Scope
This Privacy Policy explains how Revecorp Inc. (“Revecorp,” “we,” “us,” or “our”) collects, uses, discloses, and protects personal information in connection with:
- The public website located at revecorp.com and any linked pages we control (the “Website”).
- The TransitCheck mobile and tablet application, related services, and web portal (the “App”).
If any part of this Policy conflicts with a service-specific notice presented inside the App or Website, the service-specific notice will govern for that service. A current list of all active service-specific notices is maintained on our Website and within the App under Settings > Privacy.
Who We Are and How to Contact Us
Revecorp Inc. owns and operates the Website and the App. For any privacy request—including exercising your rights, asking questions, or filing a complaint—you can reach us below.
For users subject to the GDPR, UK GDPR, or PIPEDA, our designated Data Protection Officer can be reached at privacy@revecorp.com.
Information We Collect
We collect personal information directly from you, automatically from your device, from your employer or organization if it authorizes your App use, and from service providers that assist us. The categories include:
- Identifiers — name, user ID, email address, phone number, postal address, IP address, online identifiers, and device identifiers including Android ID.
- Device and technical data — device make and model, operating system version, screen resolution, app version, crash and performance logs, and telemetry from interactions with our web services.
- Internet or network activity — log data for the Website and App, pages viewed, session duration, referrers, and actions taken within the App or portal.
- Geolocation data — when location permissions are enabled in the App, including precise GPS data while the App is open or running in the background if your organization requires continuous tracking.
- Multimedia and content — photos, videos, and voice recordings that you choose to upload for documentation.
- Transaction and account data — orders, subscriptions, job or asset records created in the App, support requests, and audit logs.
- Professional or employment information — when the App is used for inspections or other work tasks.
- Sensitive personal information — as defined by applicable laws, which may include precise geolocation, biometric templates if enabled, and government-issued identifiers captured in photos or forms. We do not intentionally collect Social Security numbers or financial account numbers through the App or Website.
Sources
We receive personal information from: (1) directly from you; (2) automatically from your device; (3) from your employer or authorizing organization; and (4) from service providers including hosting and cloud infrastructure, analytics platforms, customer support tools, payment processors, and delivery and logistics partners.
App Permissions
The App may request the following device permissions, which you can manage in your device settings. Some features may not work without them.
- Camera — to capture photos or video for documentation.
- Microphone — for voice notes or speech-to-text.
- Location — for GPS data while the App is open or running in the background. When background location tracking is active, a persistent notification will appear on your device. You may disable background location at any time through your device settings.
- Phone and network — to send data between the device and the web portal.
- Storage — to temporarily store data until upload completes.
How We Use Your Information
We use personal information for the purposes listed below. For users subject to the GDPR, UK GDPR, or similar frameworks, the corresponding legal basis is identified for each purpose.
| Purpose | Legal Basis (GDPR) |
|---|---|
| Provide and operate services — account creation, authentication, order processing, deliveries, and core App features | Performance of a contract |
| Customer support — responding to inquiries, troubleshooting, and quality assurance | Performance of a contract; legitimate interests |
| Security and integrity — fraud prevention, abuse detection, access controls, incident response | Legitimate interests; legal obligation |
| Analytics, research, and service improvement — debugging and measuring usage trends | Legitimate interests |
| Legal compliance — required recordkeeping and responses to lawful requests | Legal obligation |
| Communications and optional marketing — service notices and product updates | Consent (marketing); legitimate interests (service notices) |
| Background geolocation tracking — continuous location monitoring for field operations | Consent of the individual user |
| Biometric processing — identity verification if enabled | Explicit consent of the individual user |
You can opt out of marketing messages at any time. For background geolocation and biometric processing, your individual consent is required—employer authorization alone is not sufficient.
Cookies and Tracking Technologies
On the Website and within the web portal, we use cookies, SDKs, and web beacons to keep you signed in, remember preferences, measure usage, and secure the service. You can control cookies in your browser and operating system settings. Disabling cookies may limit some features.
Global Privacy Control
We honor Global Privacy Control (GPC) signals as a valid opt-out request under the CCPA/CPRA. When we detect a GPC signal, we treat it as a request to opt out of the sale or sharing of personal information for that browser or device.
Do Not Track
We do not currently respond to browser Do Not Track signals because there is no universally accepted standard for how to interpret them. GPC signals are recognized as described above.
