Privacy Policy � Rezva

Contents

1. Overview
2. Information We Collect
3. How We Use Your Information
4. Information Sharing
5. Third-Party Integrations
6. Data Security
7. Data Retention
8. Your Rights
9. Cookies & Tracking
10. International Data Transfers
11. Children's Privacy
12. Changes to This Policy
13. Contact

1. Overview

At Rezva, your privacy is not an afterthought � it is a foundational principle of how we build and operate our platform.

This Privacy Policy explains how Rezva, operated by Hasan Qassim Ijayyil, trading as Rezva, with Ayman Trad as co-founder ("Rezva", "we", "us", "our"), collects, uses, stores, and protects your information when you use our website, autonomous commerce agents, dashboard, APIs, and related services (the "Services"). It applies to all users of our platform, whether you are browsing our website, signing up for a trial, or running our agents on your e-commerce store.

By using the Services, you agree to the practices described in this policy. If you do not agree, please do not use the Services.

2. Information We Collect

Information You Provide

Data Type	Examples
Account Information	Name, email address, password, store name, business category, country, phone/WhatsApp number, expected order volume, and onboarding preferences
Billing Information	Billing address, subscription status, invoice metadata, payment status, and payment method metadata processed by an authorized PCI-compliant payment provider. Rezva does not store full card numbers, CVV codes, or raw payment credentials.
Business Data	Store profile information, product catalogs, order data, customer records, delivery addresses, payment status, and risk review records generated through Rezva Commerce.
Communications	Messages you send us via email, WhatsApp, or contact forms

Information Collected Automatically

Data Type	Purpose
Usage Data	Pages visited, features used, time spent � to improve the platform
Device Information	Browser type, operating system, and screen resolution � for compatibility, security, and abuse prevention
Agent Activity Logs	Records of actions taken by our autonomous agents on your behalf � for transparency and debugging

Information from Third Parties

When you connect messaging and commerce channels such as WhatsApp Business, Instagram DM, Instagram comments, Facebook comments, Messenger, Telegram operations, or Google Sheets/Drive through Rezva, we receive data necessary for the Order Engine and Risk Engine to operate on your behalf. This may include message content, phone numbers, contact names, voice notes, images, videos, message IDs, Instagram or Facebook user IDs, Page IDs, comment IDs, DMs, Messenger messages, product information, order details, delivery addresses, payment status, customer interaction history, and Google Sheet or Drive file metadata as authorized by the permissions you grant.

Important: Rezva acts as a linker between your accounts and our autonomous agents. You create and manage all third-party accounts yourself. We do not create, pay for, or manage your accounts on any third-party platform. We do not store your third-party sign-in credentials, passwords, raw provider secrets, credit card details, or bank account information associated with those platforms. We may store secure token or secret references needed to operate integrations you authorize.

3. How We Use Your Information

We use the information we collect to:

Provide the Services � operate the Order Engine and Risk Engine, process orders, collect missing order information, record order details, review COD risk, and manage customer interactions on your behalf.
Maintain your account � authenticate you, manage your subscription, and process payments.
Improve the platform � analyze usage patterns to enhance performance, fix bugs, and develop new features.
Communicate with you � send service updates, billing notifications, security alerts, and (with your consent) product announcements.
Ensure security � detect and prevent fraudulent or unauthorized access to the Services.
Comply with legal obligations � respond to legal requests and enforce our Terms of Service.

We do not sell your personal information. We do not use your business data to train general-purpose AI models. Your data is used exclusively to provide and improve the Services for your account.

We share your information only in the following circumstances:

Service Providers � we work with trusted third-party service providers who assist in operating the Services, including hosting and database providers, payment providers, email providers, contact form providers, scheduling tools, analytics, Google Fonts, and related operational infrastructure. These providers are expected to protect your data and use it only for the purposes we specify.
AI Processing Providers � message content, media, and order context may be processed by Google Gemini / Vertex AI only to extract order details, detect risk signals, and generate merchant-authorized customer replies. Rezva does not use merchant data to train general-purpose AI models.
Platform Integrations � when you connect a third-party platform via the "Connect" button, data flows between Rezva and that platform as necessary to provide the Services. This connection is initiated and authorized by you. Rezva acts as a linker only � we do not access, store, or process your third-party account credentials or payment information.
Legal Requirements � we may disclose information if required by law, regulation, legal process, or governmental request.
Business Transfers � in connection with a merger, acquisition, or sale of assets, your information may be transferred to the successor entity. We will notify you before your data becomes subject to a different privacy policy.

We do not share your data with advertisers or data brokers.

