This is Relevic’s Privacy Policy. For details of the cookies we use and the cookies set by the Relevic product, see our Cookie Policy.
1. Introduction and who we are
Relevic is an AI website-personalization, A/B testing and conversion-rate-optimization (CRO) platform. Our customers install a small piece of JavaScript (a "tag") on their websites. Through that tag, Relevic personalizes the content visitors see and measures how visitors interact with the site, so our customers can improve the experiences they offer. This Privacy Policy is written primarily as a controller-facing notice, focusing on the personal data we handle in our own right, such as the data of the people who hold accounts with us. Where Relevic handles personal data on behalf of its customers, we act as a processor, and Section 2 explains that.
Relevic is a trading name of RLVC Ltd, a company registered in England and Wales (company number 15481021), with its registered office at 116 Alberta Avenue, Sutton, SM1 2LJ, United Kingdom. You can contact us about privacy and data-protection matters at customer.success@relevic.com, for general enquiries at hello@relevic.com, or by phone on +44 7884 413260. Our data protection contact is customer.success@relevic.com. An EU representative under Article 27 of the EU GDPR is to be appointed. Relevic is established in the United Kingdom, and this Policy reflects our obligations under the UK GDPR and the Data Protection Act 2018, the EU GDPR where it applies, and the California Consumer Privacy Act as amended (CCPA/CPRA) where it applies.
2. The two roles: controller and processor
Data-protection law distinguishes a controller, which decides why and how personal data is processed, from a processor, which processes personal data on the controller's instructions. For the personal data of the people who sign up for and use a Relevic account, Relevic is the controller, and Sections 3 to 16 describe that processing. When our tag runs on a customer's website and processes data about that website's visitors, Relevic acts as a processor on behalf of the customer, who is the controller of that visitor data under a Data Processing Agreement. If you are a visitor to a website that uses Relevic and you wish to understand or exercise rights over your data, please consult that website operator's own privacy notice first, because they are the controller.
3. Account-holder data we collect and why
This section covers the personal data we collect about account holders and other users of the Relevic product, and the legal bases on which we rely. We do not store payment card numbers. Card payments are handled by our payments provider, Stripe.
| Data category | Purpose | Legal basis |
|---|---|---|
| Identity and account (name, email, hashed password, Google sign-in identifier, company name, region) | Creating and securing your account, authenticating you, and providing the service | Performance of a contract; legitimate interests (account security) |
| Billing and subscription (Stripe customer and subscription identifiers, billing email; no card data stored) | Managing your subscription, taking payment, and issuing invoices | Performance of a contract; legal obligation (tax and accounting) |
| Workspace and team (membership, roles, permissions) | Operating multi-user workspaces and applying access controls | Performance of a contract |
| Team invitations | Sending invitations and adding invited users | Performance of a contract; legitimate interests (collaboration) |
| Product and AI-feature usage | Operating the service, applying plan limits, preventing abuse, and improving the product | Performance of a contract; legitimate interests |
| Support communications | Responding to your queries and keeping a record of support history | Legitimate interests; performance of a contract |
| Marketing to existing customers | Sending relevant business-to-business updates and offers | Legitimate interests; consent where required |
Where we rely on legitimate interests, we have considered the impact on your rights and concluded that our processing does not override them, and you can ask us about that assessment. Where we rely on consent, you can withdraw it at any time, and doing so does not affect processing carried out before withdrawal.
4. End-visitor data on customer websites
When Relevic's tag is installed on a customer's website, it may process personal data about that website's visitors. For this data the customer is the controller and Relevic acts only as a processor on the customer's instructions under a Data Processing Agreement. The categories of visitor data the tag may process include pseudonymous visitor and session identifiers and cookies, IP address and approximate geolocation (typically country, region or city), device and browser information, and on-site behaviour such as pages viewed, the referring page, time on a page, scroll depth, clicks, and which A/B test variation was shown. Relevic does not decide the purposes of this processing; the website operator does. If you are a visitor, please consult the privacy notice of the website you visited. For the specific cookies the tag may set, see our Cookie Policy.
5. How we use data
We use personal data to provide, operate, maintain and secure the platform and the accounts within it; to authenticate users and manage workspaces, roles and permissions; to take payment, manage subscriptions and meet our legal obligations; to respond to support requests and communicate about your account; to understand how our product is used so we can improve it; to detect, investigate and prevent fraud, abuse and security incidents; and to send relevant business-to-business marketing to existing customers, which you can opt out of at any time.
6. Cookies and tracking
Relevic and the sites we operate use cookies and similar technologies for essential functions, for analytics, and, with consent where required, for non-essential purposes. Separately, the Relevic tag on customer websites may set cookies as part of personalization and measurement, in which case the website operator is the controller for those cookies. For a full description and how to manage cookies, see our Cookie Policy.
