Privacy Policy

Last updated: March 4, 2026

RevealUI Studio ("we", "us", "our") operates the RevealUI platform, including revealui.com, cms.revealui.com, api.revealui.com, and docs.revealui.com (the "Service"). This Privacy Policy describes how we collect, use, and protect your personal information.

1. Information We Collect

Account Information

When you create an account, we collect your email address, name, and password (stored as a bcrypt hash). If you sign up via OAuth (Google, GitHub), we receive your provider profile information.

Payment Information

Payment processing is handled entirely by Stripe. We never store credit card numbers. We store your Stripe customer ID to link your account to your subscription.

Usage Data

We collect server logs (IP address, request path, user agent) for security monitoring and debugging. Logs are retained only as long as necessary for security and operational purposes.

Content Data

Any content you create through the CMS (posts, pages, media) is stored in your database. For hosted plans, this data is stored in NeonDB (PostgreSQL) and Supabase.

2. How We Use Your Information

• To provide and maintain the Service
• To process payments and manage subscriptions
• To send transactional emails (password resets, billing notifications, license delivery)
• To detect and prevent fraud, abuse, and security incidents
• To respond to support requests

We do not sell your personal information. We do not use your data for advertising.

3. Data Sharing

We share data only with:

• Stripe — for payment processing (Stripe Privacy Policy)
• NeonDB — database hosting (Neon Privacy Policy)
• Vercel — application hosting (Vercel Privacy Policy)
• Resend — transactional email delivery (Resend Privacy Policy)

4. Data Retention

Account data is retained while your account is active. After account deletion, we permanently remove your personal data within 30 days. Server logs are retained only as long as necessary for security and operational purposes. Billing records are retained as required by tax law (typically 7 years).

5. Your Rights (GDPR / CCPA)

You have the right to:

• Access your personal data — available via your account settings or by contacting us
• Export your data — use the GDPR export endpoint in the CMS
• Delete your account and all associated data — use the account deletion feature or contact us
• Correct inaccurate data — update your profile in the CMS admin
• Object to processing — contact us at the email below

California residents: Under the CCPA, you have the right to know what personal information we collect and to request its deletion. We do not sell personal information.

6. Security

We protect your data using: bcrypt password hashing, session-based authentication with secure cookies, rate limiting and brute force protection, HTTPS/TLS encryption in transit, and encrypted database connections.

7. Cookies

We use essential cookies only: a session cookie for authentication. We do not use tracking cookies, analytics cookies, or advertising cookies.

8. Children

The Service is not intended for children under 13. We do not knowingly collect personal information from children under 13.

9. Changes

We may update this Privacy Policy from time to time. We will notify registered users of material changes via email.

10. Contact

For privacy-related questions or to exercise your data rights, contact us at support@revealui.com.