests (Art. 6(1)(f) GDPR) – Where processing is necessary for our legitimate interests, such as improving our services, fraud prevention, and IT security, provided these interests are not overridden by your rights.
  • Legal obligation (Art. 6(1)(c) GDPR) – Where processing is necessary for compliance with a legal obligation, such as tax or commercial record-keeping requirements.

4. Data We Collect

We collect and process the following categories of personal data:

  • Account data – Email address, name, profile information, and authentication credentials provided during registration and account management.
  • Usage data – Information about how you interact with our platform, including pages visited, features used, timestamps, and session data.
  • User-generated content – Creative briefs, prompts, uploaded brand assets, generated ad creatives, and other content you create or upload within the platform.
  • Payment data – Billing information, subscription details, and payment method data processed by our payment providers (Polar and Stripe).
  • Technical data – IP address, browser type and version, operating system, device type, referrer URL, and other data automatically transmitted by your browser.

5. Cookies

Our website uses cookies. Cookies are small text files stored on your device by your browser. We use essential cookies for authentication and session management (legal basis: Art. 6(1)(b) GDPR), and optional cookies for analytics and user preferences (legal basis: Art. 6(1)(a) GDPR). You can configure your browser to reject cookies, although this may limit certain functionality.

6. Server Log Files

Our hosting provider automatically collects and stores information in server log files, which your browser transmits to us. This includes: browser type and version, operating system, referrer URL, IP address (anonymized), hostname of the accessing computer, and time of the server request. This data is processed on the basis of Art. 6(1)(f) GDPR (legitimate interest in ensuring secure and stable operation). This data is not merged with other data sources and is automatically deleted after 30 days.

7. Analytics

We may use web analytics services to analyze the use of our website. The usage data collected (e.g., visited pages, access times, usage duration) is evaluated pseudonymously to improve our services. The legal basis is Art. 6(1)(f) GDPR (legitimate interest in optimizing our offering).

8. Third-Party Services and Sub-Processors

To provide our services, we rely on the following third-party service providers (sub-processors) who may process personal data on our behalf:

  • Vercel Inc. (USA) – Website hosting and content delivery. Vercel processes your IP address and request metadata to serve our website. Vercel may transfer data to the United States. Privacy policy
  • Convex, Inc. (EU Tenant) – Real-time backend infrastructure, database, and authentication services. Convex processes application data you store in our platform, including account information and user-generated content. Data is hosted on Convex's European tenant. Privacy policy
  • Clerk, Inc. (USA) – User authentication and identity management. Clerk processes your email address, name, profile picture, and login credentials. Privacy policy
  • Google LLC (USA) – OAuth authentication ('Sign in with Google'). When you choose to sign in with your Google account, Google processes your name, email address, and profile picture to authenticate your identity. This data is only processed if you actively use Google sign-in. Privacy policy
  • Anthropic, PBC (USA) – AI-powered content generation. Anthropic processes the prompts, brand context, and creative briefs you submit to generate ad creatives. Anthropic does not use your data submitted via the API to train its models. Privacy policy
  • Google LLC (USA) – AI-powered content generation via the Gemini API. Google processes the prompts and creative briefs you submit to generate content. Data submitted via the API is not used to train Google's models. Privacy policy
  • Polar SH (EU) – Subscription management and billing orchestration. Polar processes your subscription status, plan details, and billing information. Privacy policy
  • Stripe, Inc. (USA) – Payment processing (used via Polar). Stripe processes your payment card details, billing address, and transaction information. Stripe is PCI DSS Level 1 certified. Privacy policy
  • Resend, Inc. (USA) – Transactional email delivery. Resend processes your email address to deliver service-related emails such as account confirmations and notifications. Privacy policy
  • Sentry (Functional Software, Inc., USA – EU Data Residency) – Error tracking, performance monitoring, and session replay. Sentry collects error reports (including stack traces and browser information), performance data (page load times, navigation events), and may record session replays (anonymized recordings of user interactions) when errors occur. With your consent or based on our legitimate interest in service stability, personal data such as IP address and user identifiers may be transmitted. Data is processed on Sentry's European servers (Germany). Privacy policy
  • Meta Platforms Ireland Limited (Ireland) – Meta Pixel and Conversion API for marketing attribution and campaign performance measurement. With your consent, we process event data such as page views, signup and checkout interactions, IP address, browser details, and conversion identifiers (e.g., event ID and checkout ID). Some data may be transferred to Meta group entities outside the EU under appropriate safeguards. Privacy policy

9. International Data Transfers

Some of our sub-processors are based in the United States. Where personal data is transferred outside the European Economic Area (EEA), we ensure that appropriate safeguards are in place in accordance with Art. 44–49 GDPR. These include EU Standard Contractual Clauses (SCCs) agreed upon with US-based providers, reliance on the EU-U.S. Data Privacy Framework where applicable, and selection of providers that maintain EU data residency where available (e.g., Convex EU tenant). You may request a copy of the relevant safeguards by contacting us.

10. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by law. Specifically: account data is retained for the duration of your account and deleted within 30 days of account deletion; user-generated content (creatives, brand assets) is deleted within 30 days of account deletion or upon your request; payment and billing records are retained for the statutory period required by German tax law (currently 10 years under §147 AO); server log files are automatically deleted after 30 days; and communication records are retained for up to 3 years for legitimate business purposes.

11. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction in accordance with Art. 32 GDPR. These include encryption of data in transit (TLS/HTTPS) and at rest, access controls and authentication mechanisms, regular security assessments, and use of PCI DSS-certified payment processors for financial data.

12. Your Rights Under GDPR

Under the General Data Protection Regulation, you have the following rights regarding your personal data. To exercise any of these rights, please contact us at info@reevy.ai:

  • Right of access (Art. 15 GDPR) – You have the right to obtain confirmation as to whether your personal data is being processed and to receive a copy of that data.
  • Right to rectification (Art. 16 GDPR) – You have the right to request the correction of inaccurate personal data.
  • Right to erasure (Art. 17 GDPR) – You have the right to request the deletion of your personal data, subject to legal retention obligations.
  • Right to restriction of processing (Art. 18 GDPR) – You have the right to request the restriction of processing under certain conditions.
  • Right to data portability (Art. 20 GDPR) – You have the right to receive your personal data in a structured, commonly used, and machine-readable format.
  • Right to object (Art. 21 GDPR) – You have the right to object to the processing of your data based on legitimate interests at any time.
  • Right to withdraw consent (Art. 7(3) GDPR) – Where processing is based on consent, you may withdraw that consent at any time without affecting the lawfulness of prior processing.

13. Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority if you believe that the processing of your personal data infringes the GDPR (Art. 77 GDPR). The competent supervisory authority for us is: Die Landesbeauftragte für Datenschutz und Informationsfreiheit der Freien Hansestadt Bremen, Arndtstraße 1, 27570 Bremerhaven, Germany. Website: https://www.datenschutz.bremen.de

14. Changes to This Privacy Policy

We may update this privacy policy from time to time to reflect changes in our practices or legal requirements. We will notify you of significant changes by posting a notice on our website. We encourage you to review this page periodically.

15. Contact for Data Protection

If you have any questions about data protection or wish to exercise your rights, please contact us at: info@reevy.ai

Privacy Policy | Reevy