This Privacy Policy applies to every individual who interacts with Revano or whose personal data is processed through the Revano Platform. This includes visitors to our website, Account Owners, authorized Platform users, and individuals whose interaction information is transmitted to the Platform through evidence‑logging functions configured by our Customers.
Data may be processed even if the individual never directly visits Revano, as long as a Customer uses Revano to log evidence containing information about such individual. Customers are responsible for ensuring that such processing is lawful.
Revano is created, owned, and operated by Klaver Solutions, Blaasbalg 14, 8253LX Dronten, The Netherlands (KVK 91096111). Klaver Solutions acts as Data Controller for Platform account information, administration, subscription management, and billing.
Contact: [email protected]
Customers should interpret this Policy together with applicable law and ensure End Users are informed of how their personal data may be processed through the Platform.
Klaver Solutions acts as Data Controller for personal data submitted directly to Revano by Account Owners (e.g., emails, authentication details, configuration). For data submitted by Customers about End Users, Klaver Solutions acts solely as Data Processor under the Customer’s instructions and lawful basis.
Customers remain legally responsible for GDPR or equivalent compliance when processing and transmitting End‑User data to Revano.
We collect identifiers such as username, contact email, password hash, and organization name where applicable. Passwords are never stored in plaintext and use secure hashing and encryption. Session information, including IP addresses and device information, may be logged for security and integrity.
Revano receives and records evidence of actions taken by End Users within a Customer’s product or service. Customers configure their own logging and control which fields are transmitted.
We process data to provide dispute‑readiness, evidence generation, and tamper‑evident audit trails; maintain service integrity; validate authentication sessions; enforce security controls; create exportable evidence reports; detect fraudulent usage; and comply with billing and contractual obligations.
We do not use personal data for targeted advertising or unrelated profiling, and we do not resell or trade personal information.
Platform account and operational processing rely on performance of a contract and legitimate interests in securing Platform operation and preventing fraud, and may be required to comply with laws (e.g., accounting or regulatory obligations). End‑User data processing by Customers is based on the Customer’s lawful basis (e.g., legitimate interests, contract, consent).
Customers are responsible for determining their lawful basis for End‑User logging and for meeting notification and consent requirements where applicable.
We apply layered security including encryption of authentication secrets, PBKDF2‑SHA256 password hashing, TLS, secure session cookies, CSP enforcement, server‑side auditing, least‑privileged access, rate‑limiting, abuse detection, and tamper‑evident export hashing.
No security method guarantees absolute protection; residual risks may exist due to the nature of networked systems.
We implement privacy‑by‑design: truncated identifiers, centralized server‑side logging, preventing End Users from altering logs, limiting stored data, and using logs solely for evidence purposes.
We rely on trusted sub‑processors (hosting, email, support tooling, payments) under GDPR‑aligned data processing agreements. A current list is available upon request. Changes may occur; Customers may be notified where legally required.
When transferring personal data outside the EEA, approved mechanisms (such as Standard Contractual Clauses) are applied, supplemented by technical measures. Customers should review mechanisms for their own compliance requirements.
Personal data is retained as long as necessary to provide services. Upon complete deletion requests, associated personal data (logs, credentials, configuration) is removed unless legal obligations require retention. After subscription expiry, data is retained up to 90 days and then permanently deleted, except where legally required under Dutch or applicable accounting laws.
Certain billing or accounting records may be retained to comply with Dutch commercial recordkeeping and tax laws. These are stored separately from operational evidence logs and protected under confidentiality and retention principles.
Depending on law, individuals may request access, correction, deletion, portability, or restriction, and object to certain processing. Requests related to End‑User data must be directed to the Customer who submitted the data. We assist Customers, where legally required, in responding to valid requests.
The Platform is not intended for individuals under 16. Customers must not transmit personal data relating to minors unless permitted and verified. We will delete information where we become aware of violations.
We do not conduct automated decision‑making that produces legal or significant effects on individuals. Automated processing may detect possible abuse or security incidents solely to maintain Platform security.
We may disclose personal data as required under law, court order, regulatory obligations, or legitimate governmental requests, and where necessary to enforce contractual rights, investigate unlawful activity, or prevent harm or fraud.
If a personal data breach impacts data for which we act as Data Processor, we will notify the affected Customer without undue delay. Customers determine any required notifications to End Users or supervisory authorities.
Customers are responsible for informing End Users about processing through Revano, including purposes, lawful basis, retention, and rights, and for ensuring consent handling where necessary and compliance with jurisdictional obligations.
Upon termination, the 90‑day retention period applies as described above. After expiration, all personal data is permanently removed and cannot be recovered. Customers acknowledge the consequences of non‑renewal or intentional deletion.
We may modify this Policy to comply with new legal requirements, reflect Platform changes, or improve clarity. The latest version will be published with the revision date; Customers are responsible for reviewing changes.
Klaver Solutions
Blaasbalg 14
8253LX Dronten
The Netherlands
KVK 91096111
Email: [email protected]