How We Share Information
We disclose personal information in the following circumstances:
- Service providers and contractors that process data under written agreements restricting further use. Examples include hosting, analytics, customer support, payment processing, and delivery partners. We contractually prohibit these providers from combining Revecorp user data with data from other sources for their own purposes, including cross-context behavioral advertising.
- Authorized users and your organization when your employer or customer account administrates the App.
- Affiliates within our corporate group for the purposes described in this Policy.
- Business transfers in connection with a merger, acquisition, financing, or sale of assets. The acquiring entity will be bound by the terms of this Policy with respect to personal information collected before the transfer, and we will provide notice to affected users before their data is subject to a materially different privacy policy.
- Legal and safety disclosures. We may disclose personal information (a) in response to a valid subpoena, court order, warrant, or other compulsory legal process; (b) to law enforcement when we have a good-faith belief that disclosure is necessary to prevent imminent harm or illegal activity; or (c) to enforce our terms or protect the rights, property, or safety of our users and the public. We will not voluntarily disclose personal information to government agencies absent compulsory legal process, except where we reasonably believe there is an imminent threat to life or physical safety.
Sale and Sharing
We do not sell or share personal information as those terms are defined by the CCPA as amended by the CPRA. We do not allow third parties to use your data for their own targeted advertising. If this changes in the future, we will update this Policy, provide prominent notice, and honor all applicable opt-out mechanisms including GPC.
Data Retention
We retain personal information only as long as needed for the purposes set out in this Policy, to comply with legal obligations, or to resolve disputes.
| Category | Retention Period | Notes |
|---|---|---|
| Identifiers | Life of account + 1 year | Deleted upon verified request, subject to legal holds |
| Device and technical data | 30 days (logs); 2 years (aggregated) | Logs auto-purged; analytics anonymized |
| Internet or network activity | Up to 30 days | System logs auto-purged |
| Geolocation data | 90 days (raw); 2 years (aggregated) | Raw GPS purged on rolling basis |
| Multimedia and content | Up to 5 years | Subject to your organization’s retention policy |
| Transaction and account data | Life of account + 3 years | Required for audit and dispute resolution |
| Professional / employment info | Up to 5 years | Aligned with inspection record requirements |
| Sensitive PI (biometrics) | 1 year after last use or 3 years from collection, whichever is first | Per Illinois BIPA standards |
| Sensitive PI (gov IDs in photos) | Up to 5 years or as required by law | Encrypted at rest |
We may anonymize data so it is no longer reasonably capable of identifying you and retain the anonymized data indefinitely for analytics.
Security
We use technical and organizational safeguards appropriate to the risks, including encryption in transit (TLS 1.2+) and at rest (AES-256 or equivalent) where feasible, access controls limited to authorized personnel on a least-privilege basis, secure software development practices including code review and vulnerability scanning, and periodic security reviews and audits. No method of transmission or storage is perfectly secure.
Data Breach Notification
In the event of a security breach involving unencrypted personal information that is reasonably likely to cause harm, we will:
- Notify affected California residents in the most expedient time possible and without unreasonable delay, consistent with California Civil Code §1798.82.
- Notify applicable supervisory authorities within 72 hours of becoming aware of a breach where required by the GDPR.
- Provide written notice that includes the categories of information compromised, a description of the incident, the steps we are taking in response, and contact information for follow-up questions.
- Offer identity-theft prevention and mitigation services at no cost where the breach involves Social Security numbers, financial account numbers, or other highly sensitive identifiers.
Children’s Privacy
The Website and App are not directed to children under 13, and we do not knowingly collect personal information from children under 13 in compliance with the Children’s Online Privacy Protection Act (COPPA). In the European Union and United Kingdom, we rely on the higher local age of consent, up to 16.
If we have actual knowledge that a user is a California resident between the ages of 13 and 17, we will not sell or share their personal information unless the minor has affirmatively opted in, consistent with CCPA §1798.120(c). We will also comply with the California Age-Appropriate Design Code Act to the extent it is in effect.
If we learn we collected data from a child contrary to this section, we will delete it promptly.
Your Privacy Rights
Depending on where you live, you may have the rights listed below. We will not discriminate against you for exercising these rights.
United States State Laws
Under the CCPA, CPRA, VCDPA, CPA, TDPSA, and similar state privacy laws:
- Right to know and access the categories and specific pieces of personal information collected.
