How Revelo Is Regulated and How We Handle Your Data
Revelo operates as a fully managed AI commercial intelligence service. We connect to your business data, analyse it, and surface findings, we do not provide legal, financial, tax, or regulatory advice. This distinction matters, and it shapes every element of how we are structured and how we handle the data you trust us with..
Our Regulatory Position
Revelo is registered with the Information Commissioner's Office (ICO) under the UK GDPR as a data processor. ICO registration is a legal requirement for any organisation that processes personal data on behalf of others, and we maintain this registration as a condition of operating.
Revelo does not require FCA authorisation, SRA regulation, or any sector-specific licence. This is because the platform automates workflow intelligence and commercial analysis — it does not provide regulated financial advice, legal counsel, or compliance sign-off. Every finding Revelo surfaces is presented as a commercial observation requiring human review and decision-making. The judgement always sits with you.
If you operate in a regulated sector, financial services, legal, healthcare, Revelo can serve your business. We do so within clearly defined boundaries and with the appropriate contractual protections in place before any data access begins.
How We Access and Use Your Data
When you onboard with Revelo, we request read-only access to the specific data sources required by your active modules. We do not write to, alter, or delete data in any system we connect to. We do not store your client data beyond what is necessary to generate your weekly intelligence output.
The data sources we typically connect to include:
-
Your CRM (HubSpot or equivalent) — deal stage history, contact activity, pipeline data
-
Your accounting software (Xero or QuickBooks) — invoice status, payment dates, supplier payments
-
Your project or operational management tools (ClickUp, Asana, Monday.com) — time logs and task data where relevant to scope creep detection
-
Your communication and email platform — engagement signals for churn risk monitoring
Each connection is established during onboarding and documented in your Data Processing Agreement. No connection is made without your explicit written consent.
Your Data Processing Agreement
Before any data access begins, every Revelo client signs a Data Processing Agreement (DPA) that sets out:
-
Exactly what data we access, and why
-
How long that data is retained and in what format
-
Your rights as a data controller
-
Our obligations as a data processor under UK GDPR
-
The technical and organisational measures we use to protect your data
-
Conditions under which access can be revoked immediately
Your DPA is a legally binding document reviewed before signature. We do not commence configuration until it is in place.
UK GDPR — Your Rights and Ours
Under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, Revelo acts as a data processor on your behalf. You remain the data controller at all times. This means:
-
You retain full ownership of and responsibility for your client and operational data
-
Revelo processes that data only for the purposes defined in your DPA
-
You have the right to request access to, correction of, or deletion of any data we hold
-
You have the right to withdraw consent and terminate data access at any time
-
Any data breach affecting your information will be reported to you within 72 hours in line with our legal obligations under UK GDPR Article 33
Revelo does not sell, share, license, or transfer your data to any third party for any purpose beyond delivering your contracted service. Your data is never used to train AI models or to inform outputs for any other client.
Data Isolation and Security
Every client operates within a fully isolated configuration. Your data is stored in a dedicated environment — separate from all other clients — and is accessible only to authorised Revelo personnel under strict internal access controls. Clients cannot see each other's data under any circumstances.
All data in transit is encrypted. All third-party tools used within the Revelo platform — including Make.com, Airtable, Postmark, and the Claude API — are selected in part for their compliance posture and data residency commitments. UK and EU data residency is maintained wherever technically available.
Important Limitation
Revelo surfaces commercial intelligence. Every finding in your weekly Revenue Intelligence Briefing is an analytical observation — not a legal instruction, not a financial recommendation, and not a compliance determination. Findings should be reviewed by a qualified professional before acting where the matter is material, regulated, or legally sensitive.
This service does not substitute for a qualified compliance officer, financial adviser, solicitor, or accountant.
