← Back to Revwy

Compliance & Data Protection

Last updated: June 3, 2026

Jeet Dhandha ("Revwy", "we", "us") operates revwy.com. This page summarises the data-protection frameworks we align with, the rights you have under them, the security measures we apply, and the providers (sub-processors) that process data on our behalf. It complements our Privacy Policy.

1. GDPR & UK GDPR (EU / EEA / United Kingdom)

Where we process the personal data of individuals in the EU, EEA, or UK, we act in line with the EU General Data Protection Regulation (GDPR) and the UK GDPR.

Lawful basis. We process personal data on the basis of (a) performance of our contract with you — to create, host, and maintain your site and account; (b) our legitimate interests — to secure, operate, debug, and improve the service; (c) your consent — for non-essential analytics, which you can withdraw at any time; and (d) compliance with legal obligations.

Your rights. Subject to the conditions in the GDPR, you have the right to:

  • access the personal data we hold about you;
  • rectify inaccurate or incomplete data;
  • erase your data ("right to be forgotten");
  • restrict or object to processing;
  • data portability — receive your data in a machine-readable form;
  • withdraw consent where processing is based on consent; and
  • lodge a complaint with your local supervisory authority (for example, in Germany, your state Data Protection Authority / the BfDI).

International transfers. Revwyis operated from India, and our providers process data in the United States, the European Union, and the Asia-Pacific region. Where personal data of EU/EEA/UK individuals is transferred outside those regions, the transfer is covered by an appropriate safeguard — the European Commission's Standard Contractual Clauses (SCCs) and the UK International Data Transfer Addendum within our providers' Data Processing Agreements, and the EU–US Data Privacy Framework where a provider is certified.

2. CCPA / CPRA (California, USA)

For California residents, under the CCPA as amended by the CPRA you have the right to know what personal information we collect, to request its deletion, to correct it, and to opt out of its sale or sharing. We do not sell your personal information, and we do not share it for cross-context behavioural advertising. To exercise these rights, use the contact route in section 7.

3. India — DPDP Act 2023

Revwy is operated from Rajkot, Gujarat, India. We handle personal data in line with India's Digital Personal Data Protection Act, 2023 — collecting data for clear, lawful purposes, limiting it to what the service needs, and honouring requests to access or erase it.

4. Payments — PCI-DSS

Subscription payments are processed by a third-party payment processor that is certified to PCI-DSS Level 1, the highest level of the Payment Card Industry Data Security Standard. We never receive or store full card numbers — card data is entered directly with the processor over an encrypted connection.

5. Security measures

  • Encryption in transit — all traffic is served over HTTPS/TLS.
  • Encryption of secrets at rest — application secrets are stored encrypted, not in plaintext.
  • Access controls — least-privilege access to systems and data, with row-level security on our database.
  • Authentication — sign-in uses one-time email codes; we do not store passwords.
  • Incident handling — we work to detect issues and to notify affected users and authorities of material personal-data breaches as required by law.

No method of transmission or storage is completely secure, but we apply industry-standard measures and review our infrastructure regularly.

6. Sub-processors

We use the following providers to operate Revwy. Each acts as a data processor bound by a Data Processing Agreement and processes data only as needed for its function:

  • Cloud hosting — runs the application that serves the site.
  • Managed database, storage & authentication — stores your account and site data and issues sign-in codes.
  • Payment processor — processes subscription payments (PCI-DSS Level 1).
  • Transactional email provider — delivers sign-in codes and service emails.
  • Product analytics provider — measures aggregate, privacy-respecting usage to improve the service.
  • CDN / network security provider — fronts the site for performance and protection against abuse.

7. Exercising your rights & contacting us

To make a data-protection request — access, correction, deletion, portability, or to withdraw consent or object to processing — visit our Support page or email support@revwy.com. We respond within the timeframe required by applicable law (for GDPR, within one month). We may need to verify your identity before acting on a request.

For full detail on what we collect and why, see our Privacy Policy.