Last updated: January 1, 2025 | Effective: January 1, 2025

Table of Contents

  1. Introduction and Scope
  2. Information We Collect
  3. How We Collect Information
  4. Legal Basis for Processing
  5. How We Use Your Information
  6. Data Sharing and Disclosure
  7. International Data Transfers
  8. Data Retention Periods
  9. Your Rights
  10. Cookies and Tracking Technologies
  11. Security Measures
  12. Blockchain-Specific Data Considerations
  13. Enterprise Customer Data
  14. Children's Privacy
  15. Third-Party Links and Services
  16. Changes to This Policy
  17. Contact Information
  18. Definitions Glossary

1. Introduction and Scope

Reveloom, Inc. ("Reveloom," "we," "us," or "our") is committed to protecting your privacy and handling your personal data with transparency, integrity, and care. This Privacy Policy describes how we collect, use, store, share, and protect information about you when you access or use our website at reveloom.com, our enterprise blockchain infrastructure platform, our application programming interfaces (APIs), and any related tools, documentation, services, or communications we provide (collectively, the "Services").

This Privacy Policy applies to all users of Reveloom's Services, including individual developers, enterprise customers, business partners, prospective customers who visit our website, and any other individuals whose personal data we process. By accessing or using our Services, you acknowledge that you have read and understood this Privacy Policy. If you are using our Services on behalf of an organization, you represent that you have authority to bind that organization to this Privacy Policy.

This Privacy Policy does not apply to third-party websites, services, or applications that may link to or integrate with our Services, even if accessed through our platform. We encourage you to review the privacy policies of any third-party services you use in connection with Reveloom.

Reveloom operates as an enterprise blockchain infrastructure company, which means our data handling practices involve both conventional software platform considerations and unique blockchain-specific concerns. We have designed our privacy practices to address this dual nature and to comply with applicable privacy laws, including the General Data Protection Regulation (GDPR) for individuals in the European Economic Area (EEA), the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) for California residents, and other applicable data protection regulations worldwide.

2. Information We Collect

2.1 Personal Data

We collect various categories of personal data depending on how you interact with our Services. Personal data includes any information that can directly or indirectly identify a natural person. The personal data we collect includes, but is not limited to: full name, business email address, phone number, job title, company name, billing address, payment card information (processed through our payment processors), government-issued identification (where required for compliance), and account login credentials including usernames and hashed passwords.

When you register for an account, we collect the information necessary to create and maintain your account, verify your identity, and provide you with access to our Services. During the onboarding process, we may collect additional information about your organization's technical requirements, blockchain network preferences, intended use cases, and team structure to better tailor our Services to your needs.

2.2 Usage Data

We collect information about how you interact with our Services, including pages and features you access, the frequency and duration of your use, actions taken within the platform, API calls and query parameters (excluding sensitive transaction data), dashboard interactions, configuration changes, and error reports generated during use. This usage data helps us understand how our Services are being used, identify technical issues, and improve the user experience.

Usage data also includes records of your support interactions with our team, including emails, chat transcripts, and support tickets. These records are retained to ensure continuity of service and to help us improve our support processes over time.

2.3 Blockchain Data

As a blockchain infrastructure platform, Reveloom processes certain blockchain-related data on your behalf. This includes wallet addresses, transaction hashes, smart contract addresses, ABI definitions, block data, event logs, and network state information that you submit to or query through our Services. While much of this data exists on public blockchains and is inherently non-private, we treat all data you submit to our platform with appropriate confidentiality.

We may collect and process metadata about your blockchain operations, such as the frequency of transactions, the networks you interact with, and the types of smart contracts you deploy, for the purposes of providing analytics, monitoring network performance, and ensuring service reliability. This operational metadata does not include the private keys or seed phrases associated with your blockchain accounts, which we never request and which should never be shared with any third party including Reveloom.

2.4 Technical Data

When you visit our website or use our Services, we automatically collect certain technical information about your device and connection. This includes your IP address, browser type and version, operating system and version, device identifiers, screen resolution, language settings, referring URLs, timestamps of access, and cookie identifiers. We also collect information about your network connection quality and latency to optimize the delivery of our Services.

For enterprise customers using our hosted or managed infrastructure, we may collect server logs, performance metrics, resource utilization data, and infrastructure configuration information necessary to deliver contracted service levels and ensure the security and reliability of the platform.

