Privacy Policy

Controller

Krev

E-mail address: contact@krev.ai

Overview of Processing Operations

The following table summarises the types of data processed, the purposes for which they are processed and the concerned data subjects.

Categories of Processed Data

• Account data (email, name, password hash)
• Payment data (processed via Stripe)
• Usage data (features used, generation history)
• Content data (uploaded images, generated content)
• Connected platform data (such as Shopify store data and Meta business, ad account, campaign, creative, and performance data that you authorize us to access)
• Integration credentials and metadata (OAuth tokens, granted permissions, account IDs, webhook metadata)
• Technical data (IP address, device info, browser type)
• Communication data (support inquiries)

Purposes of Processing

• Provision of the AI content generation service
• User account management and authentication
• Payment processing and subscription management
• Importing, syncing, and analyzing data from connected platforms such as Shopify and Meta
• Researching your catalog, campaigns, creatives, and performance history to generate recommendations, automations, and marketing content
• Customer support and communication
• Service improvement and analytics
• Security and fraud prevention
• Legal compliance

Legal Bases for Processing

We process personal data on the following legal bases:

• Consent: Where you have given consent to the processing of your personal data for specific purposes.
• Contract Performance: Processing necessary to fulfill our contractual obligations to you, including providing the Service.
• Legal Obligation: Processing necessary for compliance with legal obligations.
• Legitimate Interests: Processing necessary for our legitimate interests, such as improving our services and ensuring security.

Data We Collect

Information You Provide

• Account Information: Email address, name, and password when you register.
• Payment Information: Processed securely through Stripe. We do not store full credit card numbers.
• Uploaded Content: Images you upload for AI processing.
• Prompts and Inputs: Text prompts and settings you use to generate content.
• Connected Account Authorizations: Information you provide when you connect third-party platforms, such as Shopify stores, Meta business accounts, ad accounts, pages, Instagram accounts, and related permissions.

Information from Connected Platforms

• Shopify Data: Store details, product and catalog data, collections, inventory, media, orders, customer data, and other merchant data made available through the permissions you grant and the features you use.
• Meta Data: Business account details, ad accounts, campaigns, ads, creatives, pages, Instagram accounts, audience settings, events, and reporting or insights data made available through the permissions you grant.
• Integration Credentials: Access tokens, refresh tokens, account identifiers, granted scopes, and integration status metadata needed to keep the connection working securely.
• Minimum Necessary Access: We aim to request and use only the data reasonably necessary to provide the features you ask us to provide.

Information Collected Automatically

• Usage Data: How you interact with our Service, features used, generation history.
• Device Information: Browser type, operating system, device identifiers.
• Log Data: IP address, access times, pages viewed, referring URL.

How We Use Your Data

• To provide, maintain, and improve our AI content generation services
• To process transactions and manage your subscription
• To connect with Shopify, Meta, and other platforms you authorize and to sync the related data needed to provide the Service
• To review and analyze connected catalog, brand, campaign, creative, and performance data so the Service can generate recommendations, content, and workflow automations for you
• To create, organize, and support advertising and commerce workflows across connected platforms at your direction
• To send you service-related communications
• To respond to your inquiries and provide customer support
• To analyze usage patterns and improve user experience
• To detect, prevent, and address technical issues and security threats
• To comply with legal obligations

Third-Party Services

We use the following third-party services to provide our Service:

Shopify

If you connect a Shopify store, we may access and process Shopify data that you authorize us to access so that we can import catalog information, support creative workflows, sync outputs, and provide related recommendations and automations. Shopify's own terms, privacy requirements, and API rules continue to apply to your use of Shopify and to any Shopify data made available through the Service.

Meta

If you connect Meta services such as Facebook, Instagram, Business Manager, Pages, or ad accounts, we may access and process the business, campaign, creative, and performance data made available through the permissions you grant. We use that data to help you generate content, research campaign context, support campaign workflows, and measure results. Meta's own terms, advertising policies, and platform rules continue to apply to your use of those services.

Stripe

We use Stripe for payment processing. When you make a payment, your payment information is sent directly to Stripe and is subject to Stripe's Privacy Policy.

Data Security

We implement appropriate technical and organizational security measures to protect your data, including:

• Encryption of data in transit (HTTPS/TLS)
• Encryption of sensitive data at rest
• Secure authentication mechanisms
• Regular security assessments
• Access controls and monitoring

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

Data Retention

We retain your personal data for as long as necessary to provide the Service and fulfill the purposes described in this policy:

• Account Data: Retained while your account is active and for 30 days after deletion.
• Generated Content: Stored as long as your account is active. You may delete your content at any time.
• Connected Platform Data: Retained while the integration is active and as needed to provide the requested features, maintain logs, resolve disputes, prevent abuse, and comply with legal or platform obligations.
• Integration Credentials: Retained while the integration is active, then deleted or disabled within a reasonable period after disconnection unless we need to keep limited records for security, legal, or audit purposes.
• Usage Data: Retained for analytics purposes, typically anonymized after 12 months.
• Payment Records: Retained as required by tax and accounting laws.

Disconnecting Integrations and Deleting Connected Data

You can revoke our access to connected platforms such as Shopify or Meta from the relevant platform settings. You can also request deletion of stored integration data by contacting us at contact@krev.ai and identifying your account and the connected store, page, business account, or ad account.

Revoking access stops future syncing, but it may not immediately remove records we must retain for security, billing, fraud prevention, dispute resolution, or legal compliance. If we process customer or buyer data on behalf of a merchant, that merchant may also need to handle the underlying request directly through their own systems and platform settings.

Your Rights

Depending on your location, you may have the following rights regarding your personal data:

• Access: Request information about the data we hold about you.
• Rectification: Request correction of inaccurate data.
• Erasure: Request deletion of your data.
• Portability: Request a copy of your data in a portable format.
• Objection: Object to certain types of processing.
• Restriction: Request restriction of processing in certain circumstances.
• Withdraw Consent: Withdraw consent where processing is based on consent.

Where we process Shopify, Meta, or other third-party platform data on behalf of a merchant or business customer, that merchant or business customer may be the primary party responsible for handling certain data subject requests. We will assist as required by applicable law and our contractual obligations.

To exercise these rights, please contact us at contact@krev.ai.

Cookies and Tracking

We use essential cookies to provide our Service, including:

• Authentication Cookies: To keep you logged in.
• Session Cookies: To maintain your session state.
• Preference Cookies: To remember your settings.

We do not sell personal data. If you connect advertising, commerce, or analytics platforms, information may be shared with those platforms at your direction to provide the requested functionality. Their handling of that information is governed by their own terms and policies.

Children's Privacy

Our Service is not intended for children under the age of 13. We do not knowingly collect personal data from children under 13. If we become aware that we have collected data from a child under 13, we will take steps to delete that information.

International Data Transfers

Your data may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place for such transfers, including standard contractual clauses where required.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "effective date." Your continued use of the Service after changes take effect constitutes acceptance of the updated policy.

Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us at:

Email: contact@krev.ai