Skip to content
Revorg Group

Privacy Policy

Last updated: 30 May 2026

1. Introduction

This Privacy Policy (“Policy”) describes the manner in which Revorg Group AB, org.nr 559421-1053, registered in Stockholm, Sweden (“Revorg,” “we,” “our,” or “us”), processes personal data in connection with its mobile applications, websites, and related services (collectively, the “Services”).

This Policy constitutes the master privacy framework applicable to all Services offered by Revorg worldwide. Service-specific details, including the use of particular partners, software development kits (“SDKs”), and categories of data processed, are set out in the Annexes or in product-specific notices accessible via the relevant application or app store listing.

This Policy applies to personal data only. Aggregated, statistical, or anonymised data that no longer permits the identification of an individual is not personal data and is not subject to this Policy.

2. Principles and Commitments

  • Lawfulness, fairness, and transparency: We process personal data only where a lawful basis exists under applicable law and provide transparency regarding such processing.
  • Purpose limitation: Data is collected for specified, explicit, and legitimate purposes and not further processed in a manner incompatible with those purposes.
  • Data minimisation and storage limitation: Processing is limited to what is necessary and retained only for as long as required.
  • Accuracy: We take reasonable steps to ensure that personal data is accurate and, where necessary, kept up to date.
  • Integrity and confidentiality: We implement appropriate technical and organisational measures to ensure a level of security appropriate to risk.

3. Categories of Personal Data Processed

Depending on your use of the Services and the permissions you grant, we may process:

  1. Service and Transaction Data: subscription status, purchase receipts, and settings preferences.
  2. Diagnostics and Technical Data: crash logs, application performance data, device type, operating system version, language, time zone, and IP address.
  3. Support Data: email address and the content of communications you initiate with us.
  4. Advertising and Marketing Data (optional): advertising identifiers (IDFA/GAID), IP address, campaign/attribution data, and interaction with advertising material.
  5. Health and Wellness Data (optional, on-device): with explicit consent, applications may access health data from Apple Health or Google Fit (e.g., heart rate, steps, calories, workout sessions, distance, location/GPS). Such data is processed exclusively on-device and is not uploaded to Revorg’s servers.
  6. Future Account Data (if introduced): basic profile and authentication identifiers, where a sign-in feature is provided.

For visitors of the revorg.se website specifically — including the cookies set, the use of Google Analytics, and the handling of contact-form submissions — see the Website Privacy Annex.

Sources of personal data. Most personal data is collected directly from you when you interact with the Services. In limited circumstances, we may also receive personal data about you from third parties acting as independent controllers — for example, attribution data from advertising partners indicating which campaign led to an app install, or acquisition data made available by Apple App Store or Google Play. Where we obtain personal data from sources other than you, we will, where required by Article 14 GDPR, inform you of the source within a reasonable period and no later than one month from collection.

We process personal data only where a lawful basis under the General Data Protection Regulation (Regulation (EU) 2016/679) (“GDPR”), the UK GDPR, or other applicable law is present:

  • Provision of Services (contractual necessity): to provide the Services, including purchases, support, and local notifications (Art. 6(1)(b) GDPR).
  • Diagnostics, security, and improvement (legitimate interests/legal obligation): to ensure stability, detect and prevent fraud or misuse, and improve Services (Art. 6(1)(f) and, where applicable, Art. 6(1)(c)). The specific legitimate interests pursued are: operating the Services reliably and securely, protecting our infrastructure and users from abuse, and improving product quality. These interests are balanced against your interests and fundamental rights.
  • Analytics and non-essential technologies (legitimate interests or consent): to understand usage and improve user experience; where e-privacy rules apply (including the EEA, UK, and Sweden under LEK), consent is required and obtained via the relevant on-product consent mechanism.
  • Advertising and attribution (consent): in our applications, advertising data is processed in the EEA/UK only with consent obtained via a Google-certified consent management platform (IAB TCF v2.2 compliant) such as Google UMP. The revorg.se website does not use advertising or attribution SDKs.
  • Compliance with legal obligations: to satisfy bookkeeping, tax, or regulatory obligations (Art. 6(1)(c)).

No marketing communications. Revorg does not operate a marketing email list and will not send you marketing communications unless you have explicitly requested them.

