Privacy Policy
Last updated: May 13, 2026
Notice: This is a courtesy translation of the original Portuguese version. In the event of any discrepancy or ambiguity, the Portuguese version shall prevail.
Raveki respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store and protect your information when you use the Raveki platform (“Service”) and our website at www.raveki.com (“Website”).
1. Data Controller
The data controller for your personal data is Raveki. Legal entity information will be updated in this policy once the incorporation process is completed.
Contact email: hello@raveki.com
2. Data We Collect
2.1. Data provided by you
- Registration: name and email address;
- Payment: payment data is processed directly by Stripe. Raveki does not store nor has access to credit or debit card numbers.
2.2. Integration data
When you connect your marketing platforms (Google Analytics, Google Ads, Google Search Console, Google Business Profile, Facebook Ads Manager, Instagram), we access — exclusively in read-only mode — the data from those platforms, including:
- Traffic, behaviour and conversion metrics;
- Advertising campaign data and respective performance;
- Social media metrics (reach, engagement, audience);
- Search and organic visibility data;
- Local business profile data.
We do not access personal information of your customers or visitors. The data collected consists of aggregated and performance metrics.
2.2.1. Meta Permissions (Facebook and Instagram)
For the Meta integrations (Facebook Ads Manager and Instagram), we request the following OAuth permissions, each with a specific purpose:
ads_read— Read Meta Ads campaigns, budgets and performance metrics, to present advertising investment analyses;instagram_basic— Identify the Instagram Business account and read basic metadata (username, associated account);instagram_manage_insights— Reach, engagement and audience metrics for posts on the Instagram Business account;pages_show_list— List the Pages the user administers, required so the user can choose which Page to connect;pages_read_engagement— Engagement metrics (likes, comments, shares) on the user’s Pages.
The data collected serves exclusively to populate the analyses presented in the user’s Raveki dashboard. It is not shared, sold, nor used for any other purpose.
2.2.2. Google Permissions
For the Google integrations (Google Analytics, Google Ads, Google Search Console, Google Business Profile), we request the following OAuth permissions, each with a specific purpose:
analytics.readonly— Read Google Analytics 4 metrics and dimensions (sessions, users, conversions, traffic sources) for the user’s properties;adwords— Read Google Ads campaigns, budgets, ads, keywords and performance metrics. Read-only operations, despite the scope name not indicating so;webmasters.readonly— Read Google Search Console data (impressions, clicks, queries, average position) for the user’s verified properties;business.manage— Read Google Business Profile data (reviews, queries, calls, visibility metrics). Read-only operations, despite the scope name suggesting management.
Compliance with the Google API Services User Data Policy
Raveki’s use of Google API data is governed by the Google API Services User Data Policy, including the Limited Use requirements. Specifically:
- Google data is used exclusively to provide and improve user-facing features within the Raveki dashboard;
- We do not transfer Google data to third parties, except:
- When necessary to provide or improve user-facing features (e.g., cloud infrastructure);
- To comply with applicable legal obligations;
- We do not use Google data for advertising, profiling for advertising purposes, or to train general-purpose artificial intelligence models;
- Humans do not access the user’s Google data, except:
- With the user’s explicit consent (e.g., support request);
- For investigation of security incidents or abusive use;
- To comply with applicable legal obligations;
- When data is anonymously aggregated for internal operational analyses.
2.3. Data collected automatically on the Website
On the website www.raveki.com we use:
- Google Analytics — to understand how visitors use the website (pages visited, visit duration, traffic source);
- Microsoft Clarity — to analyse interaction patterns (heat maps, anonymised session recordings, clicks).
These services may collect data such as IP address (anonymised), browser type, operating system and device type.
On the Raveki platform (portal.raveki.com) we do not use third-party analytics tools.
3. How We Use Your Data
We use the collected data to:
- Provide the Service — process and analyse your platform data, generate the Momentum Score, send notifications and deliver AI-powered analyses;
- Maintain your account — authentication, session management and transactional communications (email verification, password recovery, system alerts);
- Process payments — subscription management and billing through Stripe;
- Improve the Service — understand website usage patterns to enhance the experience.
We do not use your data to:
- Send unsolicited marketing communications;
- Train general-purpose artificial intelligence models;
- Share or sell your data to third parties for advertising purposes;
- Create user profiles for advertising targeting.
4. Artificial Intelligence
The Raveki Intelligence feature processes your integration data to generate analyses and recommendations. In this context:
- The AI operates exclusively on your individual data;
- Your data is not used to train models for other customers;
- Your data is not shared between accounts;
- AI processing is performed on Raveki’s infrastructure in the European Union.