3. How We Collect Information

3.1 Direct Collection

We collect information directly from you when you register for an account on our platform, complete forms or surveys on our website, subscribe to our newsletter or marketing communications, contact our sales team or customer support, attend our events or webinars, participate in beta programs or product trials, or otherwise communicate with us. The information you provide directly is generally the most comprehensive and accurate source of personal data we hold about you.

When you apply for enterprise contracts or negotiated pricing, we may collect additional business information including details about your organization's size, industry, technical infrastructure, compliance requirements, and existing blockchain deployments. This information helps us provide appropriate service tiers and customize our platform to meet your specific enterprise needs.

3.2 Automatic Collection

We automatically collect certain information through cookies, web beacons, pixel tags, and similar tracking technologies when you visit our website or use our platform. These technologies allow us to recognize your browser or device across sessions, understand how you navigate through our platform, measure the effectiveness of our marketing campaigns, and deliver personalized experiences. For more details about our use of these technologies, please see Section 10 (Cookies and Tracking Technologies).

Our Services also automatically collect log data when you make API calls, including the endpoint accessed, request parameters, response codes, request size, response time, and IP address. This log data is essential for troubleshooting, security monitoring, and ensuring the reliability of our infrastructure.

3.3 Third-Party Sources

We may receive information about you from third-party sources, including business intelligence and data enrichment providers that help us understand the organizations and industries we serve, marketing partners with whom you have consented to share your information, analytics providers that aggregate behavioral and technical data, payment processors that confirm transaction completion, identity verification services for compliance purposes, and blockchain analytics providers that help us monitor for fraudulent or illegal activity on our platform.

When we receive personal data from third-party sources, we handle it in accordance with this Privacy Policy and any additional obligations imposed by the terms under which that data was shared with us. We do not purchase personal data from data brokers for the purpose of marketing or advertising.

5. How We Use Your Information

5.1 Service Delivery

We use the information we collect primarily to provide, maintain, and improve our Services. This includes creating and managing your account, authenticating your identity when you log in, processing API requests and returning query results, delivering blockchain data and analytics to your applications, provisioning and managing infrastructure resources allocated to your account, and generating invoices and processing payments for your subscription.

We also use your information to communicate with you about your account, including sending transactional emails about account activity, billing confirmations, security alerts, and service status updates. These communications are necessary for the operation of your account and cannot be opted out of while you maintain an active subscription.

5.2 Security and Fraud Prevention

We use personal and technical data to protect the security and integrity of our platform and your data. This includes monitoring for unusual access patterns or API usage that may indicate unauthorized access or abuse, detecting and preventing fraudulent account registrations, investigating reports of security incidents or policy violations, verifying the identity of users making sensitive account changes, and enforcing our acceptable use policies and terms of service.

5.3 Analytics and Product Improvement

We analyze usage data to understand how our Services are being used, identify areas for improvement, prioritize new features, measure the impact of product changes, and make data-driven decisions about the direction of our platform. This analysis is conducted on aggregated or pseudonymized data wherever possible to minimize privacy impact.

5.4 Marketing and Communications

With your consent where required by applicable law, we may use your contact information to send you marketing communications about Reveloom products, features, events, case studies, industry insights, and promotional offers. You may opt out of marketing communications at any time by clicking the unsubscribe link in any marketing email or by contacting us at privacy@reveloom.com. Opting out of marketing communications does not affect our ability to send you transactional or service-related communications.

6. Data Sharing and Disclosure

6.1 Service Providers

We share personal data with third-party service providers that assist us in operating our business and delivering our Services. These providers include cloud infrastructure providers (such as hosting and data center services), payment processors and billing system operators, customer relationship management (CRM) platform vendors, email and communication service providers, analytics and monitoring tool vendors, identity verification and fraud detection services, legal and accounting professional advisors, and customer support platform operators.

All service providers are carefully vetted and are contractually required to handle personal data only as instructed by Reveloom, to implement appropriate technical and organizational security measures, and to refrain from using personal data for their own purposes. Where required, we enter into data processing agreements (DPAs) with these providers that include standard contractual clauses or other approved transfer mechanisms.

6.2 Legal Requirements

We may disclose personal data when we believe in good faith that disclosure is required by law, regulation, or legal process, including compliance with court orders, subpoenas, search warrants, or other lawful requests from government authorities. Where legally permitted, we will notify you of such requests before complying. We may also disclose information when necessary to protect the rights, property, or safety of Reveloom, our users, or the public, including to prevent or detect fraud, security breaches, or illegal activity.

