Revlo Privacy and Security Policy

Last updated: October 28, 2025

This Privacy and Security Policy applies to revloai.com website and all digital products, services and modules provided and to be provided under the Revlo Platform.

Scope includes, but is not limited to:

Revlo Connect, Revlo Reputation, Revlo MindCore, Revlo Insight Studio, Revlo Marketing, Revlo Sales, Revlo Nexus, Revlo Revenue, One Day in Hotel, Revlo Integration Services and other AI-based solutions under development (e.g., Revlo Voice AI, Revlo CRM).

All Revlo products operate within a single platform ecosystem, and this policy regulates:

  • Website visitors,
  • Institution and business officials using Revlo products,
  • Privacy, security and legal processing principles for data of guests or users interacting with Revlo systems

1. Who We Are

Revlo Artificial Intelligence and Software Inc. ("Revlo Inc.") is a software company based in Turkey.

The owner of intellectual property rights and global license rights is REVLO AI SOLUTIONS LTD (United Kingdom).

Revlo is a B2B technology provider developing AI-powered digital solutions for the hospitality, accommodation and service sector.

2. Roles and Responsibilities

  • Revlo Inc. acts as data controller within the scope of its website and own marketing activities.
  • When guest data of businesses is processed through the Revlo Platform, Revlo Inc. acts as a data processor on behalf of the customer.
  • All processes are conducted in compliance with the provisions of Law No. 6698 on the Protection of Personal Data (KVKK), GDPR (EU 2016/679) and related legislation.

3. Categories of Data Processed

The Revlo website and platform use only mandatory technical cookies to enhance user experience and ensure system security. These cookies are used to ensure session continuity and proper website operation; they are not used for advertising, profiling or third-party tracking purposes. For detailed information on cookie types and usage principles, you may refer to the "Revlo Cookie Policy".

  • Website usage: IP address, device information, cookie identifiers, navigation data.
  • Contact forms: Name, surname, email address, phone number and message content.
  • Platform usage: Guest messages, survey and comment data, system log records, identity and access information of business users.
  • Support processes: Request and response history, access logs, transaction time information.
  • Analytics and model development: Anonymized user behaviors, system performance data.
  • Personal data transmitted within the scope of recruitment and product demo applications is processed only for evaluation purposes.

4. Data Processing Purposes and Legal Bases

Revlo Inc. processes your personal data for the following general purposes:

  • Service provision and system security,
  • Contract management, customer support and billing,
  • Improvement of product performance, AI models and system functions,
  • B2B marketing communications (within the scope of explicit consent or legitimate interest),
  • Fulfillment of legal obligations,
  • Information security, error detection, fraud prevention and service quality improvement.

In addition to these general purposes, processing activities are detailed in the table below:

4. Data Processing Purposes and Legal Bases (Detailed Table)

PurposeDescriptionTypes of Data ProcessedLegal Basis
Direct Marketing and Promotion Revlo may use your data for newsletter subscriptions or other marketing communications. Name, surname, email, phone, company information, contact preferences GDPR: Explicit Consent (6(1)(a)) or Legitimate Interest (6(1)(f)); KVKK: Explicit Consent (5(1))
Events and Web Seminars Revlo processes your data to manage your event and seminar participation. Name, surname, email, phone, company/position information, registration information GDPR: Contract Performance (6(1)(b)); KVKK: Contract (5(2)(c))
Website Visit and Analytics Usage data is collected for website operation, security and development. IP, browser type, cookie data, page navigation information GDPR: Explicit Consent (6(1)(a)) or Legitimate Interest (6(1)(f)); KVKK: Explicit Consent (5(1)) or Legitimate Interest (5(2)(f))
Customer Contracts and Service Performance Data necessary for service provision, account management and billing is processed. Name, contact, contract, payment, user account information GDPR: Contract (6(1)(b)) and Legal Obligation (6(1)(c)); KVKK: Contract (5(2)(c)), Obligation (5(2)(ç))

5. Use of Artificial Intelligence (LLM) and Data Processing

Within the scope of Revlo Connect, Reputation and other Revlo modules; processes such as analysis, classification, translation or response suggestion generation of guest messages may utilize third-party artificial intelligence services (for example, OpenAI, Google Cloud, Anthropic, etc.).

