Privacy Policy

Last updated: 3 May 2026

1. Introduction

This Privacy Policy explains how Revlos ("Revlos", "we", "us", "our") collects, uses, discloses, stores, and protects personal information. Revlos is operated from Australia and is bound by the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth).

By using the Revlos platform, websites at revlos.com.au and app.revlos.com.au, or any associated services (collectively, the "Service"), you agree to this Policy.

2. Who This Policy Applies To

This Policy covers two categories of individuals:

(a) Revlos Account Users — the dealership principals, managers, salespeople, and staff who hold accounts and use the Service directly.

(b) Dealership End Customers — the consumers whose information is uploaded to the Service by a dealership for the purpose of marketing communications, retention activities, and appointment booking.

The dealership ("Customer") is the data controller of End Customer data. Revlos acts as a data processor on the Customer's instructions. End Customers should direct any data requests to the dealership in the first instance.

3. Information We Collect

3.1 From Account Users

  • Name, email, phone, role, dealership association
  • Authentication credentials and OAuth tokens (e.g., Google sign-in)
  • Activity data: pages visited, actions taken, messages generated/sent
  • Device data: IP address, browser type, operating system
  • Communications you send to us (support requests, feedback)

3.2 From Dealership Customers (Uploaded by Dealerships)

  • Names, email addresses, phone numbers
  • Vehicle ownership information (make, model, year, VIN, kilometres)
  • Purchase, finance, lease, and service history
  • Communication history (messages sent, replies received)
  • Appointment data
  • Any other fields the dealership chooses to upload

3.3 Automatically Collected

  • Cookies and similar technologies for session management and analytics
  • Logs and audit trails of system events

4. How We Use Information

We use information to:

  • Provide, operate, and maintain the Service
  • Generate AI-powered outreach messages on the dealership's behalf
  • Send SMS and email communications under the dealership's brand and salesperson identity
  • Process customer responses and book appointments
  • Enforce compliance with the Spam Act 2003, the Privacy Act 1988, and ACMA telemarketing standards
  • Process payments and manage subscriptions
  • Communicate with Account Users about the Service
  • Improve the Service (in aggregated, de-identified form only)
  • Detect, prevent, and address fraud, abuse, and security issues
  • Comply with legal obligations

We do not use End Customer personal information to train artificial intelligence models, sell data to third parties, or use it for any purpose outside the dealership's instructions.

5. Disclosure of Information

We disclose information only to:

  • Sub-processors that operate the Service infrastructure, including:
    • Supabase (database and authentication, AWS Sydney region)
    • Vercel (application hosting)
    • Anthropic (AI message generation)
    • Resend (transactional and marketing email delivery)
    • Twilio (SMS delivery)
    • Stripe or equivalent (payment processing, if applicable)
  • Authorities where required by law, court order, regulatory request, or to protect the rights, property, or safety of any person
  • Successors in the event of a merger, acquisition, or sale of assets, subject to equivalent privacy protections
  • The dealership that uploaded the End Customer data, in respect of that data

We do not sell personal information.

6. International Data Transfers

Primary data storage is in AWS Sydney (Australia). However, certain sub-processors (notably Anthropic, Vercel, Twilio) may process data outside Australia, including in the United States. By using the Service, you consent to such transfers. We rely on standard contractual protections with these sub-processors.

7. Data Retention

  • Account User data is retained for the duration of the account, plus seven (7) years thereafter for tax, audit, and legal purposes
  • End Customer data is retained for the duration of the dealership's subscription
  • Upon termination of a dealership account, End Customer data is deleted within thirty (30) days, except where retention is required by law

8. Security

We implement reasonable technical and organisational measures to protect personal information, including:

  • Encryption in transit (TLS 1.3) and at rest (AES-256)
  • Row-level security ensuring tenant isolation between dealerships
  • Role-based access controls
  • Audit logging
  • Regular security review

No system is perfectly secure. We cannot guarantee absolute security and disclaim liability for breaches caused by factors outside our reasonable control, including but not limited to: third-party service compromises, user credential theft, force majeure events, or attacks exploiting previously unknown vulnerabilities.

9. Your Rights

Under the Privacy Act, individuals have the right to:

  • Request access to personal information we hold about them
  • Request correction of inaccurate or out-of-date information
  • Lodge a complaint about our handling of personal information
  • Opt out of marketing communications at any time

End Customers should contact the dealership that holds their relationship in the first instance, as the dealership is the data controller.

Account Users may exercise these rights by emailing privacy@revlos.com.au. We will respond within thirty (30) days.

If you are not satisfied with our response, you may complain to the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.

10. Marketing Communications & Opt-Out

End Customers receiving SMS or email from a dealership via the Service may opt out at any time by:

  • Replying "STOP", "UNSUBSCRIBE", "REMOVE", or similar keywords to any SMS
  • Clicking the unsubscribe link in any email
  • Contacting the dealership directly

Opt-out is processed immediately and permanently across all dealership communications sent via the Service.

11. Cookies

We use essential cookies for authentication and session management, and analytics cookies to understand Service usage. You may disable cookies in your browser, though some features will not function correctly without them.

12. Children

The Service is not directed to individuals under sixteen (16). We do not knowingly collect information from children. If we become aware we have collected such information, we will delete it.

13. Changes to This Policy

We may update this Policy from time to time. Material changes will be notified via the Service or by email to Account Users. Continued use after notification constitutes acceptance.

14. Contact

For privacy questions or requests:

Email: privacy@revlos.com.au

Postal Address: Available on request — email privacy@revlos.com.au