# Privacy Policy for Revi **Last Updated:** May 11, 2026 ## Introduction Revi ("the App") is a non-custodial cryptocurrency wallet application that enables users to securely manage their Solana blockchain assets. Revi does not custody, access, control, or recover your private keys, recovery phrases, or digital assets. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when using our mobile application. --- ## 1. Information We Collect ### 1.1 Information You Provide Directly #### Wallet Information - Wallet addresses and public keys - Transaction history and blockchain data (displayed from public ledgers) - Recovery phrases / seed phrases are generated locally on your device only and are never transmitted to Revi servers - Email addresses (optional, for verification features) #### Account Profile (Optional) When you use profile features, you may provide: - Username and short biography text - Profile photo (chosen from your device photo library and uploaded to Revibase-operated services) #### Biometric Data - Face ID, Touch ID, or fingerprint biometric authentication (processed locally on your device only) - Biometric enrollment data stored securely by your device operating system and secure enclave #### Authentication - Passkey data used for local authentication and security - Device certificates and cryptographic keys ### 1.2 Information Collected Automatically #### Device Information - Device type, operating system, and version - Crash reports and performance metrics (via Sentry) #### Diagnostics (Sentry) - Error and crash logs, stack traces, and performance data - Technical breadcrumbs and limited, non-sensitive application context to diagnose failures (content is sanitized where feasible) - When you are signed in, a **pseudonymous session identifier** may be attached to error reports so we can correlate related events—not for advertising and not sold to third parties We do **not** use this data for third-party advertising, cross-app tracking, or behavioral marketing profiles. #### Push Notification Information - Push notification tokens and identifiers - Notification preferences and delivery metadata ### 1.3 Information from Third-Party Services #### Blockchain Data - Transaction data from the public Solana blockchain - Account balances and token information retrieved from RPC providers Because blockchain networks are public and decentralized, wallet addresses, transaction history, balances, and related activity may be publicly visible and cannot generally be deleted or modified. --- ## 2. How We Use Your Information We use collected information to: - Enable wallet functionality and transaction processing - Authenticate and secure wallet access - Operate optional account and profile features you choose to use - Improve app performance and stability - Diagnose technical issues and debug problems - Monitor for suspicious activity and prevent fraud - Deliver notifications and security alerts - Comply with legal obligations We do not sell personal information or use your data for third-party advertising or cross-app tracking. --- ## 3. Data Storage & Security ### 3.1 Local Storage (Device) #### Secured Locally - Private keys: Never transmitted and stored only within your device secure enclave or encrypted storage - Recovery phrases / seed phrases: Stored only on your device unless explicitly backed up by you using your own cloud or device backup tools - Face ID / biometric data: Processed only by your device operating system and never shared with Revi - Passkeys: Stored in encrypted device storage - Public wallet addresses and non-sensitive wallet metadata: Stored locally, with optional synchronization and account data through Supabase and Revibase backend services when you use those features #### Never Uploaded to Revi Servers - Private keys - Recovery phrases / seed phrases - Biometric authentication data ### 3.2 Server Storage (When Applicable) #### Revibase Backend API When you use sign-in, profile, email verification, trusted-device, or related features, relevant data is processed by **Revibase-operated servers** (API endpoints configured in the app), including for example: - Optional email addresses and verification status - Username, bio, and profile image you submit - Authentication and security-related records needed to operate those features (for example, device or session metadata required for passkeys and fraud prevention) Data is encrypted in transit using HTTPS/TLS. See https://revibase.com/privacy for entity-level disclosures. #### Supabase (Realtime & Application Data) - Used for optional synchronization, realtime channels, and related application data tied to your account - Email addresses (optional) and application data as required for those features - Data encrypted in transit using HTTPS/TLS #### Sentry (Error Monitoring) - Crash reports and error logs - Stack traces and diagnostic information that may include limited non-sensitive application state - Performance metrics - Pseudonymous user/session identifier when you are signed in (see §1.2) ### 3.3 Security Measures - All data transmitted over HTTPS/TLS encryption - Private keys never leave your device - Biometric authentication uses your device secure enclave and operating system protections - Regular security audits and dependency updates - No plaintext passwords stored Portions of Revi may be open source and publicly auditable. --- ## 4. Permissions & API Access ### 4.1 iOS Permissions - **Camera:** Required for QR code scanning to receive funds - **Face ID / Touch ID:** Required for secure local authentication when you enable it - **Local Authentication:** Used for biometric security - **Photo Library:** Used when you choose a profile picture from your existing photos (optional) - **NFC (Near Field Communication):** Required for hardware security key interaction - **Notifications:** Used for transaction alerts, security notifications, and network status updates ### 4.2 Android Permissions - **Camera:** Required for QR code scanning to receive funds - **Biometrics:** Fingerprint or face unlock (device-dependent), for secure local authentication when you enable it - **Local Authentication:** Used for biometric security - **Photos / media (device-dependent):** Used when you choose a profile picture from your gallery (optional) - **NFC (Near Field Communication):** Required for hardware security key interaction - **Notifications:** Used for transaction alerts, security notifications, and network status updates ### 4.3 Privacy Manifest (iOS) The app complies with Apple's App Privacy Manifest requirements. Revi may access: - UserDefaults (for local app settings and preferences) - SystemBootTime (for security timestamp validation) --- ## 5. Third-Party Services ### 5.1 Revibase Backend - **Purpose:** Account authentication, profile and settings APIs, transaction assistance, and related wallet features you invoke from the app - **Data:** As described in §3.2 (Revibase Backend API) - **Privacy:** https://revibase.com/privacy ### 5.2 Supabase - **Purpose:** Optional synchronization, realtime, and related application data storage - **Data:** As required for those features (see §3.2) - **Privacy:** https://supabase.com/privacy ### 5.3 Sentry - **Purpose:** Error monitoring, diagnostics, and debugging - **Data:** Crash logs, performance metrics, diagnostic information, and pseudonymous session correlation when signed in - **Privacy:** https://sentry.io/privacy/ ### 5.4 Solana RPC Providers - **Purpose:** Blockchain data retrieval and transaction broadcasting - **Data:** Wallet addresses queried for balances, token information, and transaction history - **Privacy:** RPC providers operate independently under their own privacy policies ### 5.5 Push Notification Providers - **Purpose:** Delivery of notifications and security alerts - **Data:** Push notification tokens and notification delivery metadata - **Providers:** Apple Push Notification Service (APNs), Firebase Cloud Messaging (FCM), and/or Expo Notifications - **Privacy:** These providers operate independently under their own privacy policies --- ## 6. Data Retention - **Private Keys & Recovery Phrases:** Stored only on your device and never retained by Revi servers - **Transaction History:** Retained as long as available on public blockchain networks - **Crash Reports (Sentry):** Retained for up to 90 days for debugging and stability improvements - **Account profile and optional server-side settings:** Retained only as necessary to provide the features you use, until you delete your account or we remove data in line with our retention practices described at https://revibase.com/privacy --- ## 7. Your Rights & Choices ### 7.1 Access & Local Data Removal - You can export your wallet at any time - You may clear locally stored app data by uninstalling the application or clearing app storage through your device settings - Some blockchain-related records cannot be deleted because they exist on public decentralized networks ### 7.2 Biometric Data - You control biometric authentication through your device settings - Biometric data is never shared with Revi - Disabling biometric recognition in your device settings may disable certain app security features ### 7.3 Permissions - You may revoke camera, photo library, NFC, or notification permissions at any time through your device settings - Certain features may become unavailable if permissions are revoked --- ## 8. International Data Transfers Our services may involve the transfer and processing of information across international borders (for example, where Revibase, Supabase, or Sentry process data in multiple regions). Where required by law, we rely on appropriate safeguards such as **standard contractual clauses** approved by relevant authorities and **data processing agreements** with subprocessors, in addition to technical and organizational measures. --- ## 9. Changes to This Privacy Policy We may update this Privacy Policy periodically to reflect changes in our practices, technologies, legal requirements, or operational needs. If material changes are made, we may notify users through the app or by updating the "Last Updated" date above. Your continued use of Revi after updates become effective constitutes acceptance of the revised Privacy Policy. --- ## 10. Contact Us If you have questions about this Privacy Policy or our privacy practices: - **Email:** admin@revibase.com - **Website:** https://revibase.com/privacy - **Address:** Revibase (legal entity contact information available on the website) --- ## 11. Specific Disclosures by Jurisdiction ### 11.1 California (CCPA) California residents may have rights including: - The right to know what personal information is collected - The right to request deletion of personal information where applicable - The right to opt out of the sale of personal information (Revi does not sell personal information) - The right to non-discrimination for exercising privacy rights Contact: admin@revibase.com ### 11.2 European Union (GDPR) Residents of the European Economic Area may have rights including: - Right of access - Right to rectification - Right to erasure - Right to restrict processing - Right to data portability - Right to object to processing Our legal bases for processing include your consent, performance of requested services, compliance with legal obligations, and legitimate interests such as fraud prevention, security, and app functionality. ### 11.3 Other Jurisdictions Users in other jurisdictions may have additional rights under applicable privacy laws. Please contact us for more information about your local privacy protections. ### 11.4 Children’s Privacy Revi is not directed at children under 13 (or the minimum age required in your jurisdiction), and we do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us and we will take appropriate steps. --- ## 12. Financial & Blockchain Disclaimer Revi does not provide financial, investment, legal, or tax advice. Blockchain transactions are irreversible. Users are solely responsible for verifying wallet addresses, transaction details, and network conditions before confirming transactions. Digital assets involve significant risk, including potential loss of funds. --- ## 13. Commitment to Security While we implement industry-standard security measures, no system can be guaranteed completely secure. You are responsible for: - Keeping your recovery phrase secure - Protecting your device with a strong passcode - Not sharing your private keys or recovery phrase with anyone - Verifying transaction details before confirming transactions --- ## Acknowledgment By using Revi, you acknowledge that you have read and understood this Privacy Policy. Your continued use of the app constitutes acceptance of this policy.