GBPRevive
Legal

Privacy Policy

Last updated April 24, 2026

Summary

We collect the minimum data needed to run your scans, deliver the paid product you bought, and bill you correctly. We don’t sell your data and we don’t advertise to you. Payments are processed by Paddle (our Merchant of Record) and we do not store full card details on our own servers.

1. Who is the data controller

GBPRevive is the data controller for personal data processed through the service. For questions about this policy or to exercise your rights, email support@gbprevive.com.

2. What we collect

  • Account data: email address, hashed password (or OAuth provider identifier), account creation date.
  • Scan inputs: the website URL and Google Maps URL you submit, and any business-profile metadata we fetch from public sources.
  • Uploaded documents (Recovery Kit users only): business licence, utility bill, storefront photos, etc. Stored encrypted at rest.
  • Billing data: subscription status, plan, purchase history. Full payment card details are held by Paddle, not by us.
  • Usage data: server logs (IP, user-agent, timestamps), product analytics events (pageviews, feature interactions), and error reports.
  • Contact form submissions: name, email, subject, message, and source IP for spam prevention.

3. How we use it

  • To run scans and deliver reports you request.
  • To generate recovery drafts and score uploaded evidence.
  • To send you transactional emails (scan results, monitoring alerts, billing receipts, security notices).
  • To send product updates and marketing emails — only if you opted in. You can unsubscribe at any time.
  • To detect abuse, prevent fraud, and comply with legal obligations.

4. Legal bases (GDPR / UK GDPR)

We process personal data under: (a) contract — to deliver the service you signed up for; (b) legitimate interests — security, abuse prevention, product improvement; (c) consent — marketing emails, optional analytics; (d) legal obligation — tax records, responding to lawful requests.

5. Sub-processors we use

We share data with the following providers, each bound by a data-processing agreement:

  • Supabase — database and authentication hosting.
  • Vercel — application hosting and edge delivery.
  • Paddle — payment processing and tax handling (Merchant of Record).
  • Resend — transactional email delivery.
  • Google (Gemini API, Places API) — AI enrichment of scan reports and public listing metadata.
  • Google Analytics 4 — anonymised aggregate product usage analytics.

6. International transfers

Some sub-processors above store data outside your country, including in the United States and the European Union. Where required, we rely on Standard Contractual Clauses and equivalent safeguards.

7. Retention

  • Scans: retained while your account is active. Anonymous public scans: purged after 30 days.
  • Uploaded evidence documents: deleted 90 days after Recovery Kit completion unless you request earlier deletion.
  • Billing records: retained for at least 7 years to meet tax and accounting obligations.
  • Server logs: retained for up to 90 days for security and debugging.

8. Your rights

Depending on your jurisdiction you have the right to access, correct, delete, export, or restrict processing of your personal data, and to object to processing based on legitimate interests. To exercise any of these, email support@gbprevive.com. You may also lodge a complaint with your local data protection authority.

9. Cookies

We use strictly necessary cookies for authentication and security, and (with your consent where required) analytics cookies to understand aggregate usage. We do not use advertising cookies.

10. Security

Data in transit is encrypted with TLS. Data at rest in our primary database is encrypted. Access to production systems is restricted and logged. No system is perfectly secure; if we become aware of a breach affecting your data, we will notify you without undue delay.

11. Children

The service is not directed at children under 16. We do not knowingly collect personal data from children.

12. Changes

We will post material changes to this policy at least 14 days before they take effect and notify active subscribers by email.

13. Contact

Privacy questions: support@gbprevive.com or the contact page.