If you choose not to provide data. Where you choose not to provide personal data that is necessary for a feature or service, that feature or service may be unavailable to you — for example, we cannot respond to a contact form submitted without a valid email address, and you cannot complete a subscription purchase without the payment details required by the relevant App Store.

5. Sharing of Personal Data

Personal data may be disclosed only as strictly necessary:

  • Processors: hosting providers, crash reporting and analytics services, consent management platforms, and ad mediation partners. Named processors used for the website include Google LLC (Google Analytics 4) and Formspree, Inc. (contact-form delivery) — see the Website Privacy Annex.
  • App Stores: independent controllers such as Apple App Store and Google Play Store.
  • Advertising Partners (with consent): ad networks connected via mediation providers (e.g., ironSource/Unity LevelPlay).
  • Legal Disclosures: where required by applicable law or to protect rights, safety, and property.
  • Business Transfers: in the event of a merger, acquisition, or corporate restructuring, subject to appropriate safeguards.

6. International Transfers

Where personal data is transferred outside the European Economic Area (“EEA”), the United Kingdom, or Switzerland, we implement appropriate safeguards, including reliance on the EU-U.S. Data Privacy Framework, standard contractual clauses (SCCs) adopted by the European Commission, and supplementary measures where required.

Transfers occur in particular to the United States, in connection with services provided by:

  • Google LLC (Google Analytics 4 on the website; Firebase Analytics & Crashlytics, Google UMP, Firebase Remote Config & Firestore in applications) — relied on under the EU-U.S. Data Privacy Framework.
  • Formspree, Inc. (contact-form delivery on the website) — relied on under SCCs.
  • Meta Platforms, Inc. (advertising attribution in applications, where consented) — relied on under SCCs.
  • Ad-network partners mediated via ironSource/Unity LevelPlay (in applications, where consented) — relied on under each partner’s published transfer safeguards.

You may request a copy of the relevant safeguards by emailing wecare@revorg.se.

7. Data Retention

Personal data is retained only for as long as necessary for the purposes set out in this Policy or as required under applicable law:

  • Analytics and advertising data: retained while consent remains valid; deleted thereafter per partner policies.
  • Crash and diagnostics logs: retained for up to 90 days or the minimum necessary period.
  • Transaction records: retained for seven (7) years in accordance with Swedish accounting and tax legislation.
  • Health and wellness data: retained on-device only; not transmitted to Revorg.

8. Data Subject Rights

Depending on jurisdiction, you may have the right to:

  • Access, rectify, erase, restrict, or object to processing.
  • Withdraw consent without affecting prior processing.
  • Data portability (GDPR/UK GDPR).
  • Lodge a complaint with a supervisory authority (e.g., IMY in Sweden, ICO in the UK).

U.S. Residents (California, Virginia, Colorado, Connecticut, etc.): You may have additional rights, including the right to know (about data collected over the preceding 12 months), delete, correct, opt-out of sale or sharing, and limit the use of sensitive personal information. A “Do Not Sell or Share My Personal Information” mechanism is provided in the app’s settings.

Automated Decision-Making. Revorg does not engage in automated decision-making, including profiling, that produces legal effects concerning you or similarly significantly affects you within the meaning of Article 22 GDPR.

9. Children’s Privacy

The Services are not directed to children under 13 years of age in Sweden or any jurisdiction where a higher age threshold (up to 16) applies under local law. We rely on app store age ratings to communicate age restrictions and, where applicable, enforce stricter requirements. If we learn that personal data of a child below the relevant age has been collected without appropriate consent, it will be deleted without undue delay.

10. Security Measures

Revorg implements appropriate technical and organisational measures, including encryption in transit, access controls, and vulnerability management. No system is entirely secure, but we maintain incident response procedures and will notify authorities and affected individuals of personal data breaches in accordance with applicable law.

11. Changes to this Policy

We may amend this Policy from time to time. The “Last Updated” date will reflect the revision. For material changes, we will provide notice via the Services and obtain consent where required by law.

