RRevence

Last updated: 15 May 2026

Privacy Policy

Kremer Software ("we", "us", "our") operates Revence. This policy explains what personal data we collect, why, and what your rights are under the General Data Protection Regulation (GDPR).

1. Who we are

Kremer Software is the data controller for this service. Contact us at hello@hello@revence.app for any privacy-related questions.

2. Data we collect

We collect and process the following categories of data: Merchant data (gym owners): • Email address — used to log in and communicate with you (via Supabase Auth) • Business name, sender name, logo, brand colour, support contact — provided by you to customise your recovery emails • Stripe account ID — obtained when you connect your Stripe account via Stripe Connect Customer data (end customers of gyms): • Name and email address — received from Stripe webhooks when a payment fails • Payment amount and currency — to send an accurate recovery email and create a payment link We do not collect payment card numbers. All card data is handled exclusively by Stripe.

3. How we use your data

We use personal data for: • Sending automated payment recovery emails to gym customers on behalf of merchants • Operating the Revence dashboard for merchants • Detecting and preventing fraud or abuse of the platform

4. Legal basis (GDPR)

• Merchants: Performance of a contract (Art. 6(1)(b)) — we need your data to provide the service you signed up for. • Gym customers: Legitimate interests (Art. 6(1)(f)) — sending a single transactional recovery email is a reasonable expectation when a payment fails. Customers can contact the gym or us to opt out.

5. Third-party processors

We share data with the following sub-processors, all of which have signed DPAs and are GDPR-compliant: • Stripe — payment processing and Stripe Connect (USA, Privacy Shield / SCCs) • Resend — transactional email delivery (USA, SCCs) • Supabase — database and authentication (USA/EU, SCCs) • Vercel — application hosting (USA, SCCs)

6. Data retention

• Recovery attempts: retained for 2 years after resolution, then deleted. • Merchant account data: retained for the duration of your account and deleted within 30 days of account closure on request. • Email logs: Resend retains delivery logs for 30 days.

7. Your rights

Under GDPR you have the right to: • Access the personal data we hold about you • Correct inaccurate data • Request deletion ("right to be forgotten") • Restrict or object to processing • Data portability To exercise any of these rights, email hello@hello@revence.app. We will respond within 30 days.

8. Complaints

If you believe we have not handled your data correctly, you have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) at autoriteitpersoonsgegevens.nl.

9. Changes to this policy

We may update this policy occasionally. We will notify active merchants by email for material changes. The "last updated" date at the top of this page always reflects the current version.