Revxel | Privacy Policy

Introduction

Welcome to Revxel. We are an AI-first software development agency headquartered in the United Kingdom. We build web applications, AI agents, automation systems, and bespoke digital products for clients globally.

This Privacy Policy describes how Revxel Ltd ("Revxel", "we", "us", "our") collects, uses, shares, and safeguards personal data when you visit revxel.com (the "Site"), use our services, or otherwise interact with us.

We are committed to protecting your privacy and processing your data transparently and lawfully. Please read this policy carefully. If you do not agree with any part of it, you should not use our Site or services.

This policy applies to all individuals whose data we process: website visitors, prospective clients, active clients, job applicants, and business contacts. It does not apply to the personal data Revxel processes on behalf of its clients as a data processor — those obligations are governed by separate data processing agreements.

Data Controller

For the purposes of the UK GDPR, EU GDPR, and equivalent legislation, the data controller is:

Revxel Ltd

United Kingdom

Email: privacy@revxel.com

General: info@revxel.com

Phone: +44 7380 502 547

If you are a resident of the EEA and wish to contact our EU representative, or if you are located in Australia, Canada, or California and wish to exercise jurisdiction-specific rights, please use the contact details in Section 17.

Information We Collect

We collect personal data in the following categories:

A. Information you provide to us directly

Contact & identity data — name, email address, phone number, company name, job title.
Project enquiry data — project scope, budget range, timelines, and any other information you voluntarily submit via our contact or booking forms.
Communications data — content of emails, messages, meeting notes, and support requests you send us.
Account data — login credentials if you access a client portal we operate on your behalf.
Job application data — CV / résumé, cover letter, work samples, references, right-to-work information.

B. Information collected automatically

Usage & technical data — IP address, browser type & version, operating system, referring URL, pages visited, time on page, click paths.
Device data — device type, screen resolution, locale/language settings.
Cookie & tracking data — see Section 15 (Cookies & Tracking Technologies) for full details.

C. Information from third parties

Referral & social data — if you connect to us via LinkedIn, X (Twitter), or a partner referral, we may receive limited profile information.
Verification data — publicly available business information (Companies House, LinkedIn) to verify client identity and due diligence.
Analytics providers — aggregated and anonymised audience data from tools such as Google Analytics or Vercel Analytics.

We do not intentionally collect special category data (health information, racial or ethnic origin, political opinions, religious beliefs, biometric data, etc.) unless you explicitly provide it and we have a lawful basis to process it.

How We Use Your Data

We use your personal data for the following purposes:

To respond to enquiries, provide quotes, and onboard new clients.
To deliver and manage the software development and AI services you have engaged us for.
To communicate project updates, invoices, and contractual information.
To schedule discovery calls and meetings (via Calendly / Cal.com).
To process payments and maintain financial records (UK HMRC compliance).
To send marketing communications about our services where you have opted in, or where we have a legitimate interest in doing so (B2B contacts).
To improve our Site and services through anonymised analytics.
To comply with legal and regulatory obligations (tax, anti-money laundering, fraud prevention).
To evaluate job applications and manage recruitment.
To protect our legal rights and enforce contractual obligations.

We will never sell your personal data to third parties. We do not use your data for automated decision-making that produces legal or similarly significant effects without your explicit consent.

Legal Basis for Processing (GDPR / UK GDPR)

For individuals located in the EEA or UK, we rely on the following lawful bases under Article 6 of the GDPR / UK GDPR:

ContractProcessing necessary to perform a contract you have with us, or to take steps at your request before entering a contract (e.g., responding to a project enquiry, delivering services).

Legal ObligationProcessing required to comply with UK or EU law (e.g., tax records, AML checks, HMRC reporting).

Legitimate InterestsProcessing necessary for our legitimate business interests where these are not overridden by your rights — including B2B marketing, fraud prevention, IT security, improving our Site, and managing our business relationships.

ConsentWhere you have given freely given, specific, and informed consent — e.g., subscribing to our newsletter, accepting non-essential cookies.

Vital InterestsIn rare emergency situations to protect life (unlikely to apply in our context but noted for completeness).

Where we rely on legitimate interests, we conduct a balancing test to ensure your interests and fundamental rights do not override ours. You may request details of this assessment at any time.

Where we rely on consent, you may withdraw it at any time without affecting the lawfulness of processing carried out before withdrawal.

International Data Transfers

Revxel is based in the United Kingdom. Some of our service providers are located outside the UK and EEA — including in the United States. Whenever we transfer personal data internationally, we ensure appropriate safeguards are in place:

UK International Data Transfer Agreements (IDTAs) or EU Standard Contractual Clauses (SCCs) with relevant service providers.
Adequacy decisions — transfers to countries recognised as providing an adequate level of protection (e.g., EU/EEA from UK perspective under the UK GDPR).
Binding Corporate Rules (BCRs) where applicable to multi-national processors.
Explicit consent, where no other mechanism is available and the transfer is necessary.

You may request a copy of the specific safeguards in place for any given transfer by contacting us at privacy@revxel.com.