6.3 Business Transfers

In the event of a merger, acquisition, reorganization, sale of assets, or bankruptcy or insolvency proceeding involving Reveloom, personal data we hold may be among the assets transferred or disclosed to the acquiring entity. We will provide notice to affected users before personal data is transferred and becomes subject to a different privacy policy. If the acquiring entity's privacy practices are materially less protective than this Privacy Policy, we will seek your consent where required by applicable law.

6.4 Aggregated and Anonymized Data

We may share aggregated, anonymized, or de-identified data that cannot reasonably be used to identify you with third parties for research, analytics, marketing, or industry benchmarking purposes. This data does not constitute personal data and is not subject to the restrictions described in this Privacy Policy.

7. International Data Transfers

Reveloom is headquartered in San Francisco, California, and our primary data processing infrastructure is located in the United States. If you are accessing our Services from outside the United States, your personal data will be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your country or jurisdiction.

For transfers of personal data from the European Economic Area (EEA), the United Kingdom, or Switzerland to the United States or other third countries, Reveloom relies on the following transfer mechanisms as appropriate: Standard Contractual Clauses (SCCs) approved by the European Commission or the UK Information Commissioner's Office (ICO), adequacy decisions issued by the European Commission, the UK-US Data Bridge framework, or other lawful transfer mechanisms as may be available and applicable.

To the extent we engage subprocessors in multiple jurisdictions for the delivery of our enterprise infrastructure services, we conduct transfer impact assessments and implement supplementary technical measures, such as encryption in transit and at rest, to ensure that transferred data receives a level of protection equivalent to that required in the EEA. Copies of our standard contractual clauses and data transfer impact assessments are available upon request by contacting privacy@reveloom.com.

Enterprise customers with specific data residency requirements may request data localization options as part of their contracted service configuration. Please contact our sales team for information about available data residency configurations and any additional costs associated with such arrangements.

8. Data Retention Periods

We retain personal data for as long as necessary to fulfill the purposes for which it was collected, to provide our Services to you, and to comply with our legal, regulatory, tax, accounting, and reporting obligations. The specific retention period applicable to your data depends on the category of data and the purpose for which it was collected.

Account Data: Personal data associated with your account is retained for the duration of your account's existence and for a period of three (3) years following account termination or deletion, unless a longer retention period is required by law or is necessary to resolve disputes or enforce our agreements.

Transaction and Billing Records: Records of financial transactions, invoices, and payment information are retained for a minimum of seven (7) years to comply with tax and accounting requirements under applicable law.

Security and Audit Logs: Security event logs, access logs, and audit trails are retained for a minimum of twelve (12) months and a maximum of twenty-four (24) months to support security incident investigation and forensic analysis.

API and Usage Logs: API request logs and platform usage data are retained for a period of ninety (90) days for performance monitoring and troubleshooting, and may be retained in aggregated, anonymized form for longer periods for analytics purposes.

Marketing Data: Contact information and preferences used for marketing communications are retained until you opt out or withdraw consent, after which your data will be suppressed from future marketing sends and permanently deleted within thirty (30) days.

When personal data is no longer required for the purposes for which it was collected, we securely delete or anonymize it in accordance with our data destruction policies. Where complete deletion is not technically feasible (such as backup systems), we isolate the data from further processing until deletion is possible.

9. Your Rights

9.1 GDPR Rights (EEA, UK, Switzerland)

If you are located in the European Economic Area, the United Kingdom, or Switzerland, you have the following rights under the GDPR and applicable national data protection laws:

Right of Access: You have the right to request confirmation of whether we process personal data about you and, if so, to receive a copy of that personal data along with information about how it is used, where it was obtained, and with whom it is shared.

Right to Rectification: You have the right to request correction of inaccurate personal data or completion of incomplete personal data we hold about you.

Right to Erasure ("Right to Be Forgotten"): You have the right to request deletion of your personal data where it is no longer necessary for the purposes for which it was collected, where you have withdrawn consent and there is no other legal basis for processing, where you have objected to processing and there are no overriding legitimate grounds, or where the data has been unlawfully processed.

