Privacy policy.
Revtile · Toronto, Ontario, Canada · revtile.com
Introduction
This Privacy Policy explains how Revtile, a business based in Toronto, Ontario ("we", "us", "our"), collects, uses, discloses, and protects personal information. We handle personal information in accordance with Canada's Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable Ontario law. By using revtile.com, our products, or a Revtile card, you agree to the practices described in this policy.
Who this policy covers
This policy applies to our business customers (the local businesses that buy our products), to visitors of revtile.com, and to members of the public who tap or scan a Revtile card. When a person taps or scans a card, they are shown a feedback screen and are able to continue to the business's public Google review page. We do not ask those individuals for direct identifiers such as their name, email address, or phone number. We do collect limited technical and interaction data, described in Section 03.
Information we collect
From business customers
- Identity and contact details: your name, business name, email address, phone number, and billing address.
- Transaction information: the products and plans you buy and your billing history. Payment card details are collected and processed by our third-party payment processor (Stripe); we do not store your full card number.
- Account and support information: messages you send us, your account settings, your consent choices, and records related to your use of our products.
From people who tap or scan a card
- Feedback you choose to provide: a star-level rating and any written comments. Written comments are optional and may contain whatever text a person chooses to enter, so we ask people not to include sensitive personal information.
- A device identifier: a random value stored in the visitor's own browser (local storage) so that a returning visitor can be recognized and greeted, and so that a device submitting repeatedly can be identified. This value is not linked to a person's name or contact details. It is a small piece of text saved by the web browser, similar to how a website remembers a preference. It does not install anything, does not access, read, or change any other files, apps, photos, messages, or settings on the device, and a person can remove it at any time by clearing their browser's site data.
- Security and analytics signals: a one-way (hashed) version of the IP address, the browser or device type (user agent), an approximate country derived from network information, timestamps, and whether the person continued to a public review. We use these to operate the service, prevent fraud and abuse, and produce aggregate reporting. We do not store the raw IP address with this feedback.
Interaction and reporting data
For plans that include a smart landing page and reporting, we collect interaction data generated when people engage with your smart review page, for example which option a person selected, aggregate star-level signals, tap counts, and the text of publicly stated opinions or public review information. We use this to produce insights and recommendations for your business, and we design it so that it does not require us to collect direct identifiers about the individuals leaving feedback.
From the Site
We collect limited technical information through cookies, browser local storage, and similar technologies, as described in Section 05.
How we use information
- To provide, operate, secure, and improve our products and services.
- To recognize returning visitors on a business's feedback screen and tailor that moment for them.
- To detect, prevent, and investigate fraud, spam, manipulation, and other abuse of the feedback and review features.
- To process orders and recurring subscription payments.
- To generate analytics, insights, and recommendations for your business.
- To communicate with you about your account, orders, and support.
- To send marketing communications only where you have consented, consistent with Canada's Anti-Spam Legislation (CASL); you can withdraw consent at any time.
- To meet legal, tax, and record-keeping obligations, and to establish, exercise, or defend legal claims.
Cookies, local storage, and site analytics
We use cookies, browser local storage, and similar technologies for two purposes. The first is to make our products work, for example storing a device identifier and limited visit information in a visitor's browser so that a returning visitor can be recognized on a business's feedback screen. This functional storage lives on the visitor's own device and is not a shared advertising identifier. It stays on that device for the feedback screen only, does not install software, does not read or change other information on the device, and is not shared with other websites or used to follow people across the internet.
The second is website analytics. When you first visit revtile.com we ask whether you accept analytics cookies. We do not set any analytics cookie, and no analytics tracking runs, unless you choose Accept. If you choose Decline, or ignore the banner, no analytics cookies are set.
If you accept, we use Google Analytics to understand how many people visit the site, which pages they view, and where visits come from (for example a search engine, a social link, or a direct visit). Google Analytics sets its own cookies and processes this data on our behalf, including on servers in the United States, with IP addresses anonymized. We use this only to measure and improve the site, not to identify you personally.
You can withdraw consent at any time by clearing revtile.com cookies and site data in your browser, which also clears any stored device identifier and brings back the choice banner, or by using your browser's cookie and Do Not Track controls. You can learn more about Google Analytics at policies.google.com/privacy.
Service providers and international processing
We share personal information with service providers who process it on our behalf so that we can operate. These include, in various roles:
- hosting, content delivery, and security providers that run the website and applications and help protect them from abuse;
- cloud database, storage, and caching providers that hold account, order, feedback, and reporting data;
- a payment processor (Stripe), to process transactions and manage subscriptions;
- an email delivery provider, to send account, order, and service messages;
- Google, in connection with mapping and business-listing information, routing reviews to a business's public Google presence, and website analytics;
- one or more third-party artificial intelligence providers that help generate automated alerts, insights, and recommendations.
Some of these providers may store or process information on servers located outside Canada, including in the United States. Information processed outside Canada may be accessible to courts, law enforcement, and government authorities in those jurisdictions under their laws. We aim to limit the personal information sent to these providers, to rely on information that is already public where possible, and to use providers that offer appropriate safeguards.
Prospective business customers
We identify local businesses that may benefit from our products using information that is already publicly available, such as public business listings, mapping data, and public review information. We may use this information to evaluate and contact a business about our services. If you represent a business and do not wish to be contacted, you can ask us to stop at any time using the contact details below.
Consent
By providing personal information and using our products, you consent to the collection, use, and disclosure described here. For marketing messages we rely on your express consent. You may withdraw consent, subject to legal or contractual limits, by contacting us or by using the controls described in this policy.
Safeguards
We use reasonable administrative, technical, and physical safeguards appropriate to the sensitivity of the information, such as access controls, encryption in transit, hashing of certain identifiers, strong authentication for administrative access, and limiting who can access data. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.
Retention
We keep personal information only as long as needed for the purposes described or as required by law, after which we delete or anonymize it. You may ask us to delete information we hold about you, and we will do so where we are not required to retain it.
Your rights
Subject to applicable law, you may request access to the personal information we hold about you, ask us to correct it, withdraw consent, or ask questions about our handling of it. We will respond within the timelines required by PIPEDA. Some rights may be limited where information is not linked to an identifiable person, for example anonymized or hashed technical data.
Children's privacy
Our products and website are intended for businesses and adults. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, contact us and we will take reasonable steps to delete it.
No sale of personal information
We do not sell personal information, and we do not rent or trade it to third parties for their own marketing. We share information only with the service providers described in this policy, to complete a transaction you request, or where required or permitted by law.
Third-party links and services
Our products route people to third-party services, such as a business's public Google review page, and our website may link to third-party sites. We do not control, and are not responsible for, the content or privacy practices of those third parties, and we encourage you to review their policies.
Changes to this policy
We may update this policy from time to time to reflect changes in our products, technology, or legal obligations. When we make material changes, we will update the date shown on this page and, where appropriate, provide additional notice. Your continued use of our products after an update means you accept the revised policy.
Breach notification
If a privacy breach occurs that creates a real risk of significant harm, we will notify affected individuals and the Office of the Privacy Commissioner of Canada and keep records as required by PIPEDA.
Contact & privacy questions
To exercise your rights or ask questions, contact info@revtile.com or by mail to Revtile, Toronto, Ontario. If you are not satisfied with our response, you may contact the Office of the Privacy Commissioner of Canada.
© 2026 Revtile · All rights reserved