These processes are only carried out when explicit consent is obtained.

Users are informed before communication begins and give consent through the "Continue / Accept" option.

Revlo contractually guarantees that these providers have security measures equivalent to GDPR and KVKK.

Data is processed only in anonymized or encrypted form; it is never shared with third parties for commercial purposes.

During LLM-based processes, data may be temporarily processed in systems abroad; this is done within the scope of explicit consent.

6. Data Sharing and Transfer to Third Parties

Personal data is shared with third parties only in the following situations:

  • When necessary for service provision,
  • When explicit consent is given,
  • With trusted service providers acting on behalf of Revlo (e.g., hosting, infrastructure, analytics, security, accounting, legal, marketing),
  • Upon legal requirement or request from authorized public authority.

Data processing agreements are made with all data processors, and these persons are obliged to comply with Revlo's security standards.

7. International Data Transfer

Revlo may use cloud infrastructures (e.g., AWS, Google Cloud, Microsoft Azure) within or outside Turkey to provide its services.

Data transfer is carried out only within the scope of Standard Contractual Clauses (SCC) or similar contractual guarantees, ensuring equivalent level of protection.

For data subject to GDPR: We transfer your data outside the European Economic Area only in compliance with GDPR Article V. This covers transfers to countries for which the European Commission has issued an adequacy decision, or situations where appropriate safeguards such as Standard Contractual Clauses (SCC) are provided.

For data subject to KVKK: We transfer your data to countries outside Turkey only if: (a) you have explicit consent, (b) the country is declared by the Personal Data Protection Board to have adequate protection, or (c) in countries without an adequacy decision, we obtain a written commitment from the data recipient and the permission of the Board.

8. Data Retention Periods

  • Data is retained for the duration of the contract and as long as legal obligations continue.
  • Upon expiration of the period, data is securely deleted, anonymized or converted into aggregated statistics.
  • Aggregated data does not constitute personal data and is used only for system performance or product development purposes.
  • Technical and administrative security measures including encryption, access control and monitoring are applied during transfers

9. Our Information Security Policy

Revlo applies the following technical and administrative measures to ensure information security:

  • Data transfer security: All data traffic is encrypted with TLS protocols.
  • Access control: Role-based access (RBAC) and multi-factor authentication (MFA) are used.
  • Network security: Firewall, network segmentation and monitoring systems operate actively.
  • System auditing: Server and application logs are regularly monitored and audited.
  • Vulnerability testing: Security tests and external audits are conducted periodically.
  • Data breach notification: In case of a breach affecting personal data, Revlo informs the relevant persons and authorities within 72 hours under GDPR, as soon as possible under KVKK.

All systems are managed in compliance with ISO/IEC 27001 Information Security Management System standards.

10. Cookies

Cookies used on the website and platforms are for service operation, session management and analysis purposes.

User consent is obtained for non-essential cookies.

For detailed information, you can review the separately published "Cookie Policy" page.

11. Personal Data Subject Rights

Persons whose personal data is processed have the following rights:

  • Request information,
  • Request correction or deletion,
  • Request restriction or objection to processing,
  • Request data portability,
  • Withdraw explicit consent.

These rights are based on the regulations under Law No. 6698 on the Protection of Personal Data (KVKK) and GDPR.

Requests are responded to free of charge within the legal period after identity verification.

To exercise your rights or obtain information: You can apply to info@revloai.com.

Additionally, if you have concerns about the processing of your personal data, you may file a complaint with the Personal Data Protection Authority (KVKK) in Turkey or the competent data protection authority in your country.

12. Children's Data

Revlo products are intended only for businesses (B2B).

Collection of data belonging to children is not intended; if detected, it is immediately deleted.

13. Policy Updates

Previous versions become invalid with the publication of a new version.

14. Contact

For all questions regarding data protection or information security:

Revlo Artificial Intelligence and Software Inc.
📧 Email: info@revloai.com
🏢 Address: Pınarbaşı Mah. Hürriyet Cd. Antalya Teknokent Uluğbey Ar-Ge 2 Binası No: 34/8125, Konyaaltı/Antalya, Turkey
🌐 Web: revloai.com