Legal
Privacy Policy
How we collect, use, and protect your personal data.
Last updated: 1 April 2026 · Effective: 1 April 2026
1. Who We Are
Revo Technologies ("Revo", "we", "our", or "us") provides cloud-based business management software for hospitality, transport, retail, and other industries. Our registered office is in Tirana, Albania.
This Privacy Policy explains what personal data we collect when you use our website at revo.al and our SaaS platform, why we collect it, and how we use and protect it.
2. Data We Collect
Depending on how you interact with Revo, we may collect the following categories of data:
- Account data: Name, email address, company name, job title, and password hash when you register for a trial or paid account.
- Billing data: Payment card details (processed by our payment provider — we store only the last four digits and expiry), billing address, and invoice history.
- Usage data: Pages visited, features used, session duration, browser type, operating system, and IP address — collected via server logs and analytics.
- Support data: Messages, attachments, and metadata you submit when contacting our support team.
- Customer data: Data entered by you into our platform on behalf of your own customers (e.g., reservation records, guest profiles). This is processed under your instruction as described in Section 8.
3. How We Use Your Data
We use your personal data for the following purposes:
- To create and manage your account and subscription.
- To provide, operate, and improve our platform and services.
- To process payments and issue invoices.
- To send transactional emails (account confirmations, password resets, subscription notices).
- To respond to support requests and troubleshoot issues.
- To send product updates or marketing communications, where you have given consent or where permitted by law.
- To detect, prevent, and respond to fraud, abuse, or security incidents.
- To comply with legal obligations.
4. Legal Basis for Processing
We process your personal data on the following legal grounds under the GDPR:
- Contract performance: Processing necessary to deliver the services you have subscribed to.
- Legitimate interests: Improving our platform, preventing fraud, and maintaining platform security.
- Consent: Sending marketing emails and setting non-essential cookies where you have opted in.
- Legal obligation: Retaining billing and accounting records as required by applicable law.
5. Data Sharing and Third Parties
We do not sell your personal data. We share it only in the following circumstances:
- Service providers: We use trusted third-party processors (payment gateways, cloud hosting, email delivery, analytics) who handle data only on our behalf and are bound by data processing agreements.
- Legal requirements: We may disclose data when required by applicable law, court order, or government authority.
- Business transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction, subject to equivalent privacy protections.
We require all third-party processors to maintain appropriate security measures and to use your data only for the purposes we specify.
6. Cookies
Our website uses cookies and similar tracking technologies. We use:
- Essential cookies: Required for authentication, session management, and security. These cannot be disabled.
- Analytics cookies: Used to understand how visitors interact with our site. Requires consent.
- Preference cookies: Remember your settings and choices across sessions.
You can manage or withdraw consent for non-essential cookies at any time via your browser settings or our cookie banner.
7. Data Retention
We retain your personal data for as long as necessary to provide our services and comply with legal obligations:
- Account data is retained for the duration of your subscription and for up to 24 months after closure.
- Billing records are retained for 7 years to comply with accounting and tax regulations.
- Support correspondence is retained for 3 years.
- Usage logs are anonymised or deleted after 12 months.
8. Your Rights
If you are located in the European Economic Area, you have the following rights regarding your personal data:
- Access: Request a copy of the personal data we hold about you.
- Rectification: Correct inaccurate or incomplete data.
- Erasure: Request deletion of your data ("right to be forgotten"), subject to legal retention requirements.
- Portability: Receive your data in a structured, machine-readable format.
- Objection: Object to processing based on legitimate interests or for direct marketing.
- Restriction: Request that we limit processing in certain circumstances.
- Withdraw consent: Where processing is based on consent, withdraw it at any time without affecting prior processing.
To exercise any of these rights, contact us at privacy@@revo.al. We will respond within 30 days. You also have the right to lodge a complaint with your local data protection authority.
9. International Data Transfers
Our services are hosted in the European Union. Where data is transferred outside the EEA — for example, to third-party processors — we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission or the recipient country's adequacy decision.
10. Security
We apply industry-standard technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These include encryption in transit (TLS), encryption at rest, access controls, and regular security assessments.
No method of transmission over the internet is completely secure. In the event of a data breach that is likely to result in a high risk to your rights, we will notify you and the relevant supervisory authority as required by law.
11. Children's Privacy
Our platform is designed for business use and is not directed at individuals under the age of 18. We do not knowingly collect personal data from minors. If you believe we have inadvertently collected such data, please contact us and we will delete it promptly.
12. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. We will notify you of material changes by email or by a prominent notice on our platform at least 14 days before the change takes effect. The "Last updated" date at the top of this page indicates when the policy was last revised.
13. Contact
For privacy-related questions, requests, or concerns, please contact our Data Protection team:
- Email: privacy@@revo.al
- Post: Revo Technologies, Rruga "Dritan Hoxha", Tirana 1023, Albania
For general enquiries, visit our Contact page.