Revela Privacy Notice

Last updated: 3 July 2026

Who we are

Revela ("we") helps you understand the terms of service and privacy practices of the digital services you use, and measures your privacy maturity. We are a data controller under the Kenya Data Protection Act, 2019 and, where applicable, the EU General Data Protection Regulation (GDPR).

What we collect and why

What we don't do

Your rights

Under the Kenya DPA (ss. 26, 40) and GDPR (Arts. 15–21) you have the right to access, correct, export and delete your data, and to withdraw consent. You can exercise export and deletion instantly from Settings. Complaints can be lodged with the Office of the Data Protection Commissioner (Kenya) at odpc.go.ke or your local supervisory authority in the EU.

Retention

Your data is kept while your account is active. On deletion, all personal data is erased immediately; payment records are retained in anonymized form only, to meet financial record-keeping obligations.

Processors

Security

Sessions use signed, HTTP-only cookies. Data is stored in a access-controlled PostgreSQL database. Payment payloads to Lipad are AES-256 encrypted per their specification.

Contact

Data protection queries: privacy@revela.app (placeholder — set your real contact before going live).