Privacy Policy
Revolution EDA
| Effective Date | May 9, 2026 |
| Last Updated | May 9, 2026 |
| Version | 1.0 |
Your privacy matters. This Privacy Policy explains how Revolution EDA collects, uses, stores, and protects your personal data, and what rights you have under the General Data Protection Regulation (GDPR) and the Dutch Implementation Act (Uitvoeringswet Algemene Verordening Gegevensbescherming, UAVG).
Table of Contents
- Who We Are
- What Personal Data We Collect
- How and Why We Use Your Data
- Legal Bases for Processing
- Cookies & Similar Technologies
- Sharing Your Data
- International Data Transfers
- Data Retention
- Your Rights Under the GDPR
- Security
- Children’s Privacy
- Changes to This Policy
- Contact & Complaints
1. Who We Are
Revolution EDA is the data controller responsible for your personal data.
Revolution EDA The Netherlands
📧 support@reveda.eu 🔗 https://reveda.eu
As data controller, we determine the purposes and means of processing personal data collected through our website, software, and related services (collectively, the “Services”). Where we engage third parties to process data on our behalf, they act as data processors under written data processing agreements as required by Article 28 GDPR.
2. What Personal Data We Collect
We collect personal data only to the extent necessary for the purposes described in this Policy (data minimisation principle, Article 5(1)(c) GDPR).
2.1 Data You Provide Directly
| Category | Examples |
|---|---|
| Account information | Name, email address, username, password (hashed) |
| Billing information | Name, billing address, VAT number (for business customers) |
| Communications | Messages sent to support, forum posts, bug reports |
| Professional information | Organisation name, job title (optional) |
Note: We do not collect or store full payment card details. Payment processing is handled by our payment service provider (see Section 6).
2.2 Data Collected Automatically
| Category | Examples |
|---|---|
| Usage data | Pages visited, features used, software version, session duration |
| Technical data | IP address, browser type, operating system, device type |
| Log data | Access logs, error logs, crash reports |
| Analytics data | Aggregated, anonymised usage statistics |
2.3 Data from Third Parties
We may receive limited data from third-party services such as GitHub (if you authenticate via OAuth) or payment providers, only as necessary to provide the Services.
2.4 Data We Do Not Collect
- We do not collect special categories of personal data (Article 9 GDPR), such as health data, political opinions, or biometric data.
- We do not collect data from your local design files unless you explicitly use a cloud sync or sharing feature.
- We do not sell personal data to any third party.
3. How and Why We Use Your Data
We use your personal data for the following purposes:
| Purpose | Data Used |
|---|---|
| Providing and managing your account | Account information |
| Delivering and improving the Services | Usage data, technical data, log data |
| Processing payments and issuing invoices | Billing information |
| Sending service-related communications (e.g. security alerts, release notes) | Email address |
| Responding to support requests | Communications, account information |
| Detecting and preventing fraud or abuse | Technical data, log data |
| Complying with legal obligations | As required by applicable law |
| Sending optional marketing communications | Email address (only with your consent) |
4. Legal Bases for Processing
Under Article 6 GDPR, we process your personal data on the following legal bases:
4.1 Performance of a Contract (Article 6(1)(b)) Processing necessary to create and manage your account, deliver the Services, and process payments.
4.2 Legitimate Interests (Article 6(1)(f)) Processing necessary for our legitimate interests, where these are not overridden by your rights and freedoms. This includes security monitoring, fraud prevention, improving the Services, and sending service-related communications to existing users. We have conducted legitimate interest assessments (LIAs) for these activities.
4.3 Legal Obligation (Article 6(1)(c)) Processing required to comply with Dutch and EU law, including tax and accounting obligations under Dutch law (Boek 2 BW, tax legislation).
4.4 Consent (Article 6(1)(a)) Processing based on your freely given, specific, informed, and unambiguous consent — for example, optional analytics cookies or marketing emails. You may withdraw consent at any time without affecting the lawfulness of prior processing.
5. Cookies & Similar Technologies
We use cookies and similar tracking technologies on our website in accordance with the Dutch Telecommunications Act (Telecommunicatiewet, Article 11.7a) and GDPR.
5.1 Cookie Categories
| Category | Purpose | Legal Basis |
|---|---|---|
| Strictly necessary | Session management, authentication, security | Necessary for the service; no consent required |
| Functional | Language preference, UI settings | Legitimate interest or consent |
| Analytics | Understanding how visitors use the site (anonymised) | Consent |
| Marketing | Personalised content or advertising | Consent |
5.2 Your Cookie Choices
When you first visit our website, you will be presented with a cookie consent banner. You may accept or reject non-essential cookies at that point, and change your preferences at any time via the cookie settings link in our website footer.
We do not use cookie walls (access conditional on cookie consent) for essential services.
6. Sharing Your Data
We do not sell your personal data. We share data only in the following circumstances:
6.1 Service Providers (Data Processors) We engage trusted third-party processors to support our operations, including hosting providers, payment processors, and email delivery services. All processors are bound by data processing agreements under Article 28 GDPR and may only process data on our documented instructions.
6.2 GitHub / Open-Source Ecosystem If you interact with our public repositories (e.g. filing issues, submitting pull requests), that activity is subject to GitHub’s own privacy policy. We do not control GitHub’s processing of your data.
