V0.7 Last updated 12th March 2020
At Revoke, we care deeply about data protection and privacy.
It’s the reason we launched Revoke: the internet is broken, personal data is everywhere. We want to fix this problem by helping everybody to exercise their data protection rights.
Revoke Limited (“Revoke”, “us”, “we”, or “our”) operates the https://revoke.com website and the Revoke mobile application (the “Service”).
This page informs you of our policies regarding the collection, use and disclosure of personal data when you use our Service and the choices you have associated with that data.
While using our Service, we ask you to provide us with certain personally identifiable information (“Personal Data”). If you choose not to provide your Personal Data, some aspects of the Service may not be available to you; for example, we may not be able to communicate effectively on your behalf with organisations in order to help you exercise your data protection rights.
We collect your contact information (name, email address) in order to communicate with you in the context of the Service.
If you are in the European Economic Area (EEA), our legal basis for processing your contact information is:
In order to assist you to exercise your individual rights, we collect your identification information and the identification information of relevant personnel at organisations we contact. This allows us to verify your identity, inform you whether your personal data has been the subject of a data breach, detect and prevent fraud, and also allows companies to identify you when you ask us to contact them on your behalf. We may therefore ask for your:
We encrypt all sensitive personal information. When we share this information with an organisation’s Data Protection Officer (DPO) we ensure that only the designated recipient of this information is able to access it. We have no access to your Photo ID or biometric data after your identity has been verified unless you explicitly consent to a request from a DPO for this information, as part of their process to ensure you are who you say you are.
When we communicate with organisations on your behalf, it is their responsibility to satisfy themselves that you are a customer of theirs. In order to do this, they may ask for additional information from you, such as a date or amount of a previous bill, a previous address, or a customer number. This information will be encrypted and only accessible to the organisation that has requested it, in order for them to accurately identify you.
If you are in the EEA, our legal basis for processing your identification information is:
As a result of your use of the Service, we may receive copies of your personal data from other sources. This includes:
We require you to select a Country of Residence. We use this data to determine which organisations you are likely to want to interact with. For example, if you live in the UK, you will typically want to communicate with UK companies.
If you are in the EEA, our legal basis for processing your location information is:
We may provide paid products and/or services within the Service. In case you choose to buy such products and/or services, you will be required to provide your payment information such as your name and credit card details.
The payment processors we work with are:
Apple Store In-App Payments
Google Play In-App Payments
If you are in the EEA, our legal basis for processing your payment information is:
We use information about your account activity in order to secure your account, detect and prevent fraud, and to measure and improve the Services. This includes your:
If you are in the EEA, our legal basis for processing your account activity information is:
When you make a request to a company, exercising your data protection rights, we communicate with that company on your behalf. The Data Protection Officer (DPO) of that company needs to be satisfied that you are who you say you are. We securely share personal information with that company, in order that they can correctly find your data, and act according to your preferences.
When you give your explicit permission, we share your Personal Data in encrypted form so that only the designated recipient is able to access it.
When we carry out a dark web search using your email address, our partner organisation Cyberscout receives a reference number linking to an anonymized version of your search results. If you choose to see assistance and follow up on the results of your dark web search, your data may be shared with:
We may employ third party companies and individuals to facilitate our Service, provide the Service on our behalf, perform Service-related services or assist us in analysing how our Service is used.
These third parties have access to your Personal Data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.
Under certain circumstances, Revoke may be required to disclose your Personal Data if required to do so by law or in response to valid requests by public authorities (e.g. a court or a government agency).
Revoke may disclose your Personal Data in the good faith belief that such action is necessary:
The security of your data is extremely important to us.
All data we store is fully encrypted with multiple layers.
You can find out more in our Security Policy.
When you provide us with personal data in order for us to identify you, and for a receiving DPO to identify you, we encrypt this in such a way that only the recipient of that request is able to decrypt this data.
We need to be able to decrypt certain data in order to confirm its accuracy (e.g. email address, phone number). We also need to be able to send this information to companies with whom we are interacting on your behalf.
We use multiple rotating keys to encrypt your data; there is no master key.
Your private key is never transmitted to our servers.
When companies respond to requests for your Personal Data that we have made on your behalf, we have no way of accessing the Personal Data sent by them.
Data retrieved from these companies is encrypted using your private key, stored on your phone. The only person who can access this data is you.
Your information, including Personal Data, may be transferred to – and maintained on – computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ from those of your jurisdiction.
If you are located outside the European Union and choose to provide information to us, please note that we transfer the data, including Personal Data, to the European Union and process it there.
Should you delete your account, we will only retain and use your Personal Data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), detect and prevent fraud, resolve disputes and enforce our legal agreements and policies.
Should your account remain inactive for a period of 18 months, your account will be treated as expired. If we do not hear from you after sending you a reminder, we will delete your account and aggregate or anonymise your Personal Data.
Where the EU General Data Protection Regulation (“GDPR”) applies, you have the following data protection rights in the circumstances set out under the GDPR and other applicable law:
The right to access, update or delete the information we have on you. Whenever made possible, you can access, update or request deletion of your Personal Data directly within your account settings section. If you are unable to perform these actions yourself, please contact us to assist you.
The right of rectification. You have the right to have your information rectified if that information is inaccurate or incomplete.
The right to object. You have the right to object to our processing of your Personal Data when it relates to direct marketing, or where it is being processed on certain legal grounds.
The right of restriction. You have the right to request that we restrict the processing of your personal information in certain circumstances.
The right to data portability. You have the right to be provided with a copy of the information we have on you in a structured, machine-readable and commonly used format.
The right to withdraw consent. You also have the right to withdraw your consent at any time where Revoke relied on your consent to process your personal information.
If you wish to exercise any of the above rights, please contact us using the details listed under “Contact Us”. Please note that we may ask you to verify your identity before responding to such requests.
You have the right to complain to a Data Protection Authority about our collection and use of your Personal Data. For more information, please contact your local data protection authority in the EEA.
We take security seriously which is why we’ve been assessed and certified for addressing cybersecurity effectively and mitigating the risk from Internet-based threats.View our certificate