Last updated: 24 June 2026
For data protection law (including the EU/UK GDPR), the customer (“Merchant”) is the data controller and Revova is the data processor. Revova processes personal data only on the Merchant's documented instructions, which include using Revova to recover failed payments.
On the Merchant's behalf, Revova processes: end-customer email address, name, phone (if provided), the failed payment amount, currency, decline reason, subscription/invoice identifiers, and email engagement (opens, clicks, bounces). Revova never receives or stores full card numbers.
Data is processed solely to deliver the payment-recovery service and is retained for as long as the Merchant's account is active. On account deletion (Settings → Data & Privacy), all personal data is permanently erased.
Revova uses the following sub-processors. The Merchant authorizes their use by accepting this DPA.
| Sub-processor | Purpose | Region |
|---|---|---|
| Vercel | Application hosting | USA |
| Supabase | Database & authentication | USA / EU |
| Stripe / Paddle / Braintree / Chargebee / Recurly | Payment event processing | USA / EU |
| Resend | Transactional email delivery | USA |
| Twilio | SMS delivery (if enabled) | USA |
| Groq / Google (Gemini) / Anthropic | AI email generation | USA |
Revova applies encryption in transit and at rest, row-level data isolation, signed-webhook verification, least-privilege access, and credential redaction. See our Security page.
Revova assists the Merchant in responding to data-subject requests. Merchants can export or delete all data themselves at any time, and can suppress any end-customer address via the email blacklist.
Where personal data is transferred outside the EEA/UK, transfers rely on Standard Contractual Clauses or an equivalent lawful mechanism provided by the relevant sub-processor.
Revova will notify the Merchant without undue delay after becoming aware of a personal data breach affecting the Merchant's data.
This DPA is a good-faith template. For a binding agreement tailored to your jurisdiction and an enterprise contract, have it reviewed by your legal counsel. To sign a countersigned copy, email legal@revova.io.