5. Legal Basis for Processing
The processing of your personal data is based on the following legal grounds, as per the General Data Protection Regulation (GDPR):
| Purpose | Legal Basis |
|---|---|
| Provision of the Service | Performance of contract (Art. 6(1)(b)) |
| Payment processing | Performance of contract (Art. 6(1)(b)) |
| Transactional communications | Performance of contract (Art. 6(1)(b)) |
| Billing data retention | Legal obligation (Art. 6(1)(c)) |
| Website analytics | Legitimate interest (Art. 6(1)(f)) |
| Security and fraud prevention | Legitimate interest (Art. 6(1)(f)) |
6. Data Sharing
We share your data only with the following third parties, strictly necessary for providing the Service:
| Sub-processor | Purpose | Location |
|---|---|---|
| Microsoft Azure | Hosting and infrastructure | European Union |
| Stripe | Payment processing | USA (with Standard Contractual Clauses) |
| Google Analytics | Website analytics | USA (with Standard Contractual Clauses) |
| Microsoft Clarity | Website analytics | USA (with Standard Contractual Clauses) |
We do not sell, rent or share your personal data with third parties for commercial purposes.
For sub-processors located outside the European Union, we ensure that adequate transfer mechanisms are in place, namely Standard Contractual Clauses approved by the European Commission.
7. Data Retention
| Data Type | Retention Period |
|---|---|
| Integration data (snapshots, history, metrics) | Retained while the subscription is active and until explicit deletion request |
| Aggregated metrics and analyses | Same |
| Account data (name, email, preferences) | Same |
| Billing and tax data | Indefinite — legal obligation (minimum 10 years, per Portuguese tax law) |
| Security and audit logs | Up to 12 months |
| Website analytics data | Per Google Analytics and Microsoft Clarity policies |
7.1. Cancellation ≠ Deletion
Cancelling your subscription does not automatically delete your personal and operational data. This separation is deliberate: it allows you to resume your subscription later while keeping your analytics history. If you want your data effectively deleted, you must explicitly request it as described in section 7.2.
7.2. Data Deletion Request
You may request deletion of your data at any time. To protect your account against unauthorised deletions, the process follows a two-step validation:
- Initiate the request from the Raveki portal — Settings → Account → Delete account. This step is mandatory and marks the account as pending deletion;
- (Optional) Confirmation by email — after initiating the request from the portal, you may send an email to hello@raveki.com to confirm. Deletion requests received by email without having been previously initiated from the portal are not processed — this double validation protects against unauthorised access to your account;
- Revoking access via Facebook — removing Raveki from Settings → Apps and Websites on Facebook revokes Raveki’s access to your Facebook account (we stop reading new Meta data). Meta data already collected will only be deleted if you also request deletion from the portal, as described in step 1.
Upon a valid deletion request:
- The account enters a pending deletion (soft delete) state for 30 (thirty) days, during which the request can be reversed by contacting us;
- After the 30-day period, deletable personal and operational data is permanently erased;
- Billing and tax data are retained for the legally required period, even after account deletion. This includes issued invoices and payment records associated with tax obligations.
8. Security
We implement technical and organisational measures to protect your data, including:
- Encryption in transit — all communications use TLS/SSL;
- Encryption at rest — stored data is encrypted;
- Secure authentication — we access your platforms exclusively through each provider’s official OAuth mechanisms;
- No credential storage — we never permanently store your passwords or access tokens for third-party platforms;
- Restricted access — data access is limited to what is strictly necessary to operate the Service.
9. Your Rights
Under the GDPR, you have the following rights regarding your personal data:
- Access — request information about the data we process;
- Rectification — request correction of inaccurate or incomplete data;
- Erasure — request deletion of your data (“right to be forgotten”), subject to legal retention obligations;
- Portability — request export of your data in a structured, commonly used format;
- Objection — object to processing of your data when based on legitimate interest;
- Restriction — request restriction of processing in certain circumstances;
- Withdrawal of consent — where processing is based on consent, you may withdraw it at any time.
To exercise any of these rights, contact us at hello@raveki.com. We will respond within 30 days.
You also have the right to lodge a complaint with the Portuguese Data Protection Authority (CNPD) at www.cnpd.pt.
10. Cookies
10.1. Website (www.raveki.com)
The website uses cookies for:
- Essential cookies — language preference;
- Analytics cookies — Google Analytics and Microsoft Clarity, to understand how the website is used.
10.2. Platform (portal.raveki.com)
The platform uses only cookies strictly necessary for the operation of the Service:
- Session — maintaining the authenticated session;
- Preferences — language and user settings.
We do not use advertising or tracking cookies on the platform.
10.3. Cookie Management
You can manage your cookie preferences through your browser settings. Disabling essential cookies may affect the operation of the Service.
11. Children
The Service is not intended for individuals under 18 years of age. We do not knowingly collect personal data from minors. If we become aware that we have collected data from a minor, we will delete that information immediately.
12. Changes to this Policy
We reserve the right to update this Privacy Policy. Significant changes will be communicated by email or through the Service at least 15 days in advance.
The date of the last update is indicated at the top of this page.
13. Contact
For questions related to privacy or data protection, you may contact us at:
Email: hello@raveki.com
This Privacy Policy was originally written in Portuguese, which is the official and legally binding version. This English translation is provided for convenience only.