Privacy Policy
Effective: 19 Sep 2025
Who we are
This Privacy Policy explains how AIBZPRO LLC, operating as “Revanx by AIBZPRO” (“Revanx,” “we,” “us,” “our”), collects, uses, discloses, and protects personal data across our websites, applications, APIs, and related services (the “
Company details: AIBZPRO LLC (Revanx by AIBZPRO), registered number 405697946, registeredin Tbilisi, Georgia; domain: revanx.com; contact: connect@aibzpro.com.
Scope and roles
This Policy applies to visitors, applicants, prospects, customers, and end users who interact with our Services, website, and communications.
For Customer tenant data in the platform, Revanx generally acts as a processor/service provider under a Data Processing Addendum (DPA). For website, marketing, account, billing, and product analytics data, Revanx acts as a controller/business.
English controls
If this Policy is translated, the English version controls in case of discrepancy.
This Policy is intended for professional/business users; if any consumer-specific rights apply under local law, they are honored as described below.
Data we collect
Information provided: profile and contact (name, business email, phone), company/brokerage, country, role/team size, practice metrics (volumes, channels), application form responses, support tickets, and feedback.
Account and transactional: plan tier, billing contact, subscription and credit usage, feature activations, and in‑app settings.
Customer Content (tenant data): data, documents, images, communications, and other materials submitted via the Services; model prompts and Outputs are included when associated to an identified account.
Technical and usage: device, browser, IP address, timestamps, pages/screens, feature engagement, crash logs, performance and reliability signals, and cookies/SDK identifiers.
Communications: email, in‑app chat, WhatsApp or other connected channels, and metadata maintained for audit and suppression lists.
Integrations: connection metadata and synced fields from integrated services (e.g., email/calendar/CRM) as configured by the Customer.
Data from third parties
We may receive business contact and firmographic data from partners, referral sources, integration providers, and public sources, used to validate eligibility, improve onboarding, or enrich records for legitimate business purposes.
Where required, we verify that such sources comply with applicable data protection laws and provide appropriate notice and choice.
Cookies and similar technologies
We use cookies, pixels, and SDKs for authentication, security, preferences, analytics, and to improve reliability.
Where required, we present consent tools and honor browser‑based opt‑out preference signals (e.g., Global Privacy Control) for applicable jurisdictions.
Purposes of processing
Provide, secure, and maintain the Services; process transactions and support requests; enable integrations and data flows.
Improve quality, reliability, and performance (e.g., monitoring, “Task Hospital” automatic retries, incident analysis).
Develop new features; conduct product analytics and usage measurement to guide roadmap and performance.
Enforce Terms, prevent fraud/abuse, protect rights, and comply with legal obligations.
Communicate about service updates, onboarding, security, and—where permitted—product briefings and event invites with opt‑out controls.
Lawful bases (EEA/UK where applicable)
Contract necessity: to provide the Services and fulfill our agreement.
Legitimate interests: product reliability, security, business analytics, and limited B2B marketing balanced against privacy expectations.
Consent: where required for certain cookies, marketing, or optional data.
Legal obligations: regulatory and tax compliance, retention, and responses to lawful requests.
Do not upload sensitive data
Unless expressly agreed in writing, do not upload protected health information (PHI), payment card primary account numbers (PCI), children’s data, or other sensitive/special categories of personal data into the Services.
If such processing is approved in writing, additional safeguards and contract terms will apply.
How we share information
Processors/sub‑processors: vetted vendors supporting hosting, storage, email, analytics, incident tooling, customer success, and integration infrastructure under written contracts and access controls.
Integrations: when Customer enables an integration, we share only necessary data with that provider; revocation occurs when the integration is disabled.
Corporate transactions: in a merger, acquisition, or reorganization, personal data may be transferred to a successor, subject to continuity of protections.
Legal: compliance with applicable law, lawful requests, enforcement of Terms, safety, and fraud prevention.
We do not sell personal data and do not “share” personal information for cross‑context behavioral advertising as defined under California law.
International transfers
We operate on reputable cloud infrastructure with tenant‑level data isolation and may transfer data internationally to provide the Services.
For EEA/UK transfers, we rely on EU Standard Contractual Clauses and, as applicable, the UK Addendum or the International Data Transfer Agreement, with annexes describing data categories, purposes, and recipient types.
Security
We implement administrative, technical, and physical safeguards appropriate to the risk, including encryption at rest (AES‑256) and in transit (TLS 1.2+), role‑based access controls, audit logging, real‑time observability, feature flags, safe rollback, and automated retry mechanisms.
We conduct periodic security testing, including annual independent penetration testing, and we investigate incidents promptly; where legally required, we will notify affected parties and/or authorities without undue delay (target within 72 hours of confirmation for notifiable events).
Retention
We retain personal data for as long as necessary to fulfill the purposes above and to meet legal, accounting, or reporting obligations.
