Privacy Policy
Last updated: April 7, 2026
This Privacy Policy explains how Ravinaro ("we", "us", or "our") collects, uses, stores, and protects your personal information when you use our website and services.
We are committed to protecting your privacy and being transparent about our data practices. This policy applies to all information collected through our website at ravinaro.com, our service booking platform, and any related communications.
Information We Collect
We collect different types of information depending on how you interact with our website and services.
Information You Provide
When you fill out forms on our website, book a service, or contact us, you may provide:
- Contact information: name, email address, phone number, and country
- Business information: company name, registration number, billing address, role title, and website
- Project details: service preferences, scope descriptions, timelines, and budget ranges
- Files: documents you upload through our forms (e.g., project briefs, PDFs)
- Communication preferences: preferred contact method and time
- Newsletter subscription: email address
Account Information
When you create an account or sign in, we collect:
- Google OAuth: email address, name, and profile photo (when you sign in with Google)
- Email and password: when you register directly on our platform
- Phone number: when you verify your identity via SMS one-time password (OTP)
- Verification status: whether your email and phone number have been verified
Payment Information
When you make a payment, your payment is processed securely by Stripe. We do not store your credit card number, CVV, or full payment method details on our servers. We do store:
- Transaction references: Stripe session ID and payment intent ID
- Payment details: amount, currency, and payment status
- Voucher codes: if you apply a discount code
Automatically Collected Information
When you visit our website, we automatically collect certain information for security, fraud prevention, and analytics purposes:
- Device fingerprint: a one-way hash generated from your browser characteristics (user agent, language, connection type). This hash cannot be reversed to identify you personally
- IP address hash: a one-way hash of your IP address, used for fraud detection. We do not store your raw IP address
- Analytics data: pages visited, session duration, referring pages, device type, browser type, and approximate geographic location (via Google Analytics)
- Browser storage: language and locale preferences stored in your browser (localStorage and cookies)
How We Use Your Information
We use the information we collect for the following purposes:
- Service delivery: to process your bookings, manage your projects, and provide the services you request
- Communication: to send you booking confirmations, project updates, payment receipts, and respond to your inquiries
- Account management: to create and manage your account, verify your identity, and maintain your dashboard
- Security and fraud prevention: to protect our platform from fraudulent activity using device fingerprinting and reCAPTCHA verification
- Analytics and improvement: to understand how visitors use our website and improve our services, content, and user experience
- Legal compliance: to comply with applicable laws, regulations, and legal processes
- Marketing: to send you our newsletter if you have opted in (you can unsubscribe at any time)
Google Analytics
We use Google Analytics 4 (GA4) to understand how visitors interact with our website. GA4 collects information such as:
- Pages you visit and how long you spend on them
- How you arrived at our website (referral source, search terms)
- Device and browser information (type, screen resolution, operating system)
- Approximate geographic location (country, city — derived from IP address, which is then anonymized)
- Interactions with our website (clicks, scrolls, form submissions)
GA4 sets the following cookies on your device:
_ga: Distinguishes unique visitors. Duration: 2 years
_ga_[ID]: Maintains session state. Duration: 2 years
You can opt out of Google Analytics by:
- Using our cookie consent banner to decline analytics cookies
- Installing the Google Analytics Opt-out Browser Add-on
- Configuring your browser to block third-party cookies
For more information, see Google's Privacy Policy.
Third-Party Services
We use the following third-party services to operate our website and deliver our services. Each service may process your data according to their own privacy policies.
Firebase (Google)
We use Firebase for user authentication, database storage, and file storage. Firebase processes your account information, booking data, and uploaded files. Firebase is operated by Google and data is stored on Google Cloud infrastructure. Google Privacy Policy.
Stripe (Payment Processing)
When you make a payment, you are redirected to Stripe's secure checkout page. Stripe processes your payment method details directly — we never see or store your full card information. Stripe may set cookies on their domain to process your payment securely. Stripe Privacy Policy.