Data Retention

We retain personal data only for as long as necessary for the purpose it was collected or as required by law:

Client contracts & invoices7 years from the end of the tax year to which they relate (UK HMRC legal obligation).

Project communicationsDuration of the project plus 3 years to handle any latent defects or disputes.

Contact / enquiry forms12 months if no engagement follows, or for the duration of our business relationship.

Marketing opt-in dataUntil you unsubscribe or withdraw consent, after which it is deleted within 30 days.

Job applications (unsuccessful)12 months from the end of the recruitment process, unless you consent to retention in our talent pool.

Website analytics14 months (Google Analytics 4 default), after which data is aggregated and anonymised.

Cookie consent records3 years to demonstrate compliance.

After the applicable retention period, personal data is securely deleted or irreversibly anonymised. Where deletion is not immediately possible (e.g., backup systems), the data is isolated from further active processing.

Your Privacy Rights

Depending on your location, you may have the following rights regarding your personal data. We will respond to verified requests within the timeframes required by applicable law (typically 30 days, extendable once by a further 2 months for complex requests).

AccessRequest a copy of the personal data we hold about you and information about how we process it.

RectificationAsk us to correct inaccurate or incomplete personal data without undue delay.

ErasureRequest deletion of your personal data ('right to be forgotten') where there is no compelling reason for continued processing.

RestrictionAsk us to pause processing of your data while accuracy is contested or an objection is pending.

PortabilityReceive your data in a structured, commonly used, machine-readable format and have it transmitted to another controller (GDPR / UK GDPR).

ObjectionObject to processing based on legitimate interests or for direct marketing purposes. Direct marketing objections are absolute; other objections are subject to a balancing assessment.

Withdraw consentWhere processing is based on consent, withdraw it at any time without affecting prior lawfulness.

ComplaintLodge a complaint with the relevant supervisory authority — ICO (UK), your national DPA (EU), or equivalent body in your jurisdiction.

To exercise any of these rights, email privacy@revxel.com with the subject line `Data Subject Request`. We may need to verify your identity before processing the request. We will never charge a fee for straightforward requests.

UK supervisory authority:Information Commissioner's Office (ICO) — ico.org.uk / 0303 123 1113. You always have the right to complain to the ICO if you are unhappy with how we handle your data, though we ask that you contact us first so we can attempt to resolve the issue.

California Residents (CCPA / CPRA)

If you are a California resident, the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA) grants you the following additional rights:

Your CCPA/CPRA Rights

KnowRight to know what personal information we collect, the purposes for collection, how it is used, and whether it is disclosed or sold.

DeleteRight to request deletion of personal information we have collected, subject to certain exceptions.

CorrectRight to correct inaccurate personal information we maintain about you.

Opt-Out of Sale / SharingRight to opt out of the sale or sharing of personal information for cross-context behavioural advertising. We do not sell personal information.

Limit Sensitive PIRight to limit the use and disclosure of sensitive personal information to certain defined purposes.

Non-DiscriminationWe will not discriminate against you for exercising your CCPA/CPRA rights — we will not deny services, charge different prices, or provide a different level of quality.

Categories of personal information collected (past 12 months)

Identifiers — name, email, IP address, phone number.
Commercial information — transaction history, project enquiries.
Internet / network activity — browsing history on our Site, interaction with our content.
Professional / employment information — company, job title (for B2B contacts).
Inferences — derived preferences based on site interaction (via analytics only; anonymised).

Do Not Sell or Share My Personal Information: We do not sell or share personal information as defined under the CCPA/CPRA. We use analytics tools that may use cookies; please see Section 15 and manage your preferences via our Cookie Preference Centre.

To submit a CCPA/CPRA request, email privacy@revxel.com or call +44 7380 502 547. We will verify your identity and respond within 45 days (extendable by a further 45 days if necessary, with notice).

Authorised agents may submit requests on your behalf with written proof of authorisation and your signed permission.

Canadian Residents (PIPEDA / Law 25)

If you are a Canadian resident, your personal data is protected by the Personal Information Protection and Electronic Documents Act (PIPEDA) and, where applicable, provincial privacy laws (e.g., Québec Law 25).

Your PIPEDA Rights

Access — right to access the personal information we hold about you.
Correction — right to challenge and have corrected any inaccurate information.
Withdrawal of consent — right to withdraw consent to collection, use, or disclosure at any time (subject to legal and contractual restrictions).
Complaint — right to complain to the Office of the Privacy Commissioner of Canada (OPC) at priv.gc.ca.

PIPEDA accountability principles we follow

We identify the purposes for data collection before or at the time of collection.
We obtain consent (express or implied) appropriate to the sensitivity of the information.
We collect only the information necessary for the identified purposes.
We use and disclose information only for the purposes for which it was collected.
We retain data only as long as necessary and then destroy it securely.
We maintain safeguards appropriate to the sensitivity of the information.
We make our privacy policies and practices readily available.

