Privacy Policy

Last updated: February 2026. This policy describes how Ravefy (ravefy.io) collects, uses, and protects your data and the data of your customers who submit testimonials.

This privacy policy is provided as a general framework. Consult a qualified legal professional for compliance with specific regulations like GDPR or PDPA.

1. Information We Collect

We collect the following types of information:

  • Account information: Name, email address, and company name provided during registration.
  • Testimonial data: Customer names, testimonial text, ratings, and photos uploaded by you or submitted by your customers through intake forms.
  • Usage data: Feature usage patterns, generation counts, and page views to improve the Service.
  • Payment data: Payment information is collected and processed by Polar (polar.sh) as our Merchant of Record. Ravefy does not store credit card numbers on our servers.

2. How We Use Your Information

  • To provide and improve the Ravefy service
  • To generate AI marketing content from your testimonials
  • To send transactional emails (e.g., new testimonial notifications)
  • To communicate service updates and important notices
  • We process testimonial data solely to provide the Ravefy service (content generation, storage, and display via widgets)

Important commitments:

  • We do NOT sell your personal data to third parties
  • We do NOT resell, distribute, or share customer testimonial data with third parties for commercial or promotional purposes
  • We do NOT use your testimonial data or generated content to train AI models

3. AI Processing

When you generate content, your testimonial text and brand voice settings are sent to Anthropic's Claude API via an encrypted connection for processing. Key details:

  • This data is processed in real-time and is not stored by Anthropic for training purposes (per Anthropic's API data usage policy)
  • We send the customer's name, title, and company as attribution context. We do NOT send their email address or photo to the AI.
  • Generated content is stored in your Ravefy account and is not shared with other AI providers

4. Payment Processing

  • Payments are processed by Polar (polar.sh) as our Merchant of Record
  • Polar collects and processes payment information directly — Ravefy does not store credit card numbers, bank details, or other payment credentials
  • Polar handles tax compliance (VAT, GST, sales tax) in applicable jurisdictions
  • For payment-related inquiries, you may contact Polar directly or reach us at support@ravefy.io

5. Data Sharing

We share data only with the following service providers, strictly for operating Ravefy:

ProviderPurpose
SupabaseDatabase hosting and authentication
AnthropicAI content generation (testimonial text only)
PolarPayment processing (Merchant of Record)
ResendTransactional email delivery
Vercel / RailwayApplication hosting

We do NOT sell, rent, or trade your personal data or your customers' testimonial data to any third party.

6. Data Storage and Security

  • Data is stored on Supabase (hosted on AWS infrastructure)
  • All data is encrypted in transit (SSL/TLS) and at rest
  • Row Level Security (RLS) ensures complete data isolation between users
  • Regular security updates and patches are applied

7. Public Testimonial Data

Testimonials displayed via the testimonial wall widget are publicly accessible by design. You control which testimonials are visible on your public wall using the visibility toggle on each testimonial.

Public intake forms collect data from your customers on your behalf. You are responsible for informing your customers about how their data will be collected, stored, and displayed.

The consent disclaimer on our intake forms states: "By submitting, you consent to your testimonial being used for marketing purposes." This provides basic consent for testimonial collection and display.

8. Data Retention

Your data is retained for as long as your account is active. Upon account deletion, all your data — including testimonials, generated content, brand voice settings, and usage data — is permanently removed within 30 days.

You may export your data before deletion by contacting support.

Backup copies may persist in encrypted backups for up to an additional 30 days after deletion, after which they are permanently purged.

9. Cookies

  • Essential cookies: Used for authentication and session management. Required for the Service to function.
  • Analytics cookies: Used to understand how the Service is used and improve the experience. We do not use advertising cookies.

You may disable non-essential cookies through your browser settings. Disabling essential cookies may prevent the Service from functioning correctly.

10. Your Rights

  • Access: Request a copy of your data at any time.
  • Correction: Update inaccurate information via your Account Settings.
  • Deletion: Delete your account and all associated data from Account Settings.

For GDPR, PDPA, or other regulatory requests, contact us at support@ravefy.io.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email. Your continued use of the Service after changes become effective constitutes acceptance of the revised policy.

12. Contact

Privacy questions? Contact us at support@ravefy.io.

Ravefy is operated by Nino Santos from Singapore. For data protection inquiries: support@ravefy.io