Google reCAPTCHA
We use Google reCAPTCHA v3 to protect our forms from spam and abuse. reCAPTCHA analyzes your interaction with our site (such as mouse movements and browsing patterns) to determine if you are a human visitor. This analysis happens in the background without requiring you to solve a challenge. Google reCAPTCHA Privacy.
Resend (Email Service)
We use Resend to send transactional emails such as booking confirmations, payment receipts, project updates, and newsletter communications. Resend processes your email address and name to deliver these emails. Resend Privacy Policy.
Google Business Profile
We display customer reviews from Google Business Profile on our website. This may include the reviewer's name, profile photo, and review content as made publicly available through Google.
Google Analytics
We use Google Analytics 4 to analyze website traffic and usage patterns. See the Google Analytics section above for full details. Google Privacy Policy.
Data Storage & Security
We take the security of your data seriously and implement appropriate measures to protect it.
- Infrastructure: your data is stored on Google Cloud (Firebase) infrastructure, which provides enterprise-grade security, encryption at rest, and encryption in transit
- Data hashing: sensitive identifiers such as IP addresses, user agents, and device fingerprints are stored as one-way SHA-256 hashes — they cannot be reversed to reveal the original data
- Authentication security: passwords are handled by Firebase Authentication and are never stored in plaintext. We support secure sign-in via Google OAuth and phone OTP verification
- Payment security: all payments are processed through Stripe's PCI DSS Level 1 certified platform. We never store your full payment card details
- Audit logging: we maintain audit logs of significant account and booking events for security monitoring and fraud prevention. These logs contain hashed identifiers, not raw personal data
- Access controls: access to personal data is restricted to authorized personnel who need it to provide our services
Data Retention
We retain your personal data only for as long as necessary to fulfill the purposes described in this policy, or as required by law.
Account data: retained for the duration of your account. You can request deletion of your account at any time
Booking and project records: retained for the duration of the service engagement plus a reasonable period for follow-up, invoicing, and legal compliance (typically up to 7 years for financial records)
Audit logs: retained for security and fraud prevention purposes, typically for up to 3 years
Analytics data: Google Analytics data is retained according to our GA4 configuration settings (default: 14 months)
Newsletter subscription: your email is retained until you unsubscribe
Cookies and browser storage: see our Cookies Policy for specific durations
Your Rights
Depending on your location, you may have the following rights regarding your personal data under applicable data protection laws (including the GDPR and similar regulations):
- Right of access: you can request a copy of the personal data we hold about you
- Right to rectification: you can ask us to correct inaccurate or incomplete data
- Right to erasure: you can ask us to delete your personal data, subject to legal retention requirements
- Right to restriction: you can ask us to limit how we process your data in certain circumstances
- Right to data portability: you can request your data in a structured, machine-readable format
- Right to object: you can object to our processing of your data for certain purposes, including direct marketing
- Right to withdraw consent: where processing is based on your consent, you can withdraw it at any time without affecting the lawfulness of prior processing
To exercise any of these rights, please contact us at privacy@ravinaro.com.
We will respond to your request within 30 days. If we need more time, we will inform you of the reason and extension period.
You also have the right to lodge a complaint with your local data protection authority if you believe we have not handled your data in accordance with applicable laws.
International Data Transfers
Our third-party service providers (including Google/Firebase, Stripe, and Resend) operate globally and may process your data in countries outside your country of residence. These providers implement appropriate safeguards for international data transfers, including Standard Contractual Clauses (SCCs) and other mechanisms approved under applicable data protection laws.
By using our services, you acknowledge that your data may be transferred to and processed in countries with different data protection laws than your own.
Children's Privacy
Our website and services are not directed at individuals under the age of 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us at privacy@ravinaro.com and we will promptly delete it.
Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, services, or applicable laws. When we make changes, we will update the "Last updated" date at the top of this page.
For significant changes, we may also notify you by email or through a notice on our website. We encourage you to review this policy periodically.
Contact Us
If you have any questions about this Privacy Policy or our data practices, please contact us:
Privacy inquiries: privacy@ravinaro.com
General inquiries: info@ravinaro.com
You can also reach us through our contact page.
For related information, please also review our Cookies Policy & Terms & Conditions.