Right to Restriction of Processing: You have the right to request that we restrict processing of your personal data in certain circumstances, such as while we verify the accuracy of data you have contested or while we assess a processing objection.

Right to Data Portability: You have the right to receive personal data you have provided to us in a structured, commonly used, machine-readable format, and to have that data transmitted to another controller where technically feasible.

Right to Object: You have the right to object at any time to processing of your personal data based on our legitimate interests or for direct marketing purposes. We will cease processing unless we can demonstrate compelling legitimate grounds that override your interests or unless the processing is for the establishment, exercise, or defence of legal claims.

Rights Related to Automated Decision-Making: You have the right not to be subject to a decision based solely on automated processing, including profiling, that produces legal or similarly significant effects on you, unless such processing is necessary for entering into or performing a contract, authorized by law, or based on your explicit consent.

9.2 CCPA/CPRA Rights (California Residents)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):

Right to Know: You have the right to request disclosure of the categories and specific pieces of personal information we have collected about you, the categories of sources from which the information was collected, the business purpose for collecting, selling, or sharing the information, and the categories of third parties with whom we share the information.

Right to Delete: You have the right to request deletion of personal information we have collected about you, subject to certain exceptions permitted by California law.

Right to Correct: You have the right to request correction of inaccurate personal information we maintain about you.

Right to Opt Out of Sale or Sharing: You have the right to opt out of the sale of your personal information or the sharing of your personal information for cross-context behavioral advertising. Reveloom does not sell personal information and does not share personal information for behavioral advertising purposes.

Right to Limit Use of Sensitive Personal Information: You have the right to limit our use of sensitive personal information to purposes reasonably necessary to provide our Services or as otherwise permitted by the CPRA.

Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights, including by denying services, charging different prices, or providing a different quality of services.

9.3 Exercising Your Rights

To exercise any of the rights described in this Section, please submit a request to privacy@reveloom.com or through the privacy controls available in your account dashboard. We will respond to all verifiable requests within thirty (30) days (or forty-five (45) days where an extension is required under applicable law). We may need to verify your identity before fulfilling your request to protect against unauthorized access to your personal data.

You may also designate an authorized agent to submit requests on your behalf, provided you provide written authorization and we are able to verify both your identity and the agent's authorization. If you are not satisfied with our response, you have the right to lodge a complaint with the relevant supervisory authority in your jurisdiction.

10. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to recognize your browser or device, remember your preferences and settings, understand how you use our Services, and deliver relevant content and communications. Cookies are small text files stored on your device by your web browser when you visit our website. We also use web beacons, pixel tags, and local storage technologies for similar purposes.

We use the following categories of cookies: essential cookies that are strictly necessary for the operation of our website and platform; functional cookies that remember your preferences and enable personalized features; performance cookies that collect anonymous information about how our website is used to help us improve it; and analytics cookies that help us understand the effectiveness of our content and marketing. For a complete description of the specific cookies we use, please review our Cookie Policy.

When you first visit our website, we will ask for your consent to use non-essential cookies. You may withdraw this consent at any time by accessing your cookie preferences through the settings menu on our website, by clearing your browser cookies and declining consent on your next visit, or by configuring your browser to block cookies. Please note that disabling certain cookies may affect the functionality of our website and platform.

11. Security Measures

Reveloom implements comprehensive technical and organizational security measures designed to protect your personal data against unauthorized access, disclosure, alteration, or destruction. Our security program is designed in accordance with industry-recognized frameworks including SOC 2 Type II and ISO 27001 principles, and we undergo regular independent security audits.

Encryption: All data transmitted between your browser or application and our servers is encrypted using TLS 1.2 or higher. Data at rest, including personal data and customer blockchain data stored on our infrastructure, is encrypted using AES-256 encryption. Encryption keys are managed through dedicated key management systems with strict access controls and regular rotation schedules.

Access Controls: Access to personal data is restricted to Reveloom personnel who require it to perform their job functions. We implement role-based access control (RBAC), multi-factor authentication (MFA) for all production systems, privileged access management (PAM) for administrative access, and principle of least privilege throughout our infrastructure. All access is logged and subject to regular review.

Infrastructure Security: Our production infrastructure is hosted in SOC 2 Type II certified data centers with physical security controls including biometric access, 24/7 monitoring, and redundant power and cooling systems. We maintain network segmentation, intrusion detection systems (IDS), web application firewalls (WAF), and distributed denial-of-service (DDoS) protection.