5. Third-Party Integrations � Rezva as a Linker

Our platform connects to third-party services including WhatsApp Business, Instagram DM, Instagram comments, Facebook comments, Messenger, Telegram operations, Google Sheets/Drive, and other supported commerce tools. Rezva acts exclusively as a link between your existing accounts on these platforms and our autonomous agents.

How Integrations Work

You connect your own third-party account via the "Connect" button in your Rezva dashboard.
You handle all account creation, setup, and billing directly with the third-party platform.
Rezva's agents then interact with the platform on your behalf, using only the permissions you grant.

What We Do NOT Collect or Store

Your third-party sign-in credentials, passwords, or raw provider secrets.
Your credit card details, bank account information, or billing data from third-party platforms.
Any account management data (e.g., subscription status or payment history) from third-party platforms, except limited integration metadata needed to show connection status and operate the integration you authorize.

Your Control

You can revoke integration access at any time through your Rezva dashboard or the third-party platform's settings.
Your use of third-party platforms is subject to those platforms' own terms of service and privacy policies. Rezva is not responsible for their availability, pricing, or data handling practices.

We recommend reviewing the privacy policies of any third-party platforms you connect to Rezva.

6. Data Security

We implement commercially reasonable technical and organizational measures to protect your data, including:

Encryption of data in transit (TLS/SSL) and at rest.
Encrypted database storage through Supabase/PostgreSQL.
Row-level security and access controls designed to isolate merchant data by account.
Access controls limiting data access to authorized personnel only.
Regular security assessments and monitoring.
Secure connection handling � OAuth tokens, provider tokens, and integration secrets are handled through secure token or secret references. Rezva does not store your third-party passwords, raw provider secrets, or account credentials in plaintext.

No system is completely secure. While we take extensive precautions, we cannot guarantee absolute security. If we become aware of a security breach affecting your data, we will notify you promptly in accordance with applicable law.

7. Data Retention

We retain your data for as long as your account is active or as needed to provide the Services. Specifically:

Account data � retained while your account is active and for 30 days after account deletion to allow recovery.
Message, order, and customer interaction data � retained while your subscription is active, up to 12 months for operational history, dispute support, and merchant reporting, then deleted or anonymized unless longer retention is legally required.
Business configuration data � retained while your subscription is active. Deleted within 30 days of account termination unless you request an earlier export.
Agent activity logs � retained for 90 days for debugging and performance analysis, then automatically purged.
Billing records � retained as required by applicable tax, payment, and financial regulations (typically 7 years).
Fraud, security, and audit records � retained as needed to protect the platform, investigate abuse, resolve disputes, and meet legal or compliance obligations.

You may request data deletion at any time by contacting us. We will process deletion requests within 30 days, except where retention is required by law.

8. Your Rights

Depending on your location, you may have the following rights regarding your personal information:

Access � request a copy of the personal data we hold about you.
Correction � request that we correct inaccurate or incomplete data.
Deletion � request that we delete your personal data, subject to legal retention requirements.
Portability � request your data in a structured, machine-readable format.
Objection � object to certain processing of your data, including direct marketing.
Restriction � request that we limit the processing of your data in certain circumstances.
Withdraw consent � where processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, contact us at privacy@rezva.app. We will respond within 30 days.

9. Cookies & Tracking

We use cookies and similar technologies to:

Essential cookies � maintain your session, remember your preferences (language, theme), and ensure the website functions correctly.
Analytics cookies � understand how visitors interact with our website to improve the experience. We use privacy-respecting analytics that do not track you across sites.

We do not use third-party advertising cookies or cross-site tracking pixels. Your browsing data is not shared with advertisers.

You can manage cookie preferences through your browser settings. Disabling essential cookies may affect the functionality of the Services.

10. International Data Transfers

Rezva operates globally and serves customers in multiple regions. Your data may be processed in countries other than your country of residence.

When we transfer data internationally, we ensure appropriate safeguards are in place, including:

Standard contractual clauses approved by relevant regulatory authorities.
Data processing agreements with all service providers.
Compliance with applicable data protection frameworks.

11. Children's Privacy

The Services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If you believe that a child has provided us with personal information, please contact us and we will take steps to delete such information.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will:

Post the revised policy on this page with an updated "Last updated" date.
Notify you via email or in-product notification if the changes are significant.

We encourage you to review this policy periodically. Your continued use of the Services after changes are posted constitutes acceptance of the updated policy.

13. Contact

If you have questions about this Privacy Policy or how we handle your data, please contact us:

Email: privacy@rezva.app
Billing: billing@rezva.app
General Inquiries: hello@rezva.app
Website: rezva.app

Privacy Policy