Revorg Group AB – Privacy Policy

Last Updated: 25.08.2025

1. Introduction

This Privacy Policy (“Policy”) describes the manner in which Revorg Group AB, org.nr 559421-1053, with its registered office at Fredens Torg 4b,174 53 Sundbyberg, Sweden (“Revorg,” “we,” “our,” or “us”), processes personal data in connection with its mobile applications, websites, and related services (collectively, the “Services”).

This Policy constitutes the master privacy framework applicable to all Services offered by Revorg worldwide. Service-specific details, including the use of particular partners, software development kits (“SDKs”), and categories of data processed, are set out in the Annexes or in product-specific notices accessible via the relevant application or app store listing.

2. Principles and Commitments

  • Lawfulness, fairness, and transparency: We process personal data only where a lawful basis exists under applicable law and provide transparency regarding such processing.

  • Purpose limitation: Data is collected for specified, explicit, and legitimate purposes and not further processed in a manner incompatible with those purposes.

  • Data minimisation and storage limitation: Processing is limited to what is necessary and retained only for as long as required.

  • Accuracy: We take reasonable steps to ensure that personal data is accurate and, where necessary, kept up to date.

  • Integrity and confidentiality: We implement appropriate technical and organisational measures to ensure a level of security appropriate to risk.

3. Categories of Personal Data Processed

Depending on your use of the Services and the permissions you grant, we may process:

  1. Service and Transaction Data: subscription status, purchase receipts, and settings preferences.

  2. Diagnostics and Technical Data: crash logs, application performance data, device type, operating system version, language, time zone, and IP address.

  3. Support Data: email address and the content of communications you initiate with us.

  4. Advertising and Marketing Data (optional): advertising identifiers (IDFA/GAID), IP address, campaign/attribution data, and interaction with advertising material.

  5. Health and Wellness Data (optional, on-device): with explicit consent, applications may access health data from Apple Health or Google Fit (e.g., heart rate, steps, calories, workout sessions, distance, location/GPS). Such data is processed exclusively on-device and is not uploaded to Revorg’s servers.

  6. Future Account Data (if introduced): basic profile and authentication identifiers, where a sign-in feature is provided.

4. Purposes of Processing and Legal Bases

We process personal data only where a lawful basis under the General Data Protection Regulation (Regulation (EU) 2016/679) (“GDPR”), the UK GDPR, or other applicable law is present:

  • Provision of Services (contractual necessity): to provide the Services, including purchases, support, and local notifications (Art. 6(1)(b) GDPR).

  • Diagnostics, security, and improvement (legitimate interests/legal obligation): to ensure stability, detect and prevent fraud or misuse, and improve Services (Art. 6(1)(f) and, where applicable, Art. 6(1)(c)).

  • Analytics and non-essential technologies (legitimate interests or consent): to understand usage and improve user experience; where e-privacy rules apply, consent is required.

  • Advertising and attribution (consent): in the EEA/UK, advertising data is processed only with consent obtained via a Google-certified consent management platform (IAB TCF v2.2 compliant).

  • Compliance with legal obligations: to satisfy bookkeeping, tax, or regulatory obligations (Art. 6(1)(c)).

5. Sharing of Personal Data

Personal data may be disclosed only as strictly necessary:

  • Processors: hosting providers, crash reporting and analytics services, consent management platforms, and ad mediation partners.

  • App Stores: independent controllers such as Apple App Store and Google Play Store.

  • Advertising Partners (with consent): ad networks connected via mediation providers (e.g., ironSource/Unity LevelPlay).

  • Legal Disclosures: where required by applicable law or to protect rights, safety, and property.

  • Business Transfers: in the event of a merger, acquisition, or corporate restructuring, subject to appropriate safeguards.

6. International Transfers

Where personal data is transferred outside the European Economic Area (“EEA”), the United Kingdom, or Switzerland, we implement appropriate safeguards, including reliance on the EU-U.S. Data Privacy Framework, standard contractual clauses adopted by the European Commission, and supplementary measures where required

7. Data Retention

Personal data is retained only for as long as necessary for the purposes set out in this Policy or as required under applicable law:

  • Analytics and advertising data: retained while consent remains valid; deleted thereafter per partner policies.

  • Crash and diagnostics logs: retained for up to 90 days or the minimum necessary period.

  • Transaction records: retained for seven (7) years in accordance with Swedish accounting and tax legislation.

  • Health and wellness data: retained on-device only; not transmitted to Revorg.

