Menu

Privacy Policy

Table of contents

Effective date: May 25, 2026

Last Updated: May 25, 2026

Introduction

This Privacy Policy explains how Reviport (the “Service”) collects, uses, discloses, and protects personal data when you visit our website or use the Reviport web application (together, the “Service”). It also describes your privacy rights and how to exercise them.

Service provider / controller details. The Service is operated by the person or entity identified in the Reviport Legal Notice (/legal-notice) (the “Service Provider”). The Legal Notice is referenced only for identification/contact details. For privacy questions or requests, you can also contact us at support@reviport.com.

1. Scope and who this applies to

This Privacy Policy applies to personal data processed by Reviport when you:

(a) visit our website;
(b) create an account and use the Reviport web application;
(c) contact us for support; or
(d) otherwise interact with the Service.

Reviport processes your personal data in accordance with the General Data Protection Regulation (GDPR) (EU Regulation 2016/679) and other applicable privacy laws.

If we release mobile applications or additional features in the future, this Privacy Policy will also apply to those services unless a separate notice is provided.

Eligibility

Reviport is intended for adults. You must be at least 18 years old to use Reviport. We do not knowingly collect personal data from anyone under 18.

Systems and data separation

Reviport currently operates two main systems: (1) a WordPress system (website and account registration/login context) and (2) an application backend (APIs and app database). Depending on feature usage, personal data may be stored in one or both systems. Security controls are applied across systems, but technical implementation may differ by subsystem. Reviport reserves the right to use multiple systems and infrastructure components to operate the Service, and personal data may be processed across these systems as necessary.

2. Information we collect

2.1 Information you provide to us

  • Account information: first name, email address, and password (stored as a password hash).
  • Profile and settings data: user preferences, portfolio currency, formatting preferences, and account metadata.
  • Policy acceptance records: records that you agreed to the Terms and Conditions and related policies, with timestamp and version where available.
  • Communications: messages you send to support or feedback you submit.
  • Preferences: your marketing and feedback email opt-in/out choices within the Service settings.
  • Portfolio and transaction data you choose to save in the Service (for example: date, transaction type, ticker, amount, currency, price, quantity, exchange rate, fees, and notes).
  • CSV imports: the original CSV file is processed in your browser and is not uploaded to our servers. After you map columns, review the data, and confirm the import, we upload and store only the rows/fields you choose to save (for example: ticker, quantity, price, dates, and related fields) so the Service can perform calculations and provide features.
  • User ticker metadata and dividend preferences.
  • Derived calculation outputs (for example: portfolio totals, allocations, historical performance, and recalculation state).

 

Important notes about content you upload. The Service is not designed for storing sensitive personal data (for example: government identifiers, financial account numbers, health data, or other sensitive categories). Please do not upload sensitive personal data into notes, CSV files, or other fields. If you choose to input or track information relating to third parties, you are responsible for ensuring you have the necessary rights, permissions, and authorizations to do so. We do not intentionally collect or process special categories of personal data (as defined under GDPR), and you should not provide such data through the Service.

We implement validation to reduce the chance that incorrectly mapped data is saved (for example, numeric validation for quantity fields). However, because you control what you enter and what you choose to save, you should review your imports carefully before uploading.

2.2 Information we collect automatically

  • Usage data: pages or screens you view, features you use, actions you take in the Service, and timestamps.
  • Device and connection data: IP address, browser type, device identifiers (where available), operating system, language, and referring/exit pages.
  • Cookies and similar technologies: essential cookies (for example, authentication/session), consent-preference cookies, and (with your consent where required) analytics cookies. You can see an up-to-date cookie list in the cookie consent banner/preference center (CookieYes).
  • Security logs: we may record IP addresses and event details related to authentication and security (for example, failed login attempts) to protect the Service and users.
  • Technical and diagnostic data: error logs, performance metrics, and service health/ops telemetry (with sensitive-value redaction where feasible).
  • Browser storage data: limited local/session storage values used for app functionality (for example, caching and temporary workflow flags).
  • Consent records: your cookie consent choices and consent-category state (for example, analytics consent) managed through CookieYes.

