Privacy Policy

Last updated: April 11, 2026

1. Information We Collect

We collect the following types of information:

  • Account information: email address, business name, and authentication data
  • Payment information: processed securely through Stripe — we never store card numbers, bank details, or financial credentials
  • Stripe Connect data: if you connect your Stripe account, we store your Stripe Connected Account ID to facilitate payments from your clients
  • Content: files, images, and project data you upload to portals
  • Messages: communications between freelancers and clients within portal chat
  • Usage data: page views, feature usage, and device information
  • Support requests: name, email, and message content submitted through our contact form

2. How We Use Your Information

  • To provide and maintain the Service
  • To process payments through Stripe and Stripe Connect
  • To generate watermarked previews of your uploaded files
  • To facilitate communication between freelancers and clients
  • To send transactional emails (account confirmation, password resets, notifications)
  • To respond to support requests
  • To improve the Service based on usage patterns
  • To enforce our Terms of Service and prevent abuse

3. Third-Party Services

We use the following third-party services to operate Reveald:

  • Supabase: database, authentication, and file storage (hosted in US East)
  • Stripe: payment processing and subscription billing
  • Stripe Connect: facilitating payments between freelancers and their clients
  • Vercel: hosting and deployment
  • Resend: transactional email delivery (account confirmations, password resets)

Each service has its own privacy policy governing how they handle your data. We encourage you to review them.

4. Cookies

We use the following types of cookies:

  • Authentication cookies: essential for maintaining your login session (set by Supabase)
  • Portal session cookies: used to authenticate client access to portals after PIN verification (httpOnly, expire after 4 hours)
  • CSRF cookies: used to prevent cross-site request forgery attacks
  • Cookie consent: stores your cookie preference in localStorage

We do not use advertising cookies, third-party tracking cookies, or analytics cookies. All cookies we use are essential for the Service to function.

5. Client Portal Data

When a freelancer creates a portal for their client, the client accesses it via a unique link and 4-digit PIN. We do not create accounts for portal visitors. We collect minimal data from portal visitors — no personal information is required to view a portal. Portal session tokens and access timestamps may be stored for security purposes.

Client email addresses: Freelancers provide their client's email address when adding a client to the Service. These email addresses are stored solely for the purpose of portal delivery, invoicing, and facilitating communication between the freelancer and their client within the Service. We will never use client email addresses for marketing, advertising, or any purpose unrelated to the freelancer-client relationship. We do not sell, rent, or share client email addresses with third parties. Client email addresses are deleted when the associated client record is removed by the freelancer or upon account termination.

6. Data Storage and Security

Your data is stored securely using Supabase infrastructure with encryption at rest and in transit. Original (unwatermarked) files are stored in private storage and accessible only to the file owner. Watermarked previews are stored in public storage for client viewing. We implement industry-standard security measures including row-level security policies, salted password/PIN hashing, rate limiting, CSRF protection, and secure session management. However, no method of transmission over the internet is 100% secure.

7. Payment Data

Reveald does not store, process, or have access to credit card numbers, bank account details, or other sensitive financial information. All payment processing is handled by Stripe. When freelancers connect their Stripe account via Stripe Connect, we store only their Stripe Connected Account ID. Reveald does not hold client funds at any time — payments flow directly from clients to freelancers through Stripe, with a 2.5% platform fee deducted automatically.

8. Data Retention

We retain your data for as long as your account is active. Upon account deletion, we will delete your personal data and uploaded files within 30 days, except where required by law or for legitimate business purposes (e.g., fraud prevention, financial record-keeping). Portal session data is automatically cleaned up after expiration.

9. Your Rights

You have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your data ("right to be forgotten")
  • Export your data in a portable format
  • Opt out of non-essential communications
  • Withdraw consent for data processing at any time

To exercise these rights, submit a request through our contact form using the "Export My Data" or "Delete My Data" options. We will respond within 30 days.

10. Children's Privacy

The Service is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If we discover we have collected data from a child under 18, we will delete it promptly.

11. Changes to This Policy

We may update this policy from time to time. We will notify you of significant changes via email or through the Service at least 30 days before they take effect. The "Last updated" date at the top of this page indicates when the policy was last revised.

12. Contact

For privacy-related inquiries, data requests, or concerns, contact us through our contact form and select the appropriate privacy category.