Skip to content
reveren
PricingManifestoGitHub
Legal

Privacy policy

Last updated: May 2026 · Pre-launch

Reveren Pty Ltd ("reveren", "we", "us") is an Australian company building a developer tool that runs on your machine. This page explains what we collect, what we don't, and what changes when the hosted dashboard ships.

What we collect today

Waitlist email. If you submit your email through the waitlist form, we store it for one purpose: to email you when the public CLI ships, plus occasional product updates that you can unsubscribe from with a single click.

Server logs.Our marketing site is hosted on Vercel. Vercel records standard request logs (IP address, user agent, URL, timestamp) for abuse protection and uptime. We don't keep our own copy and we don't join those logs to the waitlist email list.

That's it.We don't run analytics, we don't set tracking cookies, we don't embed third-party pixels, and we don't fingerprint visitors. The site is deliberately quiet.

What the CLI sends us

Nothing, by default. The reveren CLI runs locally on your machine. It reads your repository, calls whichever coding agent you already pay for (Claude, OpenAI, GitHub Copilot, etc.) using your API keys, and writes results back to your filesystem. Your keys, prompts, code, and agent responses do not round-trip through any reveren server.

If a future opt-in telemetry feature is added — for example, to help us understand which protocols people actually run — it will be disabled by default, prompted on first run, and documented inline in the CLI's output before any data leaves your machine.

What changes when the hosted dashboard launches

The Phase 1 dashboard introduces accounts, billing, and the private protocol registry. When that ships, this page will expand to cover:

  • Account data. Name and email from your OAuth provider (GitHub or Google), authenticated via Auth.js. We do not receive or store your OAuth password.
  • Billing data. Stripe processes payments. We receive a Stripe customer ID and subscription state; we never see your card number.
  • Usage metering. When the CLI is signed in to a paid plan, we record which protocol ran, against which repository identifier (a hash, not the source), how long it took, and which model provider was invoked. We do not record your prompts, your code, or model responses.
  • Audit log.Team and Enterprise tiers include an audit log of who ran what and when. The audit log is yours; we expose it to you and don't share it.

Until the dashboard launches, none of the above is collected.

Subprocessors

We rely on a small set of vendors to operate the site and (at launch) the dashboard. Current and planned subprocessors:

  • Vercel — site hosting and edge delivery (today).
  • Neon — managed Postgres for the waitlist and, at launch, application data (encrypted at rest, TLS in transit).
  • Auth.js providers — GitHub and Google OAuth (at launch).
  • Stripe — payment processing (at launch).
  • Resend or equivalent transactional email provider — magic links and account email (at launch).

A current list with regions and roles is maintained on the Data Processing Agreement page and refreshed when it changes.

Cookies

The marketing site sets no cookies. When the dashboard launches, it will use a single first-party session cookie set by Auth.js to keep you signed in; that cookie is strictly necessary for the dashboard to function. We do not use behavioural advertising cookies and we don't plan to.

Your rights

You can ask us to access, correct, export, or delete the personal information we hold about you at any time. Email hello@reveren.ai and we will respond within 30 days. If your request is to delete a waitlist email, expect it to be removed within five business days.

Australian users. We comply with the Australian Privacy Principles set out in the Privacy Act 1988 (Cth). If you believe we have mishandled your personal information, write to us first; if you are not satisfied with our response, you may complain to the Office of the Australian Information Commissioner (OAIC).

UK and EU users. Where the UK GDPR or EU GDPR applies, our lawful bases for processing are: performance of a contract (to operate the service you signed up for), legitimate interests (to keep the site running and abuse-free), and consent (for the waitlist email and any future opt-in telemetry). You may lodge a complaint with your local data protection authority.

Retention

Waitlist emails are kept until the launch announcement is sent or you unsubscribe, whichever is sooner; either deletes the row. Vercel request logs are retained per Vercel's default. At launch, account data is retained while the account is active and deleted within 30 days of account closure, except where retention is required by law (for example, tax records on Stripe invoices).

International transfers

Reveren is incorporated in Australia, and our subprocessors operate globally — Vercel and Neon serve from infrastructure in the United States and other regions. Where we transfer personal data out of a jurisdiction that requires safeguards, we rely on the standard contractual mechanisms our subprocessors offer (UK IDTA, EU SCCs) and on the public privacy commitments those vendors make.

Children

Reveren is a developer tool not directed at children under 16. We don't knowingly collect personal information from children. If you believe a child has submitted information to us, email hello@reveren.ai and we will delete it.

Security

Our security posture, current and at launch, is documented on the Security page. To report a vulnerability, email security@reveren.ai; we acknowledge within 72 hours.

Changes to this policy

We'll update this page when our practices change — most notably when the hosted dashboard launches. Material changes will be flagged in the "Last updated" line above; if you have an account, we'll also email you.

Contact

Questions, requests, or complaints: hello@reveren.ai.

Reveren Pty Ltd (ACN to be assigned on incorporation), Australia.