Privacy Policy
Effective Date: January 9, 2026 | Last Updated: January 9, 2026
This Privacy Policy describes how Appuix, Inc., doing business as RevMine ("RevMine," "Company," "we," "us," or "our"), collects, uses, discloses, and protects your personal information when you visit our website at revmine.ai or use our token economy platform and related services (collectively, the "Services").
Company Information:
Appuix, Inc.
Tampa, Florida, USA
Email: privacy@revmine.ai
Table of Contents
- Information We Collect
- How We Use Your Information
- Legal Basis for Processing (GDPR)
- Data Sharing and Disclosure
- HIPAA Compliance
- International Data Transfers
- Data Retention
- Your Privacy Rights
- GDPR Rights (EU/EEA/UK)
- CCPA Rights (California)
- Cookies and Tracking
- Email and SMS Communications
- Data Security
- Children's Privacy
- Changes to This Policy
- Contact Us
1. Information We Collect
1.1 Information You Provide Directly
We collect information you voluntarily provide when you:
- Create an Account: Name, email address, phone number, company name, job title
- Subscribe to Communications: Email address, phone number (for SMS), communication preferences
- Use Our Services: Token configuration settings, business information, integration credentials
- Contact Us: Name, email, phone number, message content, support ticket information
- Make Payments: Billing address, payment method details (processed securely by Stripe)
1.2 Information Collected Automatically
When you access our Services, we automatically collect:
- Device Information: IP address, browser type and version, operating system, device identifiers
- Usage Data: Pages visited, features used, click patterns, time spent, referring URLs
- Location Data: Approximate location based on IP address (country/region level)
- Cookies and Similar Technologies: See Section 11 for details
1.3 Information from Third Parties
We may receive information from:
- Authentication providers (when you sign in via Auth1)
- Payment processors (transaction confirmations from Stripe)
- Marketing partners (with your consent)
- Publicly available sources
1.4 Information About Your End Users (Token Holders)
When you use RevMine to manage your token economy, we process data about your customers on your behalf as a data processor. This may include:
- User identifiers you provide
- Token balances and transaction history
- Engagement and activity data
- Referral relationships
2. How We Use Your Information
| Purpose | Data Used | Legal Basis |
|---|---|---|
| Provide and maintain Services | Account info, usage data | Contract performance |
| Process payments and billing | Billing information | Contract performance |
| Send service communications | Email, phone number | Contract performance |
| Send marketing communications | Email, phone (with consent) | Consent |
| Improve our Services | Usage data (anonymized) | Legitimate interest |
| Prevent fraud and abuse | Device info, IP address | Legitimate interest |
| Comply with legal obligations | As required | Legal obligation |
| Respond to inquiries | Contact information | Legitimate interest |
3. Legal Basis for Processing (GDPR)
For EU/EEA/UK Residents
Under the General Data Protection Regulation (GDPR), we process your personal data based on the following legal grounds:
- Contract Performance: Processing necessary to provide our Services to you
- Consent: Where you have given explicit consent (e.g., marketing communications)
- Legitimate Interests: Where processing is necessary for our legitimate business interests, provided these don't override your rights
- Legal Obligation: Where we must comply with a legal requirement
You may withdraw consent at any time by contacting us or using the unsubscribe mechanisms provided.
4. Data Sharing and Disclosure
We do not sell your personal information.
We may share your information with:
Service Providers
Third parties who perform services on our behalf, bound by data processing agreements:
- Amazon Web Services (AWS) - Cloud infrastructure (US)
- Stripe - Payment processing (US)
- Cloudflare - CDN, security, DDoS protection (US)
- Auth1 - Authentication services (US)
- Twilio - SMS communications (US)
- SendGrid/AWS SES - Email delivery (US)
- PostHog - Product analytics (EU)
Legal Requirements
We may disclose information when required by law, court order, or governmental authority, or to:
- Comply with legal process
- Protect our rights, privacy, safety, or property
- Enforce our terms of service
- Respond to claims of content violation
Business Transfers
In the event of a merger, acquisition, or sale of assets, your information may be transferred. We will notify you of any such change.
5. HIPAA Compliance
Healthcare Industry Customers
RevMine is designed to be HIPAA-ready for customers in the healthcare industry. If you are a Covered Entity or Business Associate under HIPAA:
- We will enter into a Business Associate Agreement (BAA) upon request
- We implement appropriate administrative, physical, and technical safeguards
- We maintain audit logs of access to Protected Health Information (PHI)
- We encrypt PHI in transit (TLS 1.3) and at rest (AES-256)
- We restrict access to PHI to authorized personnel only
- We will notify you of any breach involving PHI within 24 hours of discovery
Important: To use RevMine for PHI processing, you must contact us to execute a BAA: compliance@revmine.ai
Without a BAA in place, you should not use our Services to process, store, or transmit PHI.
5.1 HIPAA Safeguards We Implement
- Administrative Safeguards: Employee training, access management policies, incident response procedures
- Physical Safeguards: Secure data centers (AWS SOC 2 certified), physical access controls
- Technical Safeguards: Encryption, access controls, audit logging, automatic session timeout
6. International Data Transfers
Appuix, Inc. is headquartered in Tampa, Florida, USA. If you are accessing our Services from outside the United States, your information will be transferred to, stored, and processed in the US.
6.1 EU/EEA/UK Transfers
For transfers of personal data from the EU/EEA/UK to the US, we rely on:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Data Processing Agreements with all sub-processors
- Supplementary measures including encryption and access controls
You may request a copy of the SCCs by contacting privacy@revmine.ai.
