Privacy Policy

Last updated July 4, 2026

1. Introduction

This Privacy Policy explains how Oscar Estudillo Marín, NIF 24487442D, with address at Av. Madrid 50, 08028 Barcelona, Spain, trading as Revix ("Revix", "we", "us"), processes personal data in connection with the Revix service (the "Service").

Revix is a B2B service. The personal data described here mainly relates to the individuals who use the Service on behalf of a business customer, such as account holders and workspace members.

2. Information We Collect

We collect the following categories of information:

  • Account data: name, email address, and profile information from your GitHub or Bitbucket account when you sign in.
  • Repository and integration data: repository content, pull request diffs, commit metadata, and related information from GitHub or Bitbucket, and issue data from Jira, limited to what is needed to provide the Service for the integrations you connect.
  • Usage data: how you and your workspace interact with the Service.
  • Technical data: IP address, browser and device information, and log data.
  • Billing data: your subscription plan and billing history. Card and payment details are collected and processed directly by Stripe; we do not receive or store full card numbers.

3. How We Use Information

We use the information above to: provide and operate the Service, including generating AI-assisted code reviews and repository analysis; build and refine a per-repository knowledge summary that improves the accuracy of future reviews for that repository; manage your account and workspace; process payments and manage subscriptions; monitor, secure, and improve the Service; respond to support requests; and comply with legal obligations.

The legal bases for this processing are performance of the contract with you or your organization, our legitimate interest in operating and securing the Service, and compliance with legal obligations (such as tax and accounting rules).

4. Sharing, Subprocessors, and International Transfers

We share personal data with the following categories of service providers ("subprocessors"), each acting under a data processing agreement and only to the extent needed to provide the Service:

  • Supabase: database and authentication infrastructure (hosted in the UK).
  • Stripe: payment processing and billing.
  • OpenAI and Anthropic: process repository and pull-request content you submit through the Service to generate AI-assisted code review output.
  • Sentry: error monitoring and diagnostics.
  • Trigger.dev: background job processing used to run analysis and review tasks.

None of our AI providers use data submitted through their APIs to train their models. This is a contractual commitment under each provider's API terms, not merely a default setting, and it is distinct from those providers' free consumer-facing chat products, which we do not use.

Some of these providers process data outside the European Economic Area, in particular in the United States. Where this occurs, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses. Our database provider is hosted in the United Kingdom, which benefits from a European Commission adequacy decision, so no additional transfer mechanism is required for that transfer.

We do not sell personal data. We may disclose information if required by law or to protect the rights, property, or safety of Revix, our customers, or others.

5. Data Retention

We retain account and billing data for as long as your account is active, and afterward for as long as needed to comply with legal, tax, and accounting obligations.

We do not store your source code at rest. Repository content and pull request diffs are retrieved from GitHub or Bitbucket at the time of analysis and sent directly to our AI providers to generate review output; they are not saved in our database.

The AI-generated output itself, including review findings, summaries, and a per-repository knowledge summary we build from your codebase to make future reviews more accurate, is retained for as long as your workspace and the corresponding repository remain connected to Revix. You may request deletion of this data, in whole or for a specific repository, at any time by contacting contact@userevix.com.

6. Security

Security and confidentiality of your code are a priority for us. We use technical and organizational measures appropriate to the risk, including: encryption in transit (TLS) for all data sent to and from the Service; encryption at rest for sensitive credentials, such as GitHub, Bitbucket, and Jira access and refresh tokens; access controls limiting data access to what each part of the Service needs; and monitoring for errors and abnormal behavior. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

7. Your Rights

If you are located in the European Economic Area, the UK, or another jurisdiction with similar rights, you may have the right to:

  • Access the personal data we hold about you.
  • Request correction of inaccurate data or deletion of your data.
  • Object to or request restriction of certain processing.
  • Request portability of data you provided to us.
  • Lodge a complaint with your local data protection authority, such as the Spanish Data Protection Agency (AEPD).

To exercise these rights, contact us at contact@userevix.com. If we process personal data on behalf of a business customer as a processor, we will direct your request to that customer where appropriate.

8. Cookies and Tracking

We use strictly necessary cookies required to operate the Service, such as authentication session cookies. These do not require consent under applicable law because they are essential to provide the Service you request.

We use Vercel Web Analytics to understand aggregate usage of our website. This tool is designed to operate without cookies and without collecting information that identifies you individually. If we introduce non-essential cookies or tracking in the future, we will request your consent through a cookie banner before doing so.

9. Changes to This Policy

We may update this Privacy Policy from time to time. If changes are material, we will provide reasonable notice, such as by email or an in-product notice. The most current version will always be posted here.

10. Contact Us

Questions about this Privacy Policy or requests regarding your data can be sent to contact@userevix.com.