12. Contact

Revorg has not appointed a Data Protection Officer, as the scale and nature of our processing does not trigger the requirement under Article 37 GDPR. For privacy-related enquiries — including questions about this Policy, requests to exercise your rights, or matters requiring confidential handling — contact us via email:

wecare@revorg.se

Annex A — Retention Schedule

Data CategoryTypical Retention PeriodNotes
Analytics & Advertising/Attribution Data (subject to consent)Retained only while consent is active; deleted or stopped per partner retention policies once consent is withdrawn.Applies to SDK data such as Firebase Analytics, Meta SDK, and mediation partners.
Crash & Stability LogsRetained for the minimum period necessary for diagnostics, typically up to 90 days.Deleted once no longer required for service integrity.
Consent & Opt-out Records (CMP)Retained as long as required to demonstrate compliance.Stored under Google UMP/IAB TCF signals.
Purchase/Transaction RecordsSeven (7) years.Required under Swedish bookkeeping and tax legislation.
Health & Wellness DataNot retained by Revorg. Stored and processed exclusively on-device.Revorg servers never store or access this data.
Contact Form Messages (revorg.se)24 months for general enquiries; up to 7 years for messages that lead to a commercial engagement.Processed via Formspree, Inc. as detailed in the Website Privacy Annex. Swedish bookkeeping retention applies to records that form part of a commercial relationship.
Website Analytics Cookie (_ga)Up to 2 years on your device, or until cleared.Only set after consent; deleted by clearing browser site data for revorg.se.

Annex B — SDKs and Partners

The following partners and SDKs are used across Revorg Services. Specific use in a given product is detailed in Annex D (Product-Specific Privacy Notices).

  • Google Analytics 4 / gtag.js (Google LLC) — website (revorg.se) — measures aggregate page views and on-site events (e.g. when a visitor reaches or submits the contact form). The Google Analytics library is not loaded until the visitor clicks Accept on the on-site consent banner. Declining means no Google scripts are loaded and no data leaves your device.
    • Legal basis: Consent (Art. 6(1)(a) GDPR; Swedish LEK).
    • Data: anonymised IP, page paths, referrer, device and browser metadata, and a first-party _ga cookie that identifies a return visitor for up to two years.
    • Controls: in-page consent banner; clear browser cookies and site data to revoke.
  • Firebase Analytics & Crashlytics (Google LLC) — diagnostics, usage analytics, crash reporting.
    • Legal basis: Consent (EEA/UK) for analytics; legitimate interest for essential stability/crash uses.
    • Controls: in-app consent (Google UMP), device settings.
  • Google UMP (Consent Management Platform) — presents consent UI and communicates IAB TCF v2.2 signals. Required for Google ads in EEA/UK.
  • ironSource/Unity LevelPlay — ad mediation; forwards consent status to supported ad networks.
    • Legal basis: Consent (EEA/UK).
  • Meta SDK — attribution and advertising measurement. Runs in the EEA/UK only after consent is obtained.
  • Firebase Remote Config & Firestore (Google LLC) — remote app configuration (read-only). No write access from user devices.
  • Formspree (Formspree, Inc.) — website (revorg.se) — relays contact-form submissions to Revorg by email. Acts as a processor on Revorg’s behalf.
    • Legal basis: Contract / pre-contractual measures (Art. 6(1)(b)) and legitimate interest in operating the form securely (Art. 6(1)(f)).
    • Data: name, email, organisation (if provided), message content, submission timestamp, and IP (collected by Formspree for anti-spam).
    • Controls: do not submit the form; or request deletion via wecare@revorg.se.

Note: This list is non-exhaustive and will be updated as SDKs or partners change. Product-specific partners are disclosed in Annex D.

Annex C — International & Regional Notes

  • European Union / EEA: Processing of personal data complies with the GDPR and Swedish complementary legislation, including the Act on Electronic Communications (LEK) for cookies/SDKs. Data subjects may lodge complaints with the Swedish Authority for Privacy Protection (IMY).
  • United Kingdom: “GDPR” includes the UK GDPR and the Data Protection Act 2018. Residents may lodge complaints with the Information Commissioner’s Office (ICO).
  • Switzerland: Revorg complies with the Swiss Federal Act on Data Protection (FADP).
  • United States:
    • California, Virginia, Colorado, Connecticut and other state laws grant rights to access, delete, correct, opt-out of sale/sharing, and limit the use of sensitive personal information.
    • Revorg provides a “Do Not Sell or Share My Personal Information” link in applicable applications.
    • Health data remains on-device and is not processed in a manner requiring SPI restrictions.
  • Other Regions: Where local law provides additional rights or obligations, Revorg will comply accordingly.

Annex D — Product-Specific Privacy Notices

Certain Services have additional or different data processing practices. These are described in separate product-specific privacy notices, which form part of this Privacy Policy.