7. Data Retention
We retain your personal data for as long as necessary to fulfill the purposes described in this policy:
| Data Type | Retention Period |
|---|---|
| Account information | Duration of account + 30 days |
| Billing records | 7 years (legal requirement) |
| Token transaction data | Duration of account + 90 days (then anonymized) |
| Usage analytics | 24 months (anonymized) |
| Support communications | 3 years |
| Marketing consent records | Duration of consent + 3 years |
| Backup data | 90 days after primary deletion |
8. Your Privacy Rights
Depending on your location, you have the following rights regarding your personal data:
- Access: Request a copy of the personal data we hold about you
- Correction: Request correction of inaccurate or incomplete data
- Deletion: Request deletion of your personal data
- Portability: Receive your data in a structured, machine-readable format
- Restriction: Request we limit processing of your data
- Objection: Object to processing based on legitimate interests
- Withdraw Consent: Withdraw consent at any time (without affecting prior processing)
To exercise these rights, contact us at privacy@revmine.ai. We will respond within 30 days (or sooner as required by law).
9. GDPR Rights (EU/EEA/UK Residents)
Additional Rights Under GDPR
If you are in the European Economic Area, United Kingdom, or Switzerland, you have additional rights:
- Right to be Informed: Receive clear information about how we process your data (this policy)
- Right to Erasure ("Right to be Forgotten"): Request deletion under certain circumstances
- Right to Restrict Processing: Limit how we use your data while disputes are resolved
- Right to Data Portability: Receive your data in a commonly used format
- Right to Object: Object to processing based on legitimate interests or direct marketing
- Rights Related to Automated Decision-Making: Not be subject to decisions based solely on automated processing
Supervisory Authority: You have the right to lodge a complaint with your local data protection authority.
EU Representative: For GDPR inquiries, contact: gdpr@revmine.ai
10. CCPA Rights (California Residents)
Under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), California residents have specific rights:
- Right to Know: Request disclosure of personal information collected, used, and shared
- Right to Delete: Request deletion of personal information
- Right to Correct: Request correction of inaccurate information
- Right to Opt-Out of Sale/Sharing: We do not sell personal information
- Right to Limit Use of Sensitive Information: Limit use of sensitive personal information
- Right to Non-Discrimination: Not be discriminated against for exercising these rights
Categories of Personal Information Collected: Identifiers, commercial information, internet activity, geolocation, professional information.
To Submit a Request: Email privacy@revmine.ai or call 1-800-XXX-XXXX. We will verify your identity before processing requests.
11. Cookies and Tracking Technologies
We use cookies and similar technologies to enhance your experience. See our Cookie Policy for complete details.
11.1 Types of Cookies
- Essential Cookies: Required for site functionality (always active)
- Analytics Cookies: Help us understand usage patterns (optional)
- Marketing Cookies: Used for advertising (requires consent)
11.2 Managing Cookies
You can manage your cookie preferences through:
- Our cookie consent banner (appears on first visit)
- The "Cookie Settings" link in our footer
- Your browser settings
11.3 Do Not Track
We honor Do Not Track (DNT) browser signals. When DNT is enabled, we disable non-essential tracking.
12. Email and SMS Communications
Your Communication Preferences
We respect your communication preferences and comply with CAN-SPAM, TCPA, and GDPR requirements.
12.1 Types of Communications
- Transactional: Account confirmations, security alerts, billing notices (required for service)
- Service Updates: Product updates, maintenance notices, policy changes
- Marketing (Email): Newsletters, promotions, tips (requires opt-in)
- Marketing (SMS): Text messages about offers, updates (requires explicit opt-in)
12.2 Opt-In Requirements
Email Marketing: We only send marketing emails if you have explicitly opted in via checkbox consent.
SMS Marketing: We only send SMS messages if you have provided your phone number AND checked the SMS consent box. Standard message and data rates may apply. Message frequency varies.
12.3 Opt-Out
- Email: Click "Unsubscribe" in any marketing email, or email unsubscribe@revmine.ai
- SMS: Reply STOP to any message, or email unsubscribe@revmine.ai
We process opt-out requests within 10 business days.
13. Data Security
We implement industry-standard security measures to protect your data:
13.1 Technical Measures
- Encryption in transit (TLS 1.3)
- Encryption at rest (AES-256)
- Web Application Firewall (WAF)
- DDoS protection (Cloudflare)
- Regular penetration testing
- Vulnerability scanning
13.2 Organizational Measures
- SOC 2 Type II certified infrastructure
- Employee background checks
- Security awareness training
- Role-based access controls
- Multi-factor authentication for all admin access
- Incident response procedures
13.3 Breach Notification
In the event of a data breach affecting your personal information, we will notify:
- Affected individuals within 72 hours (GDPR) or as required by law
- Relevant supervisory authorities as required
- For HIPAA customers with a BAA: within 24 hours of discovery
Report security concerns to: security@revmine.ai
14. Children's Privacy
Our Services are not intended for individuals under 16 years of age. We do not knowingly collect personal information from children under 16. If you believe we have collected information from a child under 16, please contact us immediately at privacy@revmine.ai and we will delete such information.
15. Changes to This Privacy Policy
We may update this Privacy Policy periodically. When we make material changes:
- We will update the "Last Updated" date at the top
- We will notify you via email at least 30 days before changes take effect
- We will display a prominent notice on our website
- For significant changes, we may require you to re-acknowledge the policy
Your continued use of our Services after changes take effect constitutes acceptance of the updated policy.
16. Contact Us
For questions, concerns, or to exercise your privacy rights:
Appuix, Inc. (dba RevMine)
Privacy Team
Tampa, Florida, USA
General Privacy Inquiries: privacy@revmine.ai
GDPR Inquiries: gdpr@revmine.ai
HIPAA/Compliance: compliance@revmine.ai
Security Issues: security@revmine.ai
General Contact: eb@appuix.xyz
We aim to respond to all inquiries within 5 business days.