1. WHO WE ARE

This Privacy Notice explains how REVLAB CONSULTING - FZCO ("RevLab," "Residovo," "we," "us," or "our") collects, uses, shares, stores, and otherwise processes personal data in connection with the Residovo websites, mobile applications, white-label deployments, APIs, and related services (collectively, the "Platform").

1.1 Controller Details

REVLAB CONSULTING - FZCO

Trade License No. 53983

IFZA Business Park, A1, DDP, Dubai Silicon Oasis, Dubai, UAE

Privacy Contact: privacy@residovo.com

1.2 Controller vs. Processor

Depending on the service and customer relationship, RevLab may act either as a controller (for website operations, account administration, security, billing, and direct business relationships) or as a processor/service provider acting on behalf of an enterprise customer. Where we act only on behalf of a customer, that customer's own privacy notice may also apply.

2. SCOPE AND CONTACT POINTS

2.1 Geographic Scope and Market Focus

The Platform is offered internationally, with current commercial focus in selected markets in the Middle East and Asia. In certain jurisdictions, services may be made available through separate local commercial arrangements or regional partners.

We will update this Notice as our direct commercial footprint evolves. For any privacy inquiries, contact privacy@residovo.com.

2.2 Data Protection Officer

We have not appointed a formal Data Protection Officer (DPO) at this time, as our current processing activities do not require one under Article 37 GDPR. For privacy inquiries, contact: privacy@residovo.com

3. SCOPE OF THIS NOTICE

This Notice applies to personal data we collect through our websites, apps, contact forms, communications, demos, customer onboarding, enterprise contracting, support interactions, white-label deployments, and related operational activities. It does not apply to third-party websites or services that maintain their own privacy notices.

Where local law grants additional rights or imposes stricter requirements, we will comply with those mandatory requirements for the affected processing.

4. CATEGORIES OF PERSONAL DATA WE COLLECT

4.1 Identity and Profile Data

Name, username, display name, company name, job title, unit/property relationship, ownership or tenancy status, account identifiers, and verification data.

4.2 Contact Data

Email address, telephone number, postal address, support correspondence, and communication preferences.

4.3 Property and Service Data

Addresses, unit references, maintenance requests, attachments, photos, work orders, quotations, invoices, tenancy-related information, notices, and service history.

4.4 Transaction and Billing Data

Billing contact details, invoice records, payment status, limited payment metadata, and tax records. We do not currently operate live third-party payment processing on the Platform. If and when payment functionality is activated, full card details will be processed by PCI-DSS compliant third-party payment providers and will not be stored directly by us.

4.5 Technical and Usage Data

IP address (anonymized where feasible), device identifiers, browser type, operating system, app events, session information, diagnostic logs, and approximate location inferred from IP or device settings.

4.6 Location Data

Precise Location: GPS coordinates from mobile devices (only when explicitly permitted by you for service provider dispatch and property location features).

Approximate Location: Derived from IP address for regional customization and fraud prevention.

4.7 Communications and User-Generated Content

Messages, announcements, tickets, uploaded documents, profile content, photos, comments, reviews, and feedback.

4.8 Special Category Data

We do NOT intentionally collect Special Category Data (sensitive personal data) such as health information, religious beliefs, political opinions, racial or ethnic origin, sexual orientation, biometric data, or genetic data. If such data is inadvertently provided by users, we recommend its immediate removal and reserve the right to delete it.

5. LEGAL BASIS FOR PROCESSING

Under Article 6 GDPR, Article 5 UAE PDPL, and equivalent provisions in other applicable laws, we process personal data based on the following grounds:

Legal Basis	Data Categories	Purpose
Contract Performance	Account data, identity, communications, billing	Provide services, manage accounts, fulfill contracts
Consent	Marketing emails, precise GPS location, third-party analytics cookies, advertising identifiers	Send promotional content, enable location features, measure campaign performance
Legitimate Interests	Security logs, fraud signals, aggregated internal usage metrics, error diagnostics	Ensure platform security, prevent fraud, improve services, enforce terms (interest: safe and functional service)
Legal Obligation	Financial records, identity docs, transaction logs	Comply with tax, AML, court orders, regulations

Note: Where we rely on legitimate interests, our interest is maintaining a secure, functional, and improving platform. You may object to processing based on legitimate interests by contacting privacy@residovo.com.