- Right to correct inaccurate personal information.
- Right to delete personal information, subject to lawful exceptions.
- Right to data portability in a commonly used, machine-readable format.
- Right to limit the use and disclosure of sensitive personal information. Exercise this right by emailing privacy@revecorp.com with the subject “Limit Sensitive PI,” by calling +1 916 786 1006, or by using the “Limit the Use of My Sensitive Personal Information” link on our Website and in the App.
- Right to opt out of sale or sharing for targeted advertising. Revecorp does not currently sell or share personal information. Should this change, we will provide a “Do Not Sell or Share My Personal Information” link.
- Right to appeal. If we deny your request, you may appeal by replying to our decision email within 45 days. We will respond within 60 days. If denied, we will provide information on how to contact the California Attorney General or your applicable state authority.
European Union, EEA, United Kingdom, and Canada
Where the GDPR, UK GDPR, or PIPEDA applies, you may also have the right to:
- Object to processing based on legitimate interests.
- Restrict processing in certain circumstances.
- Withdraw consent at any time, without affecting the lawfulness of processing before withdrawal.
- Lodge a complaint with your local supervisory authority.
The specific legal basis for each processing purpose is set out in the table in Section 5.
Illinois Biometric Information Privacy Act (BIPA)
If biometric data is collected from Illinois-based users, we comply with BIPA by providing a written retention and destruction policy, obtaining written and informed consent from the individual before collection, prohibiting the sale or profit from biometric data, and protecting biometric data with safeguards at least as stringent as those used for other confidential information.
How to Exercise Your Rights
We will verify your identity by matching at least two data points you provide (such as email address and account identifier) against information we have on file. For requests for specific pieces of personal information, we apply a higher verification standard and may require a signed declaration under penalty of perjury.
Authorized agents may submit requests with written proof of authorization or a valid power of attorney. We may still verify the requestor’s identity directly. You can also ask us to provide this Policy in an alternative accessible format.
International Data Transfers
Your information may be stored and processed in the United States and other countries with different data protection laws. Where required by the GDPR or UK GDPR, we rely on approved transfer mechanisms including:
- European Commission Standard Contractual Clauses (SCCs), as updated in June 2021.
- UK International Data Transfer Agreement or Addendum where applicable.
- Supplementary technical measures such as encryption and pseudonymization.
You may request a copy of the applicable transfer mechanism by contacting privacy@revecorp.com.
Interactive Features and User Content
If you post content in areas visible to others, including forums or feedback channels we operate, your content may be read, collected, and used by others. Do not include personal information in public posts that you would not want to be public.
Notice of Financial Incentive
Revecorp does not currently offer financial incentive programs that require the collection of personal information as a condition of participation. If we introduce such a program in the future, we will update this Policy with a description of the program, the categories of personal information required, the value of the data, and your right to opt in or withdraw at any time.
Updates to This Policy
We may update this Policy from time to time. We will post the updated version with a new effective date on the Website and, for material changes, provide prominent notice via email or in-product alerts at least 30 days before the changes take effect. Your continued use after the effective date means you accept the changes.
California Notice at Collection
| Category | Purposes | Retention | Sold / Shared? |
|---|---|---|---|
| Identifiers | Services, security, support, compliance | Account + 1 year | No |
| Device / technical data | Services, security, analytics, debugging | 30 days – 2 years | No |
| Internet / network activity | Security, analytics, debugging | Up to 30 days | No |
| Geolocation | Services, security, analytics | 90 days – 2 years | No |
| Multimedia / content | Services, documentation | Up to 5 years | No |
| Transaction / account data | Services, compliance, audit | Account + 3 years | No |
| Professional / employment info | Services, inspections | Up to 5 years | No |
| Sensitive PI | Services, identity verification, security, compliance only | See Section 8 | No |
Sensitive personal information is used only for the service you request, security, and compliance. We do not use sensitive personal information to infer characteristics about you.
Shine the Light
California Civil Code §1798.83 allows California residents to request information regarding disclosure of personal information to third parties for their direct marketing. Revecorp does not disclose personal information to third parties for their direct marketing. Contact privacy@revecorp.com with questions.
Terms of Use
Your use of the Website or App is also subject to the Revecorp Terms of Use If you create an account, place an order, or use the App, you agree to those terms and to this Policy.
↑ Back to top