2.3 Information from third parties

We receive limited information from third-party providers we use to operate the Service, such as:

  • Payment and subscription information from Paddle (for example: subscription status, product purchased, billing country, and invoice/transaction references). We do not receive or store full payment card numbers.
  • Abuse-prevention and risk signals from reCAPTCHA v3.

 

We may display content that links to third-party sites (for example, external news publishers). If you click those links, the third party’s privacy policy will govern their processing.

The categories above are indicative and may vary depending on how you use the Service.

3. How we use your information

We use personal data for the following purposes:

  • Provide and operate the Service (account creation, authentication, importing and saving portfolio/trade history data, calculations, and customer support).
  • Process subscriptions and manage billing-related events (via Paddle).
  • Maintain, troubleshoot, and improve the Service (including debugging and product analytics where enabled).
  • Secure the Service, detect and prevent fraud/abuse, and enforce our Terms and other agreements.
  • Send communications: transactional/service messages (for example, security or billing notices) and, if you opt in, marketing or product update messages and user feedback requests.
  • Comply with legal obligations and respond to lawful requests.
  • Sanctions and export-control compliance: to comply with applicable sanctions and export-control laws and to enforce related restrictions in our Terms (for example, by assessing jurisdiction/location-related signals such as IP address and billing country and restricting access where required).

 

We may also create and use aggregated and/or de-identified information (for example, aggregated usage metrics) for analytics, improvements, and reporting. Where information is truly aggregated or de-identified, it is not personal data.

4. Legal bases for processing (EEA/UK/Switzerland)

If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, we process personal data only when we have a lawful basis, including:

  • Contract: to provide the Service you request (for example, creating your account and delivering core features).
  • Where we rely on legitimate interests, we consider and balance any potential impact on your rights and freedoms.
  • Consent: for non-essential cookies and analytics technologies (including Hotjar), and for marketing/feedback emails where you opt in; you can withdraw consent at any time.

5. How we disclose information

We disclose personal data only as described below, and we do not sell personal information. We do not share personal information for cross-context behavioral advertising.

5.1 Service providers (processors)

We enter into data processing agreements with our service providers where required by applicable law.

We use service providers that process personal data on our behalf to operate the Service. These providers are authorized to process personal data only as needed to provide services to us and subject to contractual safeguards where applicable. Examples include:

  • Hosting/infrastructure and delivery: Hostinger (hosting/VPS and related infrastructure) and performance/CDN services (for example, QUIC.cloud).
  • Payments/subscriptions: Paddle (merchant of record / payment processor).
  • Market data: EODHD. We use EODHD to provide certain market data used in the Service. Requests may be made from our backend or through other technical methods depending on the feature. EODHD’s processing is governed by its own policies.
  • News data: GNews. We use GNews to retrieve certain news data used in the Service. News data requests are made from our backend. GNews does not receive your name, email address, account identifiers, portfolio values, transaction history, or browser/device identifiers from us as part of these backend news data requests. Depending on how you use the Service, the news queries sent to GNews may relate to securities, companies, funds, crypto assets, or topics displayed in the Service.
  • Ticker, company, fund, and crypto logo assets: LogoKit. We use LogoKit to retrieve and display certain third-party logo image assets and brand identifiers in the Service. When these assets are loaded, requests may be made directly from your browser to LogoKit or its infrastructure, and LogoKit may receive technical request data such as your IP address, device/browser information, referrer, date/time, and the requested asset. LogoKit’s processing is governed by its own policies. We do not send your name, email address, account identifiers, portfolio values, or transaction history to LogoKit as part of logo asset requests, but the requested logo asset may correspond to a company, fund, or crypto asset shown in your account.
  • Analytics and feedback: Hotjar (session recordings and feedback tooling), enabled only when analytics consent is granted and configured using available suppression/masking features.
  • Email delivery/CRM: Brevo (transactional emails and, if you opt in, marketing/feedback emails). Some Service emails may be routed via website/app email tooling (for example, SMTP plugins) to deliver messages through Brevo.
  • Email hosting: Zoho Mail. We use Zoho Mail to host and manage our business email accounts, including support email. If you contact us by email, Zoho Mail may process information contained in or associated with your message, such as your name, email address, subject line, message content, attachments, timestamps, and related email metadata. Zoho’s processing is governed by its own policies.
  • Consent management: CookieYes (cookie consent banner and preference records).
  • Security and abuse prevention: reCAPTCHA v3.
  • Backups: an off-site encrypted backup provider used for disaster recovery and continuity.

