Privacy Policy

We collect the categories of information below to operate the booking marketplace. All data is linked to your Revly account unless we say otherwise.

Contact information — Your name, email, and phone number when you create an account or sign in with Apple or Google. The address you use as a service location for a booking.

Location data — Your precise device location (GPS) when you grant permission, used to match you with nearby providers, calculate ETAs, and show live arrival on the map. Consumers grant "While Using" access; providers grant "Always Allow" so customers can see live position when the provider's app is backgrounded. Location is not collected when the app is closed.

Identifiers — A user ID generated by our authentication system, and a device push notification token used to deliver booking updates.

Purchases — Your booking and payment history, including service type, date, amount, and the provider who performed the work. We do not receive or store card numbers, expiry dates, or CVV codes.

User content — Photos you upload (profile, vehicle, job-completion documentation), in-app chat messages between you and your provider, booking notes, and support requests or dispute descriptions.

Diagnostics — Anonymized crash reports and performance metrics from Firebase. This is the only category we collect that is not linked to your identity.

We do not collect: • Card numbers, expiry dates, or CVV — handled by Stripe • Browsing or search history • Your iOS contacts • Health, fitness, or biometric data • Sensitive personal information such as race, religion, sexual orientation, or political views • Usage analytics through third-party SDKs — we do not use Mixpanel, Amplitude, Segment, PostHog, or similar

We do not track you across other apps or websites, and we do not sell your data to advertisers.

We use the information we collect to: • Operate the booking marketplace, including matching you with providers, processing payments, and showing real-time service tracking • Send transactional emails and push notifications such as booking confirmations, status updates, and receipts • Provide customer support and resolve disputes • Detect and prevent fraud, abuse, or security incidents • Comply with legal and tax obligations

We share data with the service providers below to run the app. Each is bound by a data-processing agreement that requires confidentiality and limits use to the purposes we authorize.

• Supabase — backend database, authentication, realtime sync, and file storage; hosts account data, bookings, addresses, vehicles, messages, photos, and support tickets
• Stripe — collects card details directly through the Stripe SDK (these never touch our servers) and handles payments and provider payouts via Stripe Connect
• Apple — Apple Sign In identity tokens and Apple Pay payment tokens
• Google — Sign In identity tokens, plus Maps and Places APIs for ETA and address autocomplete
• Firebase Cloud Messaging — push notification delivery
• Resend — sends transactional emails such as confirmations and password resets

We also share information with the independent provider assigned to your booking — your name, contact, service location, vehicle details, and any photos or notes you attach — strictly to fulfill the service you booked.

We use your location to find nearby providers, calculate driving distances and ETAs, and show live tracking when a provider is on the way to you. You can revoke location access in iOS Settings at any time; some features will stop working without it. We never sell or share location data with advertisers.

Card details are collected and processed directly by Stripe, a PCI-DSS-compliant payment processor. Revly's servers receive only Stripe's payment-method reference (for example pm_xxx) and the metadata associated with a transaction such as amount, status, and timestamp. We never receive or store full card numbers, expiry dates, or CVV codes.

We use industry-standard safeguards including TLS 1.2+ encryption in transit, encryption at rest, role-based access controls, and audited cloud infrastructure to protect your information. No system is perfectly secure, but we maintain a process for promptly investigating and addressing reported vulnerabilities. Email [email protected] to report one.

You have the right to: • Access — view all data tied to your account from the Account screen in the app • Correct — edit your profile, vehicles, addresses, and payment methods at any time • Delete — request account deletion by emailing [email protected]; we will delete your account and all linked records within 30 days, subject to the retention rules below • Export — request a JSON export of your data by emailing [email protected] • Withdraw consent — revoke location, notifications, or camera access from iOS Settings; some features may stop working without them

• While your account is active, we retain your data so the app continues to function
• If you delete your account, we remove your records within 30 days
• We retain financial records such as receipts and payouts for up to 7 years to comply with Canadian tax law (CRA)
• Crash and performance data is kept by Firebase for 90 days, then aggregated and anonymized
• Push notification tokens are deleted when you sign out or uninstall the app

Revly is not intended for users under 18, and our Terms of Service require all users to be 18 or older. We do not knowingly collect personal information from anyone under that age. If you believe a child has provided us with personal information, contact [email protected] and we will delete it.

We may update this policy from time to time. When we do, we will revise the "Last updated" date at the top. Material changes will also be communicated through the app or by email. Continued use of Revly after a change constitutes acceptance of the revised policy.

Privacy questions: [email protected] General support: [email protected] Legal notices: [email protected]