Reverly

Privacy Policy

Last updated: June 2026

What we collect

Reverly is a data-analysis tool for café operators that connects to Deputy on your behalf. We collect only what we need to deliver the product:

  • Account data — your email address, café group name, and a hashed password / session token. We do not store plaintext passwords.
  • Deputy data — roster, timesheet, sales, journal and task records pulled via Deputy's OAuth API under the scopes you approved. We never ask for or store your Deputy password.
  • Derived analytics — labour percentages, employee performance scores, anomaly flags and AI-generated summaries calculated from the data above.
  • Usage logs — basic request logs (timestamps, IP, endpoint, status code) retained for 30 days to debug issues and detect abuse.

How we use it

Your data is used to power the Reverly dashboard for your own organisation. We do not sell it, share it with advertisers, or train external AI models on it.

Anonymised, aggregated industry benchmarks (e.g. median labour % across the network) may be calculated from your data, but individual rows are never exposed to other customers.

Sub-processors

We use the following trusted vendors to deliver the service:

  • Supabase (database, auth) — data stored in Sydney, AU region.
  • Vercel (application hosting) — Sydney edge region.
  • OpenAI (AI summaries) — operational data is sent to OpenAI's API to generate weekly plans and insights. Per OpenAI's API policy this data is not used to train their models.
  • Resend (transactional email) — used only for magic-link sign-in emails.

Retention and deletion

We retain your operational data while your account is active. You can request a full export or deletion at any time by emailing hello@reverly.app. Upon cancellation we delete from our active systems within 30 days; encrypted backups expire within 90 days.

Security

All data is encrypted in transit (TLS 1.2+) and at rest (AES-256 via Supabase). Row-Level Security policies ensure each customer can only access their own organisation's rows.

Your rights

Under New Zealand's Privacy Act 2020 (and equivalent Australian and EU regulations) you can request access to, correction of, or deletion of your personal data. We aim to respond to requests within 5 working days.

Contact

Questions about this policy: hello@reverly.app.