Privacy Policy

Reever has two kinds of users. Hosts are people who create a Reever account to share availability and accept bookings. Invitees are people who book time with a Host through a Reever booking page. This policy applies to both, and where rules differ, we say so.

Reever is not directed to children under 16, and we do not knowingly collect personal information from anyone under 16. If you believe a child has provided us information, contact us and we will delete it.

The list below is exhaustive for the current version of the Service. We add to it only when we ship a feature that needs more, and we update this policy when we do.

2.1 Information Hosts give us

• Account. Email address, display name, profile slug, time zone, optional avatar URL, optional bio.
• Authentication. Magic-link tokens (stored hashed), session tokens, last-sign-in metadata.
• Calendar connections. When you connect Google Calendar or Microsoft Outlook, we store OAuth access and refresh tokens (encrypted at rest), the provider account identifier, the granted scopes, and the names and IDs of the calendars you select.
• Calendar contents (transient). To compute availability and avoid double-booking, we read free/busy time and event metadata (start, end, busy status) from your selected calendars at the moment we need it. We do not retain the contents of your calendar events in our database beyond what is required to create or update the Reever-managed booking.
• Event types and availability. Configuration you create — durations, buffers, locations, intake questions, pricing, redirect URLs, and similar.
• Team membership. If you create or join a team, the team identifier, role, and links between team members.
• Agent conversations. Prompts and replies from the in-product assistant you use to configure Reever (see Section 4).
• Notification preferences and branding. Settings you change.
• Billing details. Subscription status, plan, renewal date, and a Stripe customer reference. We do not store full card numbers; Stripe does.

2.2 Information Invitees give us

• Booking details.Name, email address, the time slot selected, and answers to any custom questions the Host has added to the event type (for example, “company name” or “what would you like to discuss”).
• Booking lifecycle data. Confirmations, reschedules, and cancellations associated with the booking.

Invitees provide this information directly to a Host via Reever. The Host decides what custom questions to ask and how the booking is used. Where data-protection law applies, the Host is the “controller” of Invitee personal data and Reever is the “processor” acting on the Host’s instructions.

2.3 Information we collect automatically

• Device and connection data. IP address, user agent, approximate region inferred from IP, request timing.
• Cookies and similar. A first-party session cookie that keeps you signed in, plus short-lived cookies used for sign-in flow and CSRF protection. We do not set advertising or cross-site-tracking cookies.
• Logs and error reports. Application logs, performance traces, and crash reports captured by Sentry. These may incidentally contain user identifiers (such as a User ID) so we can debug an issue you encountered.
• Bot defense. Signals from Vercel BotID on sensitive endpoints (sign-up, booking confirmation) to filter automated abuse.

We use the information above to:

• operate and improve the Service;
• authenticate you and keep your account and bookings secure;
• compute availability, prevent double-booking, and create or update calendar events on your behalf using the connections you have authorized;
• send transactional emails (sign-in links, booking confirmations, reminders, reschedule and cancellation notices);
• provide the AI features described in Section 4;
• bill paid plans and prevent fraud, abuse, and misuse;
• comply with law and enforce our Terms of Service.

Where required, our legal bases under the EU and UK GDPR are: performance of a contract (operating the Service for Hosts); legitimate interests (security, abuse prevention, product improvement, and providing Hosts with auto-prep briefings about their meetings); consent (where you have provided it, such as connecting a calendar); and compliance with legal obligations.

Reever uses large language models to power two product surfaces:

• Configuration by conversation.The in-product assistant lets a Host configure event types, availability, and similar settings in natural language. Your prompts and the assistant’s replies are stored on your account so you can return to a thread.
• Auto-prep.When a booking is confirmed, an AI agent assembles a short briefing about the Invitee using the information the Invitee provided, public information that may be available about the Invitee or their company, and (if connected) relevant prior email or calendar history from the Host’s own connected accounts. The briefing is written into the calendar event description so the Host sees it before the meeting.

To deliver these features, we send the necessary inputs to Anthropic, PBC, which provides the underlying models. Anthropic acts as our sub-processor and, under our commercial agreement, does not use Reever customer data to train its models. Outputs are generated on demand and may be inaccurate or incomplete; auto-prep briefings are a starting point for the Host and are not a substitute for the Host’s own judgment.

Hosts can disable auto-prep per event type in settings. Invitees who do not want auto-prep run on their booking can ask the Host to turn it off, or contact us at the address in Section 13.

We use the following service providers to run Reever. Each receives only the data needed to perform its function and is bound by contractual confidentiality and security obligations.

We may add or change sub-processors as the Service evolves. Material changes will be reflected here, and where the law requires, we will notify Hosts in advance.

Beyond sub-processors, we may share information (a) with the Host you book with, in the case of an Invitee; (b) with law enforcement or other parties when required by law or to protect the rights, safety, or property of Reever, our users, or others; and (c) in connection with a merger, acquisition, financing, or sale of assets, subject to standard confidentiality protections and continued application of this policy.

We are based in the United States and our primary processing happens there. If you access Reever from the EEA, the UK, or another jurisdiction with cross-border transfer rules, we rely on appropriate safeguards — typically the European Commission’s Standard Contractual Clauses and the UK Addendum — to move personal data to the United States and to other countries where our sub-processors operate.

We keep account, booking, and calendar-connection data for as long as your account is active and for a reasonable period afterward to handle disputes, satisfy legal obligations, and operate our backups. Magic-link tokens are deleted shortly after use or expiry. Sentry error data is retained for up to 90 days. Agent conversation history is retained until you delete it or close your account.

When you close your account, we delete or anonymize personal data within 30 days, except where we are required or permitted to retain it (for example, billing records under tax law, or information relevant to a legal claim).

Depending on where you live, you may have the right to:

• access the personal data we hold about you;
• correct inaccurate data or complete incomplete data;
• delete your data, subject to limited exceptions;
• receive a portable copy of data you provided to us;
• object to or restrict certain processing, including processing based on legitimate interests;
• withdraw consent where we rely on it (this does not affect prior processing);
• lodge a complaint with your local data-protection authority;
• for California residents under the CCPA/CPRA: know, delete, correct, and limit use of sensitive personal information, and opt out of “sales” or “sharing” (Reever does not sell personal information and does not share it for cross-context behavioral advertising).

Hosts can exercise most of these rights directly in product settings (export, edit, delete event types, disconnect calendars, close account). Invitees should generally contact the Host they booked with, since that Host controls the booking record. You can also email us at eli@ventechdigital.com and we will route the request appropriately.

We use industry-standard practices to protect your information. OAuth tokens for connected calendars are encrypted at rest. Magic links are single-use and short-lived. Traffic is encrypted in transit. Access to production systems is limited to authorized personnel and audit-logged. No system is perfectly secure, and we cannot guarantee that information will not be intercepted or accessed without authorization despite our efforts.

Reever uses only the cookies it needs to operate. These include a session cookie that keeps you signed in, a CSRF token cookie, and a short-lived cookie used to complete the magic-link sign-in flow. We do not use cookies for advertising or cross-site tracking. Most browsers let you control or block cookies; if you block our essential cookies, the Service will not work.

Because Reever does not run cross-site tracking, we treat all traffic the same regardless of any “Do Not Track” signal your browser may send.

We may update this policy from time to time. When we do, we will revise the effective date at the top of the page. If a change is material, we will give Hosts reasonable advance notice (typically by email or in-product notice) before the change takes effect.

For privacy questions, requests, or to exercise any right under this policy, contact us at eli@ventechdigital.com. Our legal entity is VenTech, LLC, formed in Georgia, United States.