Revstarr← Back to home

Privacy Policy

Last updated: May 2026

Introduction

RevStarr (“we”, “us”, “our”) respects your privacy and is committed to protecting your personal data. This Privacy Policy explains what data we collect, how we use it, and what rights you have regarding this data. This policy applies to all users of the RevStarr platform (revstarr.com) and all subdomains.

What Data We Collect

Data entered by business owners (users): First and last name, business name, email address, phone number; business address, opening hours, service description; logo and branding (colors, fonts); payment information (processed via Paddle—we do not store card details).

Data collected automatically when booking an appointment: First and last name of the customer booking the appointment, customer email address, customer phone number, selected services, date and time of the appointment.

Review Data: Rating (1–5 stars) and customer comments; WhatsApp correspondence in the case of private feedback.

Technical Data: IP address, browser and device type; server logs (automatically, for diagnostic purposes).

How We Use Your Data

  • Service Provision: Managing appointments, sending confirmations and reminders, and collecting reviews.

  • Communication: Sending transactional emails and WhatsApp messages related to appointments.

  • Payment: Processing subscriptions via Paddle.

  • Platform Improvement: Analyzing anonymized usage data to improve the service.

  • Legal Obligation: Retaining data to the extent required by law.

We do not sell your data to third parties or use it for marketing purposes without your explicit consent.

Third Parties with Whom We Share Data

To provide this service, we use the following trusted third-party providers:

Google Firebase (Alphabet Inc.) Data storage (Firestore), user authentication, and file storage (Firebase Storage). The data is stored on Google servers in EU regions.

Firebase Privacy Policy → https://policies.google.com/privacy

Meta Platforms (WhatsApp Business API) Sending WhatsApp messages (appointment confirmations, reminders, review requests). To send messages, the customer's phone number is transmitted to the WhatsApp Business API.

WhatsApp Privacy Policy → https://www.meta.com/legal/privacy-policy/

Resend Inc. Sending transactional emails (appointment confirmations, reminders, review requests). To send emails, the customer's email address is transmitted to Resend.

Resend Privacy Policy → https://resend.com/legal/privacy-policy

Paddle (Paddle.com Market Limited) Processing subscription payments for business owners. Payment card data never reaches our servers—Paddle processes it directly as the Merchant of Record.

Paddle Privacy Policy → https://www.paddle.com/legal/privacy

Vercel Inc. Hosting platform and serverless functionality. Technical logs are stored on Vercel's infrastructure for a short period.

Vercel Privacy Policy → https://vercel.com/legal/privacy-policy

Data Retention Period

We retain data for as long as necessary to provide the service. Appointment data is retained for up to two (2) years. After account deactivation, we delete the data within 90 days, unless the law requires a longer retention period.

Your Rights (GDPR)

According to the General Data Protection Regulation (GDPR), you have the following rights:

  • Right of access: You can request a copy of your personal data.

  • Right to rectification: You can request the correction of inaccurate data.

  • Right to erasure: You can request the erasure of your data (“right to be forgotten”).

  • Right to object: You can object to certain types of processing.

  • Right to data portability: You can request the transfer of your data in a machine-readable format.

  • Right to restriction of processing: You can request the restriction of the processing of your data.

To exercise these rights, please write to us at privacy@revstarr.com. We will respond within 30 days.

Data Security

We use industry-standard security measures: HTTPS encryption, Firebase Security Rules, JWT token authentication, and restricted data access. We regularly review and update our security practices.

Cookies

The platform uses a minimal number of cookies.