6.3 Legal Requirements We may disclose personal data if required to do so by law, court order, or at the request of a competent Dutch or EU authority, provided such request is lawful and proportionate.
6.4 Business Transfers In the event of a merger, acquisition, or sale of assets, personal data may be transferred as part of that transaction. We will notify affected users in advance and ensure the receiving party upholds equivalent data protection standards.
7. International Data Transfers
Revolution EDA is based in the Netherlands and stores data primarily within the European Economic Area (EEA). Where we engage processors or sub-processors located outside the EEA, we ensure that transfers are protected by one of the following safeguards (Chapter V GDPR):
- An adequacy decision by the European Commission (Article 45 GDPR)
- Standard Contractual Clauses (SCCs) approved by the European Commission (Article 46(2)(c) GDPR)
- Other appropriate safeguards as permitted under GDPR
We do not transfer personal data to countries without adequate protection unless the above safeguards are in place. You may request a copy of the relevant safeguards by contacting us at the address in Section 13.
8. Data Retention
We retain personal data only for as long as necessary for the purposes for which it was collected, or as required by law.
| Data Category | Retention Period |
|---|---|
| Account data | Duration of account + 2 years after deletion |
| Billing and invoice records | 7 years (Dutch tax law, Fiscale bewaarplicht) |
| Support communications | 2 years from last interaction |
| Usage and analytics data | 13 months (anonymised thereafter) |
| Log data | 90 days (rolling) |
| Consent records | 3 years from withdrawal or end of processing |
When data is no longer required, it is securely deleted or anonymised in accordance with our data retention policy.
9. Your Rights Under the GDPR
As a data subject under the GDPR, you have the following rights. You can exercise them free of charge by contacting us at support@reveda.eu. We will respond within one month of receiving your request (extendable by two further months for complex requests, with notice).
9.1 Right of Access (Article 15)
You have the right to obtain confirmation of whether we process your personal data, and to receive a copy of that data together with information about how it is processed.
9.2 Right to Rectification (Article 16)
You have the right to have inaccurate or incomplete personal data corrected without undue delay.
9.3 Right to Erasure / “Right to be Forgotten” (Article 17)
You have the right to request deletion of your personal data where it is no longer necessary for the purpose it was collected, where you have withdrawn consent, or where processing is unlawful. This right is subject to legal retention obligations (e.g. tax records).
9.4 Right to Restriction of Processing (Article 18)
You have the right to request that we restrict processing of your data in certain circumstances, such as while the accuracy of data is contested or while an objection is pending.
9.5 Right to Data Portability (Article 20)
Where processing is based on consent or contract and carried out by automated means, you have the right to receive your personal data in a structured, commonly used, machine-readable format, and to transmit that data to another controller.
9.6 Right to Object (Article 21)
You have the right to object at any time to processing based on legitimate interests, including profiling. You also have an absolute right to object to processing for direct marketing purposes.
9.7 Rights Related to Automated Decision-Making (Article 22)
We do not make decisions about you based solely on automated processing that produce significant legal or similarly significant effects.
9.8 Right to Withdraw Consent (Article 7(3))
Where processing is based on consent, you may withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing that occurred before withdrawal.
How to exercise your rights: Email support@reveda.eu with a clear description of your request and, where necessary, a means to verify your identity. We will not charge a fee for legitimate requests.
10. Security
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, destruction, or alteration, in accordance with Article 32 GDPR. These measures include:
- Encryption of data in transit (TLS) and at rest
- Access controls and least-privilege principles
- Regular security reviews and vulnerability assessments
- Staff training on data protection obligations
- Incident response procedures
In the event of a personal data breach that is likely to result in a high risk to your rights and freedoms, we will notify you without undue delay in accordance with Article 34 GDPR. We will also notify the Autoriteit Persoonsgegevens within 72 hours of becoming aware of a qualifying breach, as required by Article 33 GDPR.
11. Children’s Privacy
Our Services are not directed at children under the age of 16. We do not knowingly collect personal data from children under 16. Under Dutch law (Uitvoeringswet AVG, Article 8), processing of personal data of children under 16 requires parental or guardian consent.
If you become aware that a child under 16 has provided us with personal data without appropriate consent, please contact us at support@reveda.eu and we will take steps to delete that data promptly.
12. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, Services, or applicable law. When we make material changes, we will:
- Update the “Last Updated” date at the top of this Policy
- Notify registered users by email or via a prominent notice within the Services
- Where required by law, seek fresh consent
We encourage you to review this Policy periodically. Continued use of the Services after notification of changes constitutes acceptance of the updated Policy, to the extent permitted by applicable law.
13. Contact & Complaints
For privacy-related questions or to exercise your rights:
We aim to resolve all privacy concerns promptly and in good faith. If you are not satisfied with our response, you have the right to lodge a complaint with the Dutch supervisory authority:
Autoriteit Persoonsgegevens (AP) Postbus 93374 2509 AJ Den Haag 🌐 www.autoriteitpersoonsgegevens.nl ☎ +31 (0)70 888 85 00
You also have the right to lodge a complaint with the supervisory authority in your EU member state of habitual residence or place of work.
© 2026 Revolution EDA. All rights reserved.
This document was last reviewed on May 9, 2026.