For Québec residents: pursuant to Law 25 (Act 64), Revxel publishes a privacy policy that is accessible on our Site. You may request information about our privacy practices, data processing purposes, and third-party sharing at any time.

Australian Residents

If you are located in Australia, the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs) govern how we handle your personal information.

Key obligations under the APPs

We collect personal information only by lawful and fair means and only where reasonably necessary.
We take reasonable steps to notify you of collection at or before the time of collection.
We do not use or disclose personal information for a secondary purpose without consent unless an exception applies.
We take reasonable steps to ensure personal information is accurate, up-to-date, complete, and relevant.
We take reasonable steps to protect personal information from misuse, interference, loss, and unauthorised access.
We do not use government-related identifiers as our own identifiers.

Cross-border disclosures

Where we disclose your personal information to overseas service providers (e.g., US-based cloud services), we take reasonable contractual steps to ensure they handle it in a manner consistent with the APPs.

Your rights under the Privacy Act

Access — request access to the personal information we hold about you (APP 12).
Correction — request that inaccurate or out-of-date information is corrected (APP 13).
Complaint — lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au if you believe we have interfered with your privacy.

To submit a request or complaint, contact us at privacy@revxel.com. We will respond within 30 days. If we cannot provide access, we will explain why in writing.

Cookies & Tracking Technologies

We use cookies and similar tracking technologies (pixels, local storage, session storage) to operate our Site, understand usage patterns, and — where you consent — to improve your experience.

Strictly NecessaryEssential for the Site to function (session management, security tokens, load balancing). Cannot be disabled without breaking core functionality. No consent required.

AnalyticsHelp us understand how visitors interact with the Site (page views, bounce rate, traffic sources). We use Vercel Analytics (privacy-first, no cross-site tracking) and optionally Google Analytics 4 with IP anonymisation enabled. Require consent where applicable.

FunctionalEnable enhanced features such as remembering your cookie preferences or pre-filling forms. Optional; require consent.

Marketing / TargetingWe do not currently deploy advertising or retargeting cookies. If this changes, this policy will be updated and consent will be sought.

On your first visit we display a cookie consent banner. You may change your preferences at any time via the Cookie Preference Centre (available in the Site footer).

You may also control cookies through your browser settings. Note that disabling certain cookies may affect Site functionality. For more information about cookies generally, visit allaboutcookies.org.

Data Security

We implement organisational and technical security measures proportionate to the risk and the sensitivity of the data processed:

Encryption in transit — all data transmitted to/from revxel.com is encrypted via TLS 1.2+ (HTTPS enforced).
Encryption at rest — databases and file stores hosting personal data are encrypted at rest.
Access controls — personal data is accessible only to authorised personnel with a business need. We enforce role-based access control (RBAC) and multi-factor authentication (MFA) on all internal systems.
Vendor due diligence — all sub-processors are assessed for security before onboarding and are contractually required to maintain equivalent security standards.
Incident response — we maintain a documented data breach response procedure. In the event of a breach likely to result in a risk to your rights and freedoms, we will notify the ICO within 72 hours and affected individuals without undue delay, as required by UK/EU GDPR.
Regular review — our security practices are reviewed at least annually or upon material changes to our systems.

Despite our measures, no transmission over the internet or electronic storage is 100% secure. If you believe your data has been compromised, please contact us immediately at privacy@revxel.com.

Children's Privacy

Our Site and services are intended for business use by individuals aged 18 and over. We do not knowingly collect personal data from children under the age of 16 (or the applicable age threshold in your jurisdiction).

If you are a parent or guardian and believe your child has provided us with personal data without consent, please contact us at privacy@revxel.com and we will delete that information promptly.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or for other operational reasons.

When we make material changes, we will notify you by:

Posting an updated version on this page with a revised 'Last Updated' date at the top.
Displaying a prominent notice on the Site for a reasonable period.
Sending an email notification to active clients and newsletter subscribers where changes materially affect their rights.

We encourage you to review this policy periodically. Your continued use of the Site after changes are posted constitutes acceptance of the revised policy, to the extent permitted by applicable law.

Previous versions of this policy are available on request by emailing privacy@revxel.com.

Contact & DPO Details

If you have any questions, concerns, or requests regarding this Privacy Policy or the way we handle your personal data, please contact our privacy team:

Privacy Enquiries

Revxel Ltd — Privacy Team

privacy@revxel.com +44 7380 502 547

Supervisory Authorities

UK: ICO — ico.org.uk
EU: Your national DPA (edpb.europa.eu)
US (CA): CPPA — cppa.ca.gov
Canada: OPC — priv.gc.ca
Australia: OAIC — oaic.gov.au

We aim to respond to all privacy-related enquiries within 5 business days and to resolve them fully within the timeframes required by law.

Revxel Ltd · revxel.com · Last updated 23 April 2026

This Privacy Policy was drafted to reflect our current practices and applicable law. It does not constitute legal advice. If you have specific legal questions about your rights, we recommend consulting a qualified privacy attorney in your jurisdiction.

← Back to Home Terms & Conditions →