Security Monitoring: We operate a continuous security monitoring program that includes real-time alerting on anomalous access patterns, regular vulnerability scanning and penetration testing, security information and event management (SIEM) integration, and a security incident response program with defined procedures for detection, containment, investigation, and notification.

Data Breach Notification: In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify you and applicable supervisory authorities within the timeframes required by applicable law. We will provide information about the nature of the breach, the categories and approximate number of individuals affected, the likely consequences, and the measures we have taken to address it.

While we take extensive measures to protect your personal data, no security measure is completely infallible. We encourage you to use strong, unique passwords for your Reveloom account, enable multi-factor authentication, and report any suspected unauthorized access to security@reveloom.com immediately.

12. Blockchain-Specific Data Considerations

As a blockchain infrastructure platform, Reveloom processes data that has unique characteristics not present in traditional software platforms. Understanding these characteristics is essential to making informed decisions about the data you submit to and through our Services.

Immutability of Blockchain Data: Data recorded on a public blockchain is immutable by design — once a transaction is confirmed and included in a block, it cannot be altered, reversed, or deleted. This fundamental characteristic of blockchain technology means that privacy rights such as the right to erasure and the right to rectification do not apply to data that has been recorded on-chain. Before submitting any personal data to a blockchain through our platform, you should carefully consider the permanent and public nature of such records.

Public Ledger Visibility: Transactions on most public blockchains are visible to anyone with access to a blockchain explorer or node. Wallet addresses, transaction amounts, smart contract interactions, and token transfers are publicly accessible. While pseudonymous, this data can potentially be linked to individuals through external analysis. Reveloom's platform provides tools for querying and analyzing this public data, but we are not responsible for the public nature of on-chain information.

Wallet Addresses and Identity: Wallet addresses used on public blockchains are not inherently tied to real-world identities; however, when you provide us with a wallet address in connection with your Reveloom account, we associate that address with your account for service delivery purposes. We treat this association as confidential personal data and protect it accordingly. We will never disclose your wallet address associations to third parties except as described in Section 6 of this Privacy Policy.

Private Keys and Seed Phrases: Reveloom will never request your private keys, seed phrases, or any cryptographic secrets associated with your blockchain accounts. You should never provide this information to anyone, including Reveloom employees or support personnel. The security of your on-chain assets is your responsibility and is beyond Reveloom's control once private key material has been compromised.

Smart Contract Data: Smart contracts deployed through our platform may collect and process data on-chain as part of their programmed logic. Reveloom is not responsible for the privacy practices embedded in smart contracts you create or deploy, and you are responsible for ensuring that your smart contracts comply with applicable privacy laws, including the requirements of GDPR where relevant.

13. Enterprise Customer Data

Enterprise customers who enter into a Master Service Agreement (MSA) or Enterprise License Agreement with Reveloom receive additional contractual protections for their data. This section summarizes our approach to enterprise data handling, but the specific terms of your enterprise agreement take precedence over this Privacy Policy with respect to the data we process on your behalf.

Data Processing Agreements: All enterprise customers receive a Data Processing Agreement (DPA) that governs Reveloom's role as a data processor with respect to any personal data of the customer's end users or employees that is processed through our platform. The DPA specifies the subject matter and duration of processing, the nature and purpose of processing, the type of personal data and categories of data subjects, and the obligations and rights of the controller (the enterprise customer).

Data Isolation: Enterprise customer data is logically isolated from the data of other customers through our multi-tenant architecture. Customers on dedicated infrastructure plans receive physical or virtual isolation of their data and processing environments. Access by Reveloom personnel to enterprise customer data is strictly limited to what is necessary for service delivery, security monitoring, and support, and is subject to audit.

Sub-processor Management: Reveloom maintains a current list of sub-processors that may have access to enterprise customer data. This list is made available to enterprise customers through the enterprise portal and is updated whenever we add or replace a sub-processor, with advance notice as specified in your DPA. Enterprise customers have the right to object to new sub-processors in accordance with their DPA terms.

Data Portability and Deletion: Upon termination of an enterprise agreement, Reveloom will provide the customer with a complete export of their data in a portable format within the timeframe specified in their agreement, and will permanently delete all customer data from our systems within thirty (30) days of the export completion, unless required by law to retain certain records for longer periods.

