Privacy Policy

Last updated: 7 March 2026

1. Who we are

Krevlo (“we”, “us”, “our”) is a receivables automation platform for creator talent managers. We are the data controller for the personal data processed through our platform.

If you have questions about this policy or your data, contact us at privacy@krevlo.com.

2. What data we collect

We collect the following categories of personal data:

  • Account information: your name, email address, and organisation name when you sign up.
  • Deal and payment data: brand names, creator names, deal values, invoice dates, payment dates, and payment statuses that you enter into the platform.
  • Email content: chase email templates and sent email logs generated through the platform.
  • Payment information: billing details processed by Stripe. We do not store your full card number on our servers.
  • Usage data: pages visited, features used, browser type, IP address, and device information collected automatically when you use the platform.
  • Cookies: strictly necessary cookies for authentication and session management. We do not use advertising or tracking cookies.

3. How we use your data

We process your personal data for the following purposes:

  • To provide and operate the Krevlo platform, including receivables tracking, chase email automation, and daily digest emails.
  • To send transactional emails (account verification, password resets, daily digests, chase confirmations).
  • To process subscription payments through Stripe.
  • To improve the platform based on aggregated, anonymised usage patterns.
  • To comply with legal obligations.

Legal bases (UK/EU GDPR): we process data based on (a) performance of our contract with you, (b) our legitimate interests in operating and improving the platform, and (c) your consent where required.

4. Who we share data with

We share personal data only with the following categories of service providers:

  • Supabase (database hosting and authentication)
  • Stripe (payment processing)
  • Resend (transactional email delivery)
  • Vercel (application hosting)

We do not sell your personal data to third parties. We do not share your data with advertisers or data brokers.

5. International transfers

Some of our service providers operate outside the UK and European Economic Area. Where data is transferred internationally, we ensure appropriate safeguards are in place, including Standard Contractual Clauses approved by the UK Information Commissioner's Office and/or the European Commission, or reliance on adequacy decisions.

6. Data retention

We retain your account and deal data for as long as your account is active. If you close your account, we delete your personal data within 30 days, except where we are required to retain it for legal or regulatory purposes (up to 7 years for financial records).

7. Your rights

Under UK/EU GDPR, you have the right to:

  • Access the personal data we hold about you
  • Rectify inaccurate data
  • Request erasure of your data (“right to be forgotten”)
  • Restrict or object to processing
  • Data portability (receive your data in a structured, machine-readable format)
  • Withdraw consent at any time (where processing is based on consent)
  • Lodge a complaint with the UK Information Commissioner's Office (ICO) or your local supervisory authority

Under the California Consumer Privacy Act (CCPA), California residents additionally have the right to:

  • Know what personal information is collected, used, and disclosed
  • Request deletion of personal information
  • Opt out of the sale of personal information (we do not sell your data)
  • Non-discrimination for exercising your privacy rights

To exercise any of these rights, email privacy@krevlo.com. We will respond within 30 days.

8. Security

We implement appropriate technical and organisational measures to protect your data, including encryption in transit (TLS), encryption at rest, row-level security on all database tables, and regular security reviews. Access to personal data is restricted to authorised personnel on a need-to-know basis.

9. Children

Krevlo is not intended for use by anyone under the age of 18. We do not knowingly collect personal data from children.

10. Changes to this policy

We may update this privacy policy from time to time. We will notify you of material changes by email or through a notice on the platform. Continued use of Krevlo after changes constitutes acceptance of the updated policy.