Privacy Policy

Last updated: March 26, 2026

At Reviso, we are committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform and services.

By using Reviso, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with our policies and practices, please do not use our Service.

1. Introduction

This Privacy Policy is designed to help you understand how Reviso ("we," "our," or "us") collects, uses, and protects your personal information in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (GDPR), which entered into force on May 25, 2018.

We may update this Privacy Policy from time to time. We will notify you of any changes by updating the "Last updated" date at the top of this page. We encourage you to review this Privacy Policy periodically.

2. Data Controller

The data controller responsible for processing your personal data is:

Name: Alexis Aigueparse
Email: alexis.aigueparse@gmail.com

If you have any questions about this Privacy Policy or wish to exercise your rights regarding your personal data, please contact us using the information above.

3. Information We Collect

We collect and process the following categories of personal data:

3.1. Account Information

When you create an account, we collect:

  • Name (first name and last name)
  • Email address
  • Password (stored in encrypted form)
  • Account role (User, Teacher, Admin)

3.2. Usage Information

When you use our Service, we automatically collect:

  • IP address
  • Browser type and version
  • Device information
  • Log files and access times
  • Pages visited and actions taken

3.3. Session Data and Local Storage

To ensure authentication and the proper functioning of the Service, we use your browser's local storage (localStorage) to securely store:

  • A login token (JWT) used to verify your identity when sending requests to the API
  • Certain profile information necessary to display the user interface

This information is stored only on your device and is not used for advertising or behavioral tracking purposes.

3.4. Educational Data

If you use our educational features, we may collect:

  • Courses you create or access
  • Lessons you view or complete
  • Progress information
  • Content you create (courses, lessons, comments)
  • Your quiz results, including which questions you answered correctly or incorrectly

This educational data may be made available to your teacher or the institution managing your account in order to monitor your progress, analyze your difficulties, and obtain aggregated statistics on passed quizzes and answered questions.

4. How We Use Your Information

We use the collected information for the following purposes:

  • Service Provision: To provide, maintain, and improve our educational platform and services
  • Account Management: To create and manage your user account, authenticate your identity, and provide access to features based on your role
  • Communication: To send you important updates, respond to your inquiries, and provide customer support
  • Security: To detect, prevent, and address technical issues, fraud, and security threats
  • Legal Compliance: To comply with legal obligations and respond to legal requests
  • Analytics: To analyze usage patterns and improve our Service

5. Legal Basis for Processing

Under GDPR, we process your personal data based on the following legal grounds:

  • Consent (Article 6(1)(a) GDPR): When you create an account and agree to our Terms of Service and Privacy Policy
  • Contract Performance (Article 6(1)(b) GDPR): To provide the services you have requested
  • Legal Obligation (Article 6(1)(c) GDPR): To comply with applicable laws and regulations
  • Legitimate Interests (Article 6(1)(f) GDPR): For security, fraud prevention, and service improvement purposes

6. Data Sharing and Disclosure

We may share your personal data with the following categories of recipients:

6.1. Service Providers

We may share your data with third-party service providers who assist us in operating our Service, such as:

  • Infrastructure hosting providers: Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany (EU) β€” our servers are located within the European Union
  • Email service providers (e.g., email box providers or SMTP relay services configured by the publisher)
  • Database management services (PostgreSQL hosted on Hetzner Online GmbH infrastructure, Germany, EU)
  • Where applicable, other technical subcontractors necessary for the operation of the Service.

To date, we do not use third-party audience measurement or marketing analytics services that involve placing trackers on your device.

All service providers are contractually bound to protect your data and use it only for the purposes we specify.

6.2. Legal Requirements

We may disclose your personal data if required to do so by law or in response to valid requests by public authorities (e.g., court orders, government agencies).

6.3. Business Transfers

In the event of a merger, acquisition, or sale of assets, your personal data may be transferred to the acquiring entity, subject to the same privacy protections.

6.4. With Your Consent

We may share your information with third parties when you have given us explicit consent to do so.

7. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

Specifically:

  • Account Data: Retained while your account is active and for a reasonable period after account deletion for legal and security purposes
  • Usage Data: Retained for a period necessary for security, fraud prevention, and service improvement
  • Educational Content: Retained as long as necessary for the provision of educational services

When we no longer need your personal data, we will securely delete or anonymize it.

8. Your Rights

Under GDPR and other applicable data protection laws, you have the following rights regarding your personal data:

8.1. Right of Access

You have the right to obtain confirmation as to whether we process your personal data and to access that data, along with certain additional information.

8.2. Right to Rectification

You have the right to request correction of inaccurate or incomplete personal data.

8.3. Right to Erasure ("Right to be Forgotten")

You have the right to request deletion of your personal data under certain circumstances, such as when the data is no longer necessary for the original purpose.

8.4. Right to Restriction of Processing

You have the right to request restriction of processing of your personal data in certain situations.

8.5. Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller.

8.6. Right to Object

You have the right to object to processing of your personal data based on legitimate interests or for direct marketing purposes.

8.7. Right to Withdraw Consent

Where processing is based on consent, you have the right to withdraw your consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

8.8. Exercising Your Rights

To exercise any of these rights, please contact us at: alexis.aigueparse@gmail.com. We will respond to your request within one month, though this period may be extended by two additional months if necessary, taking into account the complexity and number of requests.

9. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • Encryption of sensitive data in transit and at rest
  • Secure authentication mechanisms
  • Regular security assessments and updates
  • Access controls and authentication requirements
  • Regular backups and disaster recovery procedures

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal data, we cannot guarantee absolute security.

10. Data Storage and International Transfers

Your personal data is primarily stored and processed in Germany (European Union) by Hetzner Online GmbH (Industriestr. 25, 91710 Gunzenhausen, Germany). As Germany is a member of the European Economic Area (EEA), this hosting does not constitute a transfer of personal data outside the EEA.

If any additional service providers process data outside the EEA, we ensure that appropriate safeguards are in place to protect your data in accordance with applicable data protection laws, such as:

  • Standard Contractual Clauses approved by the European Commission
  • Adequacy decisions by the European Commission
  • Other appropriate safeguards as required by GDPR

11. Automated Decision-Making and Profiling

We do not use automated decision-making processes, including profiling, that produce legal effects concerning you or similarly significantly affect you.

12. Children's Privacy

Our Service is not intended for children under the age of 16. We do not knowingly collect personal information from children under 16. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately.

13. Right to Lodge a Complaint

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, particularly in the Member State of your habitual residence, place of work, or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR (Article 77 GDPR).

For users in France: You may lodge a complaint with the Commission Nationale de l'Informatique et des LibertΓ©s (CNIL):

  • Address: 3 Place de Fontenoy - TSA 80715 - 75334 PARIS CEDEX 07, France
  • Website: www.cnil.fr
  • Phone: +33 1 53 73 22 22

For users in other EU/EEA countries: Please contact your local data protection authority. A list of all supervisory authorities can be found at: European Data Protection Board

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

  • Updating the "Last updated" date at the top of this page
  • Sending an email notification (if you have provided an email address)
  • Posting a notice on our Service

Your continued use of the Service after any changes constitutes acceptance of the updated Privacy Policy.

15. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Email: alexis.aigueparse@gmail.com

We will make every effort to address your concerns and respond to your requests in a timely manner.