7. Who we share data with
We share personal data with service providers that help us run our business and deliver the platform. These providers process data on our behalf under contractual safeguards, or, where they act as independent controllers (for example a payments provider for card data), under their own terms. We do not sell personal data. The providers we rely on are listed below, and we will notify customers of material changes. A Data Processing Agreement, including the current list of sub-processors, is available to customers on request.
| Provider | Purpose |
|---|---|
| Amazon Web Services | Cloud hosting and storage |
| MongoDB Atlas | Database |
| Stripe | Payment processing |
| Intercom | Support chat and messaging |
| Mixpanel | Product analytics |
| Microsoft Clarity | Session analytics |
| Tag Manager and Analytics, sign-in, and Fonts | |
| ip-api | IP-based geolocation |
| OpenAI | AI content generation |
| Stability AI | AI image generation |
| Sentry | Error and performance monitoring |
| Airtable | Customer relationship management |
| Transactional email provider | Delivery of service emails |
| Slack | Internal operational alerts |
We may also disclose personal data where required by law, to enforce our agreements, to protect rights, property or safety, or in connection with a corporate transaction such as a merger, acquisition or sale of assets, subject to appropriate confidentiality protections.
8. International transfers
Some of our providers are located outside the United Kingdom and the European Economic Area, including in the United States. Where personal data is transferred outside the UK or EEA, we rely on appropriate safeguards, which depending on the provider include the UK International Data Transfer Agreement or the UK Addendum to the EU Standard Contractual Clauses, the EU Standard Contractual Clauses, or the EU-US Data Privacy Framework and its UK extension where a provider is certified. You can ask us about the safeguards that apply to a particular transfer.
9. How long we keep data
We keep account data for as long as your account remains active, and for a limited period afterwards where we need to retain it to meet legal, tax or accounting obligations, to resolve disputes, or to enforce our agreements. Visitor analytics are retained on a rolling basis, and we are moving detailed, visit-level analytics to a defined retention window so that it is held for no longer than necessary. When personal data is no longer needed, we delete or anonymize it.
10. Your rights under UK and EU GDPR
If you are in the United Kingdom or the European Economic Area, you have the right of access to the personal data we hold about you, the right to rectification, the right to erasure in certain circumstances, the right to restrict processing, the right to data portability where applicable, the right to object to processing based on our legitimate interests and to object to direct marketing at any time, and the right to withdraw consent where we rely on it. To exercise any of these rights, contact us at customer.success@relevic.com. If you are a visitor to a customer's website, please direct your request to the website operator, because they are the controller. You also have the right to complain to a supervisory authority. In the United Kingdom this is the Information Commissioner's Office (ICO), at ico.org.uk, though we would appreciate the chance to address your concerns first.
11. Your California (CCPA/CPRA) rights
If you are a California resident, you have the right to know what personal information we collect, use, disclose and share; the right to delete personal information we have collected from you; the right to correct inaccurate personal information; the right to opt out of the sale or sharing of your personal information; the right to limit the use and disclosure of sensitive personal information; and the right to non-discrimination for exercising your rights. Relevic does not sell personal data for money. We honor opt-out preference signals, including the Global Privacy Control (GPC), and treat such a signal as a valid request to opt out of any sale or sharing of personal information for the browser or device from which it is sent. To exercise your California rights, contact us at customer.success@relevic.com.
12. Automated decision-making and profiling
Relevic personalizes the content that visitors see, and selects A/B test variations, based on behavioural and contextual signals such as the pages a visitor views, their approximate location and their device. This involves a degree of automated processing and profiling in order to tailor the on-site experience. It is not automated decision-making that produces legal effects or similarly significant effects on a visitor within the meaning of Article 22 of the UK and EU GDPR. It changes which content or design a visitor is shown, and does not make decisions about a person's legal rights, finances, employment, access to services or other matters of comparable significance.
13. Children
The Relevic service is intended for business use and is not directed to children. We do not knowingly collect personal data from children under the age of 18, and, where a lower age of digital consent applies, not from children under 16. If you believe a child has provided us with personal data, please contact us so we can take appropriate action.
14. Security
We maintain reasonable and appropriate technical and organizational measures designed to protect personal data against unauthorized access, loss, misuse or alteration. These include role-based access controls, encryption of data in transit, the use of reputable infrastructure providers, the storage of passwords in hashed form, and the use of pseudonymous identifiers for visitor data. No method of transmission or storage is completely secure, so we cannot guarantee absolute security, but we work to protect your data and review our safeguards over time.
15. Changes to this policy
We may update this Privacy Policy from time to time to reflect changes in our practices, our service or the law. When we make material changes, we will update the effective date above and, where appropriate, notify account holders by email or through the product.
16. How to contact us
If you have any questions about this Policy, or wish to exercise any of your rights, please contact us at customer.success@relevic.com, at hello@relevic.com, by phone on +44 7884 413260, or by post at RLVC Ltd, 116 Alberta Avenue, Sutton, SM1 2LJ, United Kingdom.