Customer Content is retained for the subscription term; system backups are maintained on rolling cycles (e.g., approximately 35 days). After termination, a 30‑day export window applies, followed by deletion subject to legal holds and archival requirements.
Your rights and choices
Marketing controls: opt out of non‑essential emails via unsubscribe links; reply “STOP” on supported messaging channels to opt out per‑channel.
Cookies and signals: manage preferences via browser settings and, where offered, our cookie banner; applicable opt‑out preference signals are honored.
EEA/UK: rights to access, rectification, erasure, restriction, portability, and objection; the right to withdraw consent where processing is based on consent; the right to lodge a complaint with a supervisory authority.
California: rights to know/access categories and specific pieces of personal information, correct inaccuracies, delete, opt out of sale/share (not applicable, as we do not sell/share), limit use of sensitive personal information (not used for additional purposes), and non‑discrimination for exercising rights.
Other regions: similar rights may apply; we will honor valid requests consistent with local law.
Exercising rights
Submit requests or questions to: connect@aibzpro.com or ain@aibzpro.com or yahia@aibzpro.com, or via in‑product privacy settings if available.
We may request reasonable information to verify identity and authority, and will respond within the timelines required by applicable law.
Children’s privacy
The Services are intended for professional use and are not directed to children; we do not knowingly collect personal data from individuals under 13 (or a higher age where required).
If a parent or guardian believes a minor has provided us personal data, contact connect@aibzpro.com and we will take appropriate action.
Messaging compliance
Customers must configure suppression lists and consent capture before using messaging features; Revanx provides tooling to help honor do‑not‑call lists, opt‑outs, and per‑channel consent.
Use of the Services for discriminatory or unlawful outreach is prohibited and may result in suspension under our Terms.
Controller/processor details
For Customer Content processed on behalf of a Customer tenant, Revanx acts as a processor/service provider and will process only pursuant to the Customer’s instructions and the DPA.
For Revanx‑controlled data (site, billing, account, analytics), Revanx acts as controller/business and will process as described in this Policy.
Sub‑processors
We maintain an up‑to‑date list of sub‑processors and material service providers and will provide notice of material changes where required; details are available upon request or as published on our website.
All sub‑processors are bound by written data protection terms, security controls, and confidentiality obligations.
Links and third parties
Our Services may link to third‑party sites or services; such third parties have their own privacy policies and practices.
We are not responsible for third‑party content, privacy practices, or services outside our control.
Changes to this Policy
We may update this Policy to reflect changes to our practices or legal requirements; material changes will be posted on revanx.com and, where appropriate, notified through the Service.
Continued use after an update becomes effective constitutes acceptance of the revised Policy.
Contact us
General and support: connect@aibzpro.com
Privacy/DPO: yahia@aibzpro.com; ain@aibzpro.com
Postal: AIBZPRO LLC, Tbilisi, Georgia
Regional notices (as applicable)
EEA/UK notice
Legal bases: contract necessity, legitimate interests, consent (where required), and legal obligations as described above.
Transfers: EU SCCs with the UK Addendum/IDTA (as applicable) govern international transfers; supplementary measures may be applied based on transfer risk assessments.
Representative: If an EU/UK representative is required under Article 27 GDPR/UK GDPR, we will appoint one and publish contact details in this Policy or the DPA; until then, contact connect@aibzpro.com
Complaints: you may lodge a complaint with your local supervisory authority; we encourage contacting us first so we can address any concerns.
California notice at collection (CPRA)
California notice at collection (CPRA)
Categories collected: identifiers (name, email, phone), commercial information (subscriptions, transactions), internet/network activity (device, usage), professional information (company, role), in‑app communications metadata, and inferences limited to product usage trends; sensitive personal information is not used for additional purposes beyond providing the Services.
Purposes: provide and secure the Services, analytics and reliability, support and communications, legal compliance, and to prevent fraud/abuse.
Retention: as outlined above; retained no longer than reasonably necessary for the disclosed purposes.
Sale/share: we do not sell or share personal information for cross‑context behavioral advertising.
Rights: access, delete, correct, opt out of sale/share (not applicable), limit SPI use (not applicable), and non‑discrimination. Submit requests to privacy@revanx.com.
Canada notice
We process personal information in accordance with applicable Canadian privacy laws (e.g., PIPEDA) and commit to accuracy, access, correction, security safeguards, and openness.
Cross‑border transfers are performed with contractual and technical safeguards; contact privacy@revanx.com for access/correction requests or transfer inquiries.
How this Policy relates to the DPA
This Policy explains our practices when acting as a controller/business and high‑level safeguards when acting as a processor/service provider.
The DPA contains binding processor terms, security measures, transfer mechanisms (SCCs/UK Addendum/IDTA), incident response commitments, and sub‑processor disclosures; it governs where it provides more specific protections for Customer Content.
Acceptance
By accessing or using the Services, you acknowledge this Policy and, where applicable, consent to processing as described.
If you do not agree, do not use the Services and contact us to exercise applicable rights or to request deletion where feasible.