6. DATA ANALYTICS AND MACHINE LEARNING

We may aggregate and pseudonymize user data to train, develop, and improve algorithmic and artificial intelligence models intended to enhance platform efficiency (e.g., predictive maintenance routing, automated ticket classification). This processing is conducted on aggregated or anonymized datasets where the Data Subject is no longer identifiable, grounded in our legitimate business interests. We do not rely on solely automated decision-making that produces legal or similarly significant effects unless permitted by applicable law.

7. THIRD-PARTY SERVICE PROVIDERS

We share personal data only on a need-to-know basis with the following categories of recipients, subject to appropriate safeguards:

• Affiliates and group service providers involved in operating the Platform;

• Hosting, infrastructure, security, email, messaging, customer support, analytics, payment, and document processing vendors;

• Enterprise customers, property managers, landlords, residents, service providers, and other users where sharing is inherent in the workflow;

• Professional advisers, auditors, insurers under duties of confidentiality;

• Regulators, courts, law enforcement, and tax authorities where required by law;

• Buyers or successors in connection with a merger, acquisition, or sale of assets.

7.1 Current Third-Party Inventory

Cloud Hosting & Infrastructure: Vultr Holdings LLC. Purpose: Cloud infrastructure hosting, backend technical administration, and secure internal file storage for the Residovo platform. All sensitive user documents and files are encrypted and stored within our secure internal infrastructure. Location: Physical servers are located in Frankfurt, Germany, operated by Vultr Holdings LLC. Vultr maintains a GDPR-compliant Data Processing Addendum (DPA) available to customers. Certain technical administration, development, maintenance, and infrastructure support activities may be performed by authorized personnel of KEMANG INTERNET PTE LTD acting on our behalf under appropriate confidentiality, security, and data-handling obligations. Where required by applicable law, we implement appropriate contractual and cross-border transfer safeguards for such access and processing.

Real-Time Communications: Pusher Purpose: Facilitates real-time WebSocket infrastructure to securely power the internal messaging and notification system between property owners, tenants, and service providers.

Analytics: Google Analytics (Google Ireland Limited / Google LLC) Purpose: Used for tracking user behavior, platform traffic, and usage metrics. IP Anonymization (IP masking) is strictly enabled prior to data processing to ensure user privacy and compliance.

Crash Reporting & App Stability: Firebase Crashlytics (Google LLC) Purpose: Used to collect anonymized crash reports, device state information, and error logs strictly to identify bugs, troubleshoot performance issues, and improve our mobile application stability.

Push Notifications: Firebase Cloud Messaging - FCM (Google LLC) Purpose: Utilized to deliver necessary operational alerts and push notifications to users' mobile devices securely by using anonymous Device Tokens.

Email Services: Google Workspace / Gmail (Google LLC) Purpose: Utilized as our enterprise email infrastructure for transactional communications and routing secure messages using industry-standard encryption (TLS).

Payment Processing: No third-party payment processor is currently active on the Platform. If payment functionality is introduced in the future, we will update this Privacy Notice to identify the relevant provider(s) and applicable safeguards.

Customer Support: In-house Support Team Purpose: All customer support inquiries, tickets, and user communications are handled entirely and securely by our dedicated internal support team. We do not outsource support or share customer issue data with external third-party call centers or agencies.

8. COOKIES AND TRACKING TECHNOLOGIES

We may use cookies, local storage, pixels, tags, SDKs, and similar technologies for authentication, security, preferences, analytics, and marketing. Where legally required, we will ask for consent before setting non-essential cookies.

Strictly Necessary: Session continuity, authentication, fraud prevention, security logging. Cannot be disabled.

Preferences: Language, interface choices, remembered settings. Requires consent where applicable.

Analytics: Third-party measurement tools and advertising analytics. Requires consent where applicable.

Marketing: Campaign measurement, remarketing, conversion tracking. Requires consent where applicable.