8. Data Subject Rights

Depending on jurisdiction, you may have the right to:

  • Access, rectify, erase, restrict, or object to processing.

  • Withdraw consent without affecting prior processing.

  • Data portability (GDPR/UK GDPR).

  • Lodge a complaint with a supervisory authority (e.g., IMY in Sweden, ICO in the UK).

U.S. Residents (California, Virginia, Colorado, Connecticut, etc.): You may have additional rights, including the right to know (about data collected over the preceding 12 months), delete, correct, opt-out of sale or sharing, and limit the use of sensitive personal information. A “Do Not Sell or Share My Personal Information” mechanism is provided in the app’s settings.

9. Children’s Privacy

The Services are not directed to children under 13 years of age in Sweden or any jurisdiction where a higher age threshold (up to 16) applies under local law. We rely on app store age ratings to communicate age restrictions and, where applicable, enforce stricter requirements. If we learn that personal data of a child below the relevant age has been collected without appropriate consent, it will be deleted without undue delay.

10. Security Measures

Revorg implements appropriate technical and organisational measures, including encryption in transit, access controls, and vulnerability management. No system is entirely secure, but we maintain incident response procedures and will notify authorities and affected individuals of personal data breaches in accordance with applicable law.

11. Changes to this Policy

We may amend this Policy from time to time. The “Last Updated” date will reflect the revision. For material changes, we will provide notice via the Services and obtain consent where required by law.

12. Contact

For any questions regarding this Policy, to exercise your rights, or for any other privacy-related matters, please contact us:
Revorg Group AB
Email: wecare@revorg.se

Annex A – Retention Schedule

Data Category

Typical Retention Period

Notes

Analytics & Advertising/Attribution Data (subject to consent)

Crash & Stability Logs

Consent & Opt-out Records (CMP)

Purchase/Transaction Records

Health & Wellness Data

Retained only while consent is active; deleted or stopped per partner retention policies once consent is withdrawn.

Retained for the minimum period necessary for diagnostics, typically up to 90 days.

Retained as long as required to demonstrate compliance.

Seven (7) years.

Not retained by Revorg. Stored and processed exclusively on-device.

Applies to SDK data such as Firebase Analytics, Meta SDK, and mediation partners.

Deleted once no longer required for service integrity.

Stored under Google UMP/IAB TCF signals.

Required under Swedish bookkeeping and tax legislation.

Revorg servers never store or access this data.

Annex B – SDKs and Partners

The following partners and SDKs are used across Revorg Services. Specific use in a given app is detailed in Annex C (Per-App Privacy Details).

  • Firebase Analytics & Crashlytics (Google LLC) – diagnostics, usage analytics, crash reporting.

    • Legal basis: Consent (EEA/UK) for analytics; legitimate interest for essential stability/crash uses.

    • Controls: in-app consent (Google UMP), device settings.

  • Google UMP (Consent Management Platform) – presents consent UI and communicates IAB TCF v2.2 signals. Required for Google ads in EEA/UK.

  • ironSource/Unity LevelPlay – ad mediation; forwards consent status to supported ad networks.

    • Legal basis: Consent (EEA/UK).

  • Meta SDK – attribution and advertising measurement. Runs in the EEA/UK only after consent is obtained.

  • Firebase Remote Config & Firestore (Google LLC) – remote app configuration (read-only). No write access from user devices.


Note: This list is non-exhaustive and will be updated as SDKs or partners change. App-specific partners are disclosed in the per-project annex.

Annex C – International & Regional Notes

  • European Union / EEA: Processing of personal data complies with the GDPR and Swedish complementary legislation, including the Act on Electronic Communications (LEK) for cookies/SDKs. Data subjects may lodge complaints with the Swedish Authority for Privacy Protection (IMY).

  • United Kingdom: “GDPR” includes the UK GDPR and the Data Protection Act 2018. Residents may lodge complaints with the Information Commissioner’s Office (ICO).

  • Switzerland: Revorg complies with the Swiss Federal Act on Data Protection (FADP).

  • United States:

    • California, Virginia, Colorado, Connecticut and other state laws grant rights to access, delete, correct, opt-out of sale/sharing, and limit the use of sensitive personal information.

    • Revorg provides a “Do Not Sell or Share My Personal Information” link in applicable applications.

    • Health data remains on-device and is not processed in a manner requiring SPI restrictions.

  • Other Regions: Where local law provides additional rights or obligations, Revorg will comply accordingly.