Privacy Policy (EU GDPR)

Last Updated: January 29, 2026

This Privacy Notice explains how Revera Limited, with registered address at The Black Church, St. Mary's Place, Dublin 7, Dublin, Ireland, processes personal data for visitors to our website and users of the Product Keystone SaaS platform. If you have questions, contact: info[at]revera8.com.

1. Scope

  • Website visitors (homepage site).
  • Product users (logged-in SaaS users, administrators, and supplier collaborators).
  • Support requestors and prospects (demo forms, webinars).

2. Data We Process

We collect and process the following categories:

  • Account and identity: name, business email, company, role, authentication identifiers (SSO/IdP claims).
  • Usage and telemetry: feature events, performance metrics, device/OS/browser data, IP address, timestamps.
  • Content and records: product data you upload (materials, certificates, test results), comments, tickets.
  • Support and communications: emails, chat transcripts, attachments, feedback forms.
  • Cookies and similar tech: essential cookies for login; optional analytics (subject to consent).

3. Purposes and Lawful Bases

We rely on the following legal bases under Art. 6 GDPR:

  • Contract performance (Art. 6(1)(b)): create and manage accounts, provide the service, support, billing.
  • Legitimate interests (Art. 6(1)(f)): security, fraud prevention, product analytics (where consent is not required), service improvement; we apply safeguards and opt-outs where appropriate.
  • Consent (Art. 6(1)(a)): non-essential cookies/analytics, marketing communications where required.
  • Legal obligations (Art. 6(1)(c)): tax, accounting, regulatory requests.

4. Sharing and Sub-processors

We use vetted service providers to host and operate the service. Our live sub-processor list is available at: https://. We require data processing agreements, ensure appropriate safeguards, and restrict processing to documented instructions.

  • Hosting and infrastructure (EU region by default).
  • Email and support tooling.
  • Critical functions (maps, satellite images).
  • Monitoring, logging, and security services.
  • Optional integrations you enable (ERP/PIM/PLM/SSO/LCA).

5. International Transfers

Where personal data is transferred outside the EEA/UK, we implement Standard Contractual Clauses (SCCs) and supplementary measures as required, or rely on an adequacy decision.

6. Retention

We retain personal data only as long as needed for the purposes above, including account lifecycle and legal obligations. Typical retention: account records while active; support tickets 3-7 years; telemetry 12-24 months; logs 90-365 days.

7. Your Rights

  • Access, rectification, erasure, restriction, portability, and objection (Art. 15-21).
  • Withdraw consent at any time (where applicable).
  • Lodge a complaint with your supervisory authority. EU lead authority (if applicable): [Authority details].

8. Security

We implement technical and organizational measures including encryption in transit/at rest, role-based access, audit logs, SSO/SCIM options, and vulnerability management.

9. Children

Our service is B2B and not intended for children under 16.

10. Controller/Processor Roles

For website and account administration, we act as a controller. For customer content uploaded to Product Keystone, we act as a processor under our DPA.

11. Changes

We will update this Notice when needed and indicate the effective date.