Privacy Policy

Last update: June 8, 2021
Thank you for trusting Reveall with your customer insights, study details, customer journeys and your personal information. Holding onto your private information is a serious responsibility. We want you to know how we're handling it.This Privacy Policy reuses definitions as outlined in our Terms of Service.

The short version

  1. Your data is yours & you can change or delete it at any time.
  2. We never share any information about your insights, studies or journeys with anyone unless Owner explicitly allow us to.
  3. To provide better service, we share some statistical data and some personal information with third parties.
  4. We encrypt backups and generally make sure your data is safe.
  5. We will only share data with law enforcement when we are legally required to do so.
  6. If you have questions, or want to export or delete your data, please write to

Your rights

  1. You can object to the processing of your personal information, ask us to restrict the processing of your personal information, or request portability of your personal information. You can exercise these rights by emailing
  2. You have the right to opt-out of marketing communications we send you at any time. You can exercise this right by clicking on the “unsubscribe” or “opt-out” link in the marketing emails we send you. To opt-out of other forms of marketing, please contact us by emailing
  3. Similarly, if we have collected and process your personal information with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect the processing of your personal information conducted in reliance on lawful processing grounds other than consent.
  4. You have the right to complain to a data protection authority about our collection and use of your personal information. For more information, please contact your local data protection authority.
If you want to request an export or deletion of your personal data, and have an account with us, please contact us at Please note that we cannot delete personal data in open accounts when you’re not the Account Owner, as this would prevent us from providing the service the account owner is paying for (We suggest that you contact the Account Owner in question to ask them to anonymize or remove your data).

In order to accommodate customers who need older data restored, we keep backups for 30 days and cannot delete personal data from them as these are stored off-site, read-only and heavily encrypted and compressed. If we do have access or restore data to our production systems or for purposes of debugging, any deletions of personal data will be applied retroactively or the personal data will be anonymized.

We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws.

Data retention and deletion schedules

Application Data and Backups
Backups are securely encrypted and stored as defined in this Privacy Policy.

In order to accommodate customers who need older data restored, we keep backups for 30 days and cannot delete personal data form them as these are stored off-site, read-only and heavily encrypted and compressed. If we do have access or restore data to our production systems or for purposes of debugging, any deletions of personal data will be applied retroactively or the personal data will be anonymized.
Purchase Records and Invoices for our Services and Products
We keep copies of all purchasing records for tax and auditing purposes. We need to store this data for 7 years to comply with Dutch tax law.
Content and Personal Metadata
We will keep your content (like insights, studies, journeys) and your personal metadata (like name, email address, profile image). We will store this data for as long we provide the Service to your organization, unless you delete it or request its deletion (barring legal requirements).
Metadata collected by 3rd-party services
Some 3rd party services collect data independently from us, and have incorporated it as part of their service. See Sharing of Data chapter.

We do not store any copies of this data, and Data Subject Requests for this data must be submitted to the 3rd party service, since we do not control the data.

Data Processing Agreement

As an Owner, you are responsible for providing a Data Processing Addendum (DPA) which meets GDPR requirements for agreements between Data Controllers and Data Processors (us) if necessary.

Data collected

We collect anonymous data from every visitor of to monitor traffic and fix bugs. For example, we collect information like web requests, the data sent in response to such requests, the IP address, the browser type, the browser language, and a timestamp for the request.

For the Service, we ask you to register an account, log in and provide certain information (such as names and email addresses of your team members) in order to be able to store your insights, studies and journeys, as well as periodically bill you for use of the Service.

We use cookies to store session information for your convenience. Cookies must be enabled to use the Website and the Service. We do not use cookies for tracking outside of the Platform.

In order to take advantage of certain features of the Service, you may also choose to provide us with other personal information, such as your picture and job title, but your decision to utilize these features and provide such data will always be voluntary.

Use of data

We only use your personal information to provide you with the Service and to communicate with you about the Service or This includes both automated and manual processing of data.

With respect to any data you may choose to enter or upload to Reveall, we take your privacy and confidentiality of this data seriously. Your data (in the Service) is specifically not shared between accounts or with the public by default. We employ industry standard techniques to protect against unauthorized access of data that we store, including personal information. All backups of your data are securely encrypted.

Please note that if you choose to share data (like sharing an insight via a public shareable link), we are not responsible for any violation of privacy law you may be liable for.

We do not share personal information you have provided to us without your consent, unless there is a legal ground to do so (as outlined in the GDPR legal grounds for processing).

Reveall may contact you by email. For example, Reveall may send you promotional emails relating to Reveall or communicate with you about your use of the Reveall Website and Service. We will only send you these emails if you have explicitly expressed interest in them. You may decide to opt out of receiving emails at any time by clicking unsubscribe at the bottom of any Reveall email. Please note that for some emails (for example billing issues), there’s no option to opt-out.

Sharing of data

We don’t share your personal information with third parties except as listed below. Other then the information outlined below, only aggregated, statistical data is periodically transmitted to external services to help us improve the Reveall Website and Service.

For client-side analytics and tracking beacons, you’re welcome to use content blocking software; just be aware that this may influence our ability to identify errors and performance problems in your account. We also can’t guarantee that Reveall will work as intended.
Communication when getting started with Reveall, about new features, special offers relating to the service and recommendations on how to use Reveall:
  1. Intercom: your name, email and aggregated account statistics (privacy policy)
Providing email support:
  1. Google Apps: email correspondence with you when you contact support (privacy policy)
Tracking errors and measuring performance:
  1. Sentry: no personally identifiable data is shared (privacy policy)
  2. Google Analytics: no personally identifiable data is shared (privacy policy)
Provisioning of application features:
  1. Google Apps: bookkeeping of your billing and contract statuses (privacy policy)
  2. Moneybird: company name, owner name, invoicing information, subscription plan, periods, invoice total (privacy policy)
Service hosting, transactional email and data backups:
  1. Amazon AWS (hosted in EU - Ireland and Frankfurt): hosting of Reveall servers, databases including all customer data. Some data, like passwords, is always encrypted by industry standard measures. AWS is also used for sending transactional emails and storing encrypted archives of backup data and profile images. (privacy policy)
If Reveall B.V. is (partially) acquired or merged with another company, or Reveall B.V. sells the Reveall Website and Service to an other company, or if Reveall B.V. goes out of business or enters bankruptcy, user information may be transferred to a third party. You acknowledge that such transfers may occur, and that any acquirer of Reveall B.V. or its assets may continue to use your personal information as set forth in this policy.

Changes to this privacy policy

We may amend this Privacy Policy from time to time. Use of information we collect now is subject to the Privacy Policy in effect at the time such information is used. If we make any significant changes in the way we collect or use information, we will notify you by posting an announcement on the Website or sending you an email. A user is bound by any changes to the Privacy Policy when he or she uses the Services after such changes have been first posted.


Should you have any question or concern, please write to, or write to:

Reveall B.V.
Govert Flinckstraat 177
1073BT Amsterdam
The Netherlands

If you need to contact a data privacy officer, please use the contact information above.