Account Data
Email address, authentication identifiers, profile fields, settings, billing state, and organization membership data.
A compact view of what Revelar processes, why it is needed, how long it is kept, and how to exercise your rights.
Last updated: 2026-05-03Revelar is the controller for account and product data it controls. For patient data entered during clinical use under a customer data processing agreement (DPA), the customer organisation is the controller and Revelar acts as processor on its instructions. For privacy inquiries, contact privacy@revelar.xyz. For support, contact support@revelar.xyz.
Email address, authentication identifiers, profile fields, settings, billing state, and organization membership data.
Report text can be processed during active AI and dictation workflows, but Revelar does not keep it as a server-side report archive.
Product, billing, credit, and safety metadata needed to run the service.
Session, device, diagnostic, and security metadata needed for authentication, abuse prevention, debugging, and reliability.
When you dictate, voice audio is sent to a configured third-party speech-to-text provider to produce the transcript that appears in your report.
Processing needed to provide the reporting workspace, AI assistance, dictation, and organization features.
Processing needed for account access, auth email, billing, settings, support, and security.
Marketing communications are consent-based where required and can be withdrawn.
To exercise these rights, email privacy@revelar.xyz or use the account data export page.
AI requests may process current report text when the user asks for assistance. Live dictation sends voice audio to a configured third-party speech-to-text provider to convert speech into editable text. Vendor retention and no-training evidence is tracked per AI route and per dictation route before stronger public claims are made.
Authentication, database, account data, organization data, and RLS-backed storage.
Hosting, serverless runtime, and deployment infrastructure.
OAuth sign-in where users choose Google authentication.
Authentication email through Supabase SMTP and support email from support@revelar.xyz. Email must not contain clinical report content.
Converts dictated voice audio into editable text during live dictation. The specific provider is configured per deployment, and voice audio is processed by this provider to produce the transcript.
Revelar uses EU-first processing where documented, including configured realtime dictation routes and Resend domain sending from Ireland. Provider support, account data, email metadata, and logs may involve processing outside the EU, so this is not an EU-only residency claim. Customer DPA, subprocessor list, and transfer mechanisms still need to be published before stronger transfer claims are made.
For privacy inquiries, data subject requests, DPA questions, or complaints, contact our privacy mailbox.
privacy@revelar.xyzThis privacy notice may be updated as the product, processor list, DPA, and clinical deployment posture mature.