You can manage preferences through the "Cookie Settings" link in our website footer or your browser settings.

9. INTERNATIONAL DATA TRANSFERS

Because RevLab operates internationally from the UAE, personal data may be accessed from or transferred to jurisdictions outside the country in which it was collected.

9.1 Transfer Mechanisms

Where applicable data protection law requires safeguards for cross-border transfers of personal data, we use appropriate legal transfer mechanisms, which may include the European Commission’s Standard Contractual Clauses (SCCs), the UK International Data Transfer Agreement (IDTA), or another lawful safeguard, as applicable. Our core infrastructure is hosted on servers located in Frankfurt, Germany. If personal data is accessed or otherwise processed outside the country or region in which it was collected by a separate service provider or recipient, we rely on appropriate legal safeguards where required. You may request information about relevant safeguards by contacting privacy@residovo.com.

10. DATA RETENTION

Account Data: Life of account plus a reasonable period after closure for disputes and compliance.

Financial Records: As required by applicable tax and AML laws (typically 7-10 years).

Security Logs: Limited period reasonably necessary for security and audit needs.

Marketing Data: Until consent withdrawn or as needed to respect opt-out choices.

When retention is no longer necessary, we delete, anonymize, or irreversibly de-identify personal data.

11. SECURITY MEASURES

We use reasonable and appropriate technical and organizational measures to protect personal data against unauthorized access, disclosure, alteration, loss, and destruction. These measures are appropriate to the nature of the data and risks involved. No system can be guaranteed completely secure.

12. DATA BREACH NOTIFICATION

In the event of a personal data breach likely to result in risk to your rights and freedoms, we will notify relevant supervisory authorities within the timeframes required by applicable law (72 hours under GDPR). If the breach poses high risk to you, we will notify you directly without undue delay.

13. YOUR RIGHTS AS A DATA SUBJECT

Depending on your jurisdiction and the circumstances of the processing, and subject to applicable conditions, limitations, and exemptions, you may have the following rights:

• Access: Request a copy of your personal data

• Rectification: Correct inaccurate or incomplete data

• Erasure: Request deletion of your data

• Restriction: Halt processing while disputes are resolved

• Portability: Receive data in machine-readable format

• Object: Object to processing for direct marketing or legitimate interests

• Withdraw Consent: At any time where processing is based on consent

• Automated Decisions: Not be subject to solely automated decisions with legal effects

Response Time: We will respond to valid requests within the timeframes required by applicable law (typically 30 days). Complex requests may be extended with notice.

How to Exercise Rights: Email privacy@residovo.com

14. ADDITIONAL INFORMATION FOR CALIFORNIA RESIDENTS

If the California Consumer Privacy Act (CCPA) or California Privacy Rights Act (CPRA) applies to our processing of your personal information, you may have additional rights including the right to know, delete, correct, and opt out of certain data sharing. We do not sell personal information for monetary consideration.

To the extent any data sharing with analytics or advertising partners could constitute a "sale" or "share" under California law, you may opt out by contacting privacy@residovo.com or, if applicable, through any opt-out mechanism we make available on our website.

15. CHILDREN'S PRIVACY

The Platform is not intended for children. We do NOT knowingly collect personal data from anyone under 18 (or the applicable age of majority). If we become aware of inadvertent collection from a minor, we will delete such data promptly.

16. COMPLAINTS AND SUPERVISORY AUTHORITIES

If you believe we have not adequately addressed your privacy concerns, you may have the right to lodge a complaint with a supervisory authority in your jurisdiction, such as:

UAE: The competent authority under the UAE PDPL

EU: Data Protection Authority of your Member State

UK: Information Commissioner's Office (ICO)

17. CHANGES TO THIS NOTICE

We may update this Notice from time to time. Material changes will be communicated via email or prominent Platform notice before taking effect. The "Effective Date" indicates the latest revision.

18. CONTACT INFORMATION

REVLAB CONSULTING - FZCO

IFZA Business Park, A1, DDP, Dubai Silicon Oasis, Dubai, UAE

 

Privacy Inquiries: privacy@residovo.com

Legal Department: legal@residovo.com

 

END OF PRIVACY NOTICE