Our website is built on WordPress and uses plugins (for example, for security, caching, and registration). These components may process personal data (such as technical request data or account identifiers) as part of their functionality.

5.2 Legal, safety, and enforcement

We may disclose information if we believe disclosure is reasonably necessary to:

(a) comply with a law, regulation, legal process, or governmental request;
(b) protect the rights, property, and safety of Reviport, our users, or the public;
(c) investigate or prevent fraud, security, or technical issues; or
(d) enforce our Terms and other agreements.

5.3 Business transfers

If Reviport is involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, personal data may be disclosed and transferred as part of that transaction, subject to appropriate confidentiality protections.

6. Cookies and similar technologies

We use cookies and similar technologies to provide the Service, remember preferences, and (where permitted) analyze usage. We use CookieYes to provide a cookie banner and preference center, including a current cookie list.

Cookie controls. You can manage your cookie preferences at any time through the CookieYes preference center (for example, via the cookie icon on the website) and via cookie settings controls in the app. The specific text, design, and location of these controls may change over time.

Some cookies are essential (for example, to keep you logged in). Others are optional and will be used only where required with your consent. Your browser may also allow you to delete or block cookies; however, blocking essential cookies may prevent the Service from functioning properly.

Non-essential cookies (including analytics cookies) are used only with your prior consent, in accordance with applicable ePrivacy and data protection laws.

Global Privacy Control (GPC) and similar signals: where supported by our consent tooling and required by applicable law, we will treat recognized opt-out signals as a request to opt out of activities that are subject to opt-out rights. Because we do not sell personal information or share it for cross-context behavioral advertising, the practical effect may be limited.

Analytics consent. Hotjar is loaded only when analytics consent is granted.

7. Marketing choices

You cannot opt for transactional or service-related messages that are necessary to provide the Service (such as security, policy updates, or billing-related emails).

Marketing and feedback emails are opt-in only. You can opt in or opt out at any time using the dedicated controls in your account settings or through unsubscribe mechanisms included in marketing emails.

8. Data retention and deletion

We retain personal data only as long as reasonably necessary for the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law.

In general:

  • Account and portfolio data: retained while your account is active. If you request deletion, we delete personal data we can associate with you from live systems as soon as we can process the request.
  • Inactive accounts: If you do not have an active subscription and you have not logged in for at least twelve (12) months, we may delete your account and the account and portfolio data described above from our live systems. We will provide reasonable prior notice by email before deletion and an opportunity to access or export your data. Deleted data may persist in backups until those backups expire (see “Backups” below), and we may retain certain information (for example, logs and legally required records) as described in this section.
  • Deletion scope: we generally delete your account record, portfolio history entries, ticker-related custom data, and calculation outputs associated with your account. Aggregated usage metrics may remain in aggregate form.
  • Retention periods are determined based on the nature of the data, the purposes of processing, and applicable legal requirements.
  • Support communications: generally retained for 12–24 months to handle requests, maintain records, and improve support quality.
  • Backups: encrypted backups are retained for up to 20 days. Backups may include personal data present at backup time and are processed only for reliability, continuity, and restoration. As a result, deleted data may persist in backups until those backups expire.
  • You are responsible for maintaining your own copies of any important personal data or content. The Service is not intended to be your sole system of record.

9. Security monitoring and abuse prevention

We use technical and organizational measures to monitor for abuse and protect the integrity of the Service. For example, we use security and audit tooling (including WordPress security/audit plugins) and custom security code to detect suspicious activity, protect accounts, investigate incidents, and maintain platform integrity.

Security logs may include account identifiers, login events, IP addresses, timestamps, and related technical event data.

