Privacy Policy

Last updated: 2025-01-01

Revivaly ("the Service", "we", "our", "us") provides an online platform that allows users to upload photos and generate nostalgic videos using artificial intelligence (AI). Your privacy is extremely important to us, and this Privacy Policy explains how we collect, use, store, and protect your personal information.

Information We Collect

Information You Provide

  • Uploaded photos and media files
  • Titles, descriptions, and notes added to videos
  • Email address or anonymous identifier (via Supabase authentication, including Google OAuth)
  • Payment information (processed securely via Stripe — we do not store card details)

Information Collected Automatically

  • Device details (browser, OS, IP address, language)
  • Usage data (pages visited, time spent, clicks)
  • Cookies and tracking technologies
  • Logging for security and performance

How We Use the Information

We process data for the following purposes:

  • To generate requested AI videos from user-uploaded photos
  • To provide, maintain, and improve the Service
  • To implement caching and avoid unnecessary re-generation costs
  • For debugging, analytics, security, and fraud prevention
  • To process payments
  • To authenticate users (including via Google OAuth)
  • To comply with legal obligations

We never use your photos or videos to train AI models.

Legal Basis for Processing (GDPR)

We rely on:

  • Contractual necessity — to provide the video generation service
  • Your consent — for cookies, optional emails
  • Legitimate interest — to ensure platform security and prevent fraud
  • Legal obligation — when required by law

Data Storage & Retention

  • Photos and generated videos are stored temporarily for processing.
  • Cached results may be stored for limited time to reduce costs.
  • Payment data is processed by Stripe, not Revivaly.
  • When a user deletes their account or requests removal, personal data is erased unless we must retain it for legal reasons.

Google User Data

Revivaly uses Google OAuth for user authentication. This section describes how we access, use, store, and share Google user data in compliance with Google's Limited Use requirements.

Data We Access

When you sign in with Google, we access the following information from your Google account:

  • Email address (required for account creation and communication)
  • Name (if provided, used to personalize your experience)
  • Profile picture (if provided, used for account display)
  • Google user ID (used for authentication purposes)

How We Use Google User Data

We use Google user data solely for the following purposes:

  • Authentication: To verify your identity and enable secure access to your Revivaly account
  • Account Management: To create and maintain your user account, including associating your uploaded content with your account
  • Communication: To send you service-related notifications and updates (only with your consent)
  • Service Provision: To provide, maintain, and improve our video generation service

Data Storage

Google user data is stored securely through our authentication provider (Supabase) and is subject to the same security measures described in the Security Measures section. We do not store your Google password or access tokens beyond what is necessary for authentication.

Data Sharing

We do not sell, rent, or share your Google user data with third parties except:

  • With our authentication provider (Supabase) as necessary to provide authentication services
  • When required by law or to protect our rights and the safety of our users
  • In connection with a business transfer (merger, acquisition, etc.), with notice to users

Compliance with Google's Limited Use Requirements

Our use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

  • We only use Google user data to provide or improve our user-facing features
  • We do not transfer Google user data to others unless doing so is necessary to provide or improve our features, comply with applicable law, or as part of a merger, acquisition, or sale of assets
  • We do not use Google user data for serving advertisements
  • We do not allow humans to read Google user data unless we have your affirmative agreement, or for security purposes (such as investigating abuse), to comply with applicable law, or for our internal operations when the data have been aggregated and anonymized

Your Rights

You can revoke our access to your Google account at any time by:

  • Visiting your Google Account permissions page and removing Revivaly's access
  • Deleting your Revivaly account, which will also remove your Google authentication association
  • Contacting us at support@revivaly.ai to request data deletion

Third-Party Service Providers

We use trusted partners to operate Revivaly:

  • AI video generation APIs (e.g., WAN, other vendors)
  • Cloud storage providers (AWS/R2/S3-like)
  • Supabase for authentication & database
  • Stripe for secure payment processing
  • Analytics tools
  • Google OAuth for user authentication

All third-party processors comply with GDPR.

Your Rights (GDPR)

You may at any time:

  • Access your personal data
  • Request deletion
  • Request correction
  • Request data portability
  • Withdraw consent
  • File a complaint with your local data authority

Contact us at support@revivaly.ai.

Security Measures

We implement:

  • Encryption in transit (HTTPS)
  • Authentication controls
  • Access limitations
  • Monitoring and logging
  • Best-practice cloud security

No online system can be 100% secure, but we take strong precautions.

Children's Privacy

Revivaly is not intended for children under 13. We do not knowingly collect data from minors.

Changes to This Policy

We may update this document from time to time. Material changes will be announced on the website.

Contact

For questions regarding privacy, email:

support@revivaly.ai