Privacy Policy
Last updated: 28 July 2025
Who we are
@Ravell ("we", "our", "us") is operated by Antoine Pirard, complementary self-employed ("indépendant complémentaire / zelfstandige in bijberoep") in Belgium, VAT BE 0715.601.860, registered at Tervuren, Belgium.
E-mail: privacy@ravell.app
For GDPR purposes we are the data controller for personal data collected through Ravell.
What data we collect & why
| Category | Examples | Legal basis (GDPR Art. 6) |
|---|---|---|
| Account data | name, e-mail, password hash | Contract (Art 6 §1 b) |
| Workspace data | project titles, comments, assignments, attachments | Contract |
| Usage data | IP, browser, pages visited, clickstream, crash logs | Legitimate interest (Art 6 §1 f) — security & product improvement |
| Billing data (if on paid plan) | company name, VAT ID, payment card's last 4 digits (via Stripe) | Legal obligation (Art 6 §1 c) & Contract |
| Marketing opt-ins | newsletter e-mail | Consent (Art 6 §1 a) |
We do not intentionally collect special-category data (Art 9 GDPR).
Cookies & analytics
We use strictly-necessary cookies (session & CSRF). Analytics is handled via PostHog / Plausible in self-hosted, EU-based mode; IPs are truncated. You may opt out at any time in Settings → Privacy.
How long we keep your data
| Data type | Retention |
|---|---|
| Account & workspace data | until you delete the workspace or 24 months after last login |
| Billing records | 7 years (Belgian tax law) |
| Logs & backups | rolling 30 days |
Back-ups are encrypted and automatically purged after the retention window.
Your rights (GDPR Arts 12-23)
You can access, rectify, erase, port, restrict, or object to processing of your personal data from the Account → Privacy dashboard or by e-mailing privacy@ravell.app.
If you believe we infringe your rights, you may lodge a complaint with the Belgian DPA (Gegevensbeschermingsautoriteit / Autorité de protection des données).
Transfers & sub-processors
Primary hosting is on AWS eu-central-1 (Frankfurt). Some sub-processors (e.g. OpenAI API for optional AI features, Stripe for payments) may operate outside the EEA; all transfers rely on SCCs or an adequacy decision.
Up-to-date sub-processor list: ravell.app/legal/subprocessors
Security
TLS 1.3 in transit • AES-256 at rest • least-privilege IAM • annual penetration tests • bug-bounty program.
Changes
Material changes will be announced at least 14 days in advance via in-app banner or e-mail.