We also use reCAPTCHA v3 to help detect automated abuse. reCAPTCHA may analyze technical signals (such as IP address, device/browser characteristics, and interaction patterns) to assign a risk score.

We do not use automated decision-making, including profiling, that produces legal effects or similarly significant effects on users within the meaning of Article 22 GDPR.

These measures are based on our legitimate interests in securing the Service.

10. Security

We use administrative, technical, and organizational safeguards designed to protect personal data against unauthorized access, loss, misuse, alteration, or destruction. However, no method of transmission over the Internet or method of electronic storage is 100% secure, and while we implement appropriate safeguards, no system can be guaranteed to be completely secure.

Examples of measures we apply include:

  • TLS/HTTPS for data in transit.
  • Restricted internal service binding and firewall/network controls.
  • Secure transport requirements for database connections.
  • Encryption at rest for core application database tables (where supported by the underlying technology).
  • Encrypted backups and off-site replication for disaster recovery.

11. Third-party content and links

Some pages may include third-party content, assets, or links, including embedded media, external news links, plugin-provided resources, and LogoKit-hosted ticker, company, fund, or crypto logo image assets. When such content or assets are loaded, the relevant third-party provider may receive technical request data and may process that data according to its own policies.

We may use local font hosting to reduce external font requests. Where third-party resources are used, their providers’ privacy practices apply.

We do not control and are not responsible for the privacy practices of third parties.

12. International data transfers

We and our service providers may process and store personal data in the European Economic Area and in other countries where we or our service providers operate. If you are located in the EEA/UK/Switzerland and your personal data is transferred to a country that may not provide the same level of data protection, we use appropriate safeguards such as standard contractual clauses approved by the European Commission or other lawful mechanisms where required.

You may request further information about the safeguards we use for international data transfers by contacting us.

13. Your rights and choices

13.1 EEA/UK/Switzerland (GDPR rights)

If you are in the EEA, the UK, or Switzerland, you may have the right to: (a) request access to your personal data; (b) request correction or deletion; (c) object to certain processing; (d) request restriction of processing; (e) request data portability; and (f) withdraw consent where processing is based on consent.

You also have the right to lodge a complaint with your local data protection authority.

If you are located in Cyprus, you may lodge a complaint with the Office of the Commissioner for Personal Data Protection (Cyprus).

13.2 United States state privacy laws

If you are a resident of certain U.S. states, you may have rights to: (a) know/access the personal information we collected about you; (b) delete personal information; (c) correct inaccuracies; (d) obtain a copy of your personal information; and (e) opt out of “sale” of personal information, sharing for cross-context behavioral advertising, and targeted advertising (as those terms are defined by applicable law). Reviport does not sell personal information and does not share it for cross-context behavioral advertising.

If our practices change in a way that would trigger additional opt-out rights (for example, targeted advertising), we will provide notice and, where required, offer applicable choices.

13.3 How to exercise your rights

To exercise your rights, contact us via support@reviport.com or using the contact details in the Legal Notice. To protect your privacy and security, we may need to verify your identity before fulfilling certain requests.

We aim to respond to privacy requests within 30 days, subject to applicable law and verification requirements. If you are entitled to appeal a decision under applicable law, you may request an appeal by contacting us at support@reviport.com.

14. Contact

Questions, requests, and complaints: please email support@reviport.com. Controller/service provider details are available in the Legal Notice (/legal-notice).

15. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we will provide notice by reasonable means (for example, by posting the updated Terms on reviport.com and updating the “Last updated” date, and/or by email or in-app notice). Your continued use of the Service after an update becomes effective means your continued use of the Service after the effective date of the updated Privacy Policy constitutes your acknowledgment of the changes, to the extent permitted by applicable law.

  • Install social plugin that has it's own SHORTCODE and add it to Theme Options - Socials - 'Login via Social network' field. We recommend: Wordpress Social Login
Minimum 6 characters
MENU

Any information contained in this website is general information only and has been prepared without considering your objectives, financial situation or needs. You should not rely on any advice and/or information contained in this website and before making any investment decision we recommend that you consider whether it is appropriate for your situation and seek appropriate financial, taxation and legal advice.