14. Children's Privacy

Reveloom's Services are designed for and directed exclusively to business and enterprise customers. Our platform is intended for use by professional developers, technical teams, and organizations engaged in blockchain application development and deployment. Our Services are not directed to, designed for, or intended to be used by individuals under the age of eighteen (18), and we do not knowingly collect personal data from minors.

If we learn or have reason to believe that we have inadvertently collected personal data from an individual under the age of eighteen (18), we will take prompt steps to delete that information from our systems. If you believe we may have collected personal data from a minor, please contact us immediately at privacy@reveloom.com so that we can investigate and take appropriate action.

Parents or guardians who believe their child has provided personal information to us should contact us at privacy@reveloom.com. We will cooperate with all reasonable requests to verify, correct, or delete such information and will comply with any applicable children's privacy laws including the Children's Online Privacy Protection Act (COPPA) to the extent applicable.

16. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our data practices, services, or applicable legal requirements. When we make material changes to this Privacy Policy, we will provide notice by posting the updated Privacy Policy on our website with a revised "Last Updated" date, sending an email notification to registered users, and, where required by applicable law, obtaining your consent for material changes that affect how we handle your personal data.

We encourage you to review this Privacy Policy periodically to stay informed about our data practices. Your continued use of our Services after the effective date of any updated Privacy Policy constitutes your acceptance of the changes, to the extent permitted by applicable law. If you do not agree with the changes, you should discontinue use of our Services and may request deletion of your account and personal data as described in Section 9.

For significant changes affecting enterprise customers, we will provide at least thirty (30) days advance notice through the enterprise portal and by email to the designated privacy contact on your account, allowing you time to review the changes and, if necessary, raise concerns through your account team.

17. Contact Information

If you have questions, concerns, or requests related to this Privacy Policy or our data practices, please contact us through any of the following channels:

Privacy Team:
Email: privacy@reveloom.com
Response time: Within 5 business days for general inquiries; within legally required timeframes for formal rights requests.

Postal Address:
Reveloom, Inc.
Attn: Privacy Team
101 California Street, Suite 2710
San Francisco, CA 94111
United States

For enterprise customers with specific data protection concerns, please reach out to your designated account manager, who can escalate privacy matters to our data protection team. For urgent security issues or suspected data breaches, please contact security@reveloom.com immediately.

If you are located in the European Economic Area and wish to contact our EU representative or lodge a complaint, you may also contact the relevant data protection supervisory authority in your member state. For users in the United Kingdom, the relevant authority is the Information Commissioner's Office (ICO). For users in California, you may contact the California Privacy Protection Agency (CPPA).

18. Definitions Glossary

The following definitions apply throughout this Privacy Policy:

Blockchain Data: Data recorded on or derived from a distributed ledger or blockchain network, including transaction records, smart contract code and state, wallet addresses, and block data.

Controller: An entity that determines the purposes and means of processing personal data. Reveloom acts as a controller with respect to personal data of users and website visitors.

Data Processing Agreement (DPA): A contract between a controller and a processor governing the processing of personal data on behalf of the controller, as required under Article 28 of the GDPR.

GDPR: The General Data Protection Regulation (EU) 2016/679, the primary European Union data protection law governing the processing of personal data of individuals in the EEA.

CCPA/CPRA: The California Consumer Privacy Act (California Civil Code § 1798.100 et seq.) and the California Privacy Rights Act, which provide California residents with rights over their personal information.

Personal Data: Any information that relates to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, or online identifier.

Processor: An entity that processes personal data on behalf of a controller. Reveloom acts as a processor with respect to personal data of enterprise customers' end users that is processed through our platform.

Services: The Reveloom enterprise blockchain infrastructure platform, APIs, analytics tools, smart contract development tools, documentation, website, and all related products and services provided by Reveloom, Inc.

Sub-processor: A third party engaged by Reveloom to process personal data on behalf of enterprise customers in its role as a data processor.

Supervisory Authority: An independent public authority responsible for monitoring the application of data protection law. In the EU, this is the data protection authority (DPA) designated by each member state. In the UK, this is the Information Commissioner's Office (ICO).

Technical Data: Information about a user's device, browser, network connection, and interaction with our Services that is collected automatically through cookies, log files, and similar technologies.

Usage Data: Information about how users interact with our Services, including features accessed, actions taken, and behavioral patterns observed through analytics.