GDPR Compliance

1. Introduction

Reveal Together is committed to protecting your personal data and complying with the General Data Protection Regulation (GDPR). This page provides specific information about how we handle data for residents of the European Economic Area (EEA) and European Union (EU).

This GDPR compliance notice supplements our Privacy Policy, Cookie Policy, and Terms of Service.

2. Data Controller

The data controller responsible for your personal data is:

3. Categories of Data We Collect

We collect and process the following categories of personal data:

Identity Data

• First and last name
• Names of parents-to-be
• User-generated profile information

Account Data

• Email address
• Authentication credentials
• Account preferences

Technical Data

• IP address
• Browser type and version
• Operating system
• Device type
• Time zone setting
• Referral source

Usage Data

• Pages visited
• Time spent on pages
• Features used
• Click patterns

Transaction Data

• Purchase history
• Payment status (we do not store card details)

User Content Data

• Gender reveal event information
• Baby gender (encrypted)
• Guest voting data

4. Legal Basis for Processing

We process your personal data under the following legal bases:

Contractual Necessity (Article 6(1)(b))

Processing necessary to fulfill our contract with you:

• Creating and managing your account
• Providing our gender reveal services
• Processing payments
• Delivering customer support

Legitimate Interests (Article 6(1)(f))

Processing based on our legitimate business interests:

• Improving our services and user experience
• Analyzing usage patterns
• Preventing fraud and abuse
• Marketing our services to existing customers
• Securing our platform

Consent (Article 6(1)(a))

Processing based on your explicit consent:

• Marketing communications to new contacts
• Non-essential cookies and tracking
• Special category data processing (if applicable)

Legal Obligation (Article 6(1)(c))

Processing required by law:

• Tax and accounting requirements
• Responding to lawful requests from authorities
• Compliance with applicable regulations

5. Your Rights Under GDPR

As an EEA/EU resident, you have the following rights regarding your personal data:

Right of Access (Article 15)

You have the right to request a copy of the personal data we hold about you and information about how we process it.

Right to Rectification (Article 16)

You have the right to request correction of inaccurate personal data or completion of incomplete data.

Right to Erasure (Article 17)

You have the right to request deletion of your personal data under certain circumstances, such as when the data is no longer necessary for the purposes collected.

Right to Restriction of Processing (Article 18)

You have the right to request that we limit how we use your data under certain circumstances.

Right to Data Portability (Article 20)

You have the right to receive your personal data in a structured, commonly used, machine-readable format and to transmit it to another controller.

Right to Object (Article 21)

You have the right to object to processing based on legitimate interests or for direct marketing purposes.

Right Related to Automated Decision Making (Article 22)

You have the right not to be subject to decisions based solely on automated processing that significantly affects you.

Right to Withdraw Consent

Where processing is based on consent, you have the right to withdraw that consent at any time.

To exercise any of these rights, please contact us at team@revealtogether.com. We will respond to your request within 30 days.

You also have the right to lodge a complaint with your local data protection supervisory authority.

6. International Data Transfers

Your personal data may be transferred to and processed in countries outside the EEA, including the United States, where our service providers are located.

When we transfer data outside the EEA, we ensure appropriate safeguards are in place, including:

• Standard Contractual Clauses approved by the European Commission
• Data Processing Agreements with our service providers
• Ensuring recipients maintain adequate data protection standards

7. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including legal, accounting, or reporting requirements.

Our standard retention periods are:

• Account data: Retained while your account is active, plus 2 years after deletion
• Transaction data: 7 years (for tax and legal compliance)
• Usage data: 26 months
• Marketing preferences: Until you withdraw consent
• Reveal content: 1 year after the reveal event

8. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including:

• Encryption of data in transit and at rest
• Secure authentication mechanisms
• Regular security assessments
• Access controls and employee training
• Incident response procedures
• Regular backups and disaster recovery

In the event of a data breach that poses a risk to your rights and freedoms, we will notify you and the relevant supervisory authority as required by GDPR.

9. Data Protection Officer

If you have questions about our data protection practices or wish to exercise your rights, you can contact our Data Protection Officer:

10. Policy Updates

We may update this GDPR compliance notice from time to time. We will notify you of any material changes by email or through our platform.

Please review this page periodically to stay informed about how we protect your data.

11. Contact Us

For any GDPR-related inquiries, please contact us at: