Data Processing
Effective Date: 01 April 2026
Last Updated: 14 May 2026
This page explains how Re-venue processes personal data on behalf of our clients, including the categories of data we handle, the third-party subprocessors we engage, the security measures we maintain, and how we handle data retention and international transfers. It supplements our Privacy Policy and the Data Processing Agreement contained within each client's engagement contract.
Where there is any conflict between this page and the terms of a signed engagement contract, the engagement contract takes precedence.
Roles & Scope
Re-venue acts as a data processor for personal data controlled by our clients. Each client (the venue operator) is the data controller and determines the purposes and means of processing. Re-venue processes personal data solely to deliver the platform services described in the client's engagement contract.
Re-venue acts as an independent data controller for its own legitimate business operations, including platform security, fraud prevention, billing, and anonymised analytics used to improve the Re-venue service.
Data we process
Categories of personal data
| Category | Examples |
| Booking & scheduling data | Booking times, session selections, group sizes, attendance records, cancellation data, waitlist status |
| Transaction data | Transaction amounts, payment status, refund records, booking reference identifiers. Re-venue does not store raw card numbers or payment credentials. |
| Customer identity data | Name, email address, phone number where provided through the booking flow |
| Venue operational data | Session schedules, capacity configurations, pricing structures, venue location data |
| Demand & behavioural data | Historical booking patterns, occupancy rates, demand signals, Demand Index scores, booking velocity |
| Device & usage data | IP addresses, browser type, analytics events from the booking flow |
| Integration data | Data ingested from connected booking platforms (ROLLER, TicketingHub, SevenRooms, Smeetz, BookedIt) via API, including raw booking payloads |
Data subjects
End users (consumers booking experiences or sessions at client venues), client personnel (venue owners, operations managers, revenue teams, administrators), and Re-venue platform users.
Purpose of processing
Re-venue processes personal data to deliver the platform services, including: Demand Index calculation and revenue health scoring, dynamic pricing computation and recommendations, booking flow management and optimisation, capacity management and group size rules, upsell and package recommendations, analytics and performance reporting, and integration with the client's existing booking platforms.
Subprocessors
Re-venue engages the following third-party subprocessors to deliver the platform services. We will notify affected clients at least 30 days before engaging any new subprocessor, in accordance with the terms of each client's engagement contract.
Infrastructure
| Subprocessor | Purpose | Data processed | Location | Transfer mechanism |
| Amazon Web Services, Inc. | Cloud hosting and infrastructure (compute, storage, networking) | All application data including booking records, customer identity data, venue operational data, and platform user accounts | EU (Ireland, eu-west-1), UK (London, eu-west-2) | N/A (processing within UK/EEA) |
Analytics, monitoring and observability
| Subprocessor | Purpose | Data processed | Location | Transfer mechanism |
| Datadog, Inc. | Application performance monitoring, infrastructure monitoring, log management | Booking data, customer names, email addresses, payment references | United States | UK IDTA / EU SCCs |
| PostHog, Inc. | Product analytics, session analytics, feature flags | Booking data, customer behavioural data, anonymised usage events | United States | UK IDTA / EU SCCs |
| Google LLC (Google Analytics) | Web analytics for booking flow performance | Anonymised session and event data only. No personally identifiable data is sent to Google Analytics. | United States | UK IDTA / EU SCCs |
AI & machine learning
Current AI usage
As of the date of this page, Re-venue does not use third-party AI model providers to process client personal data through the platform services. AI tools (including Anthropic Claude) are used for internal software development only and do not receive, process, or have access to client personal data.
If Re-venue introduces a third-party AI subprocessor in future, affected clients will be notified at least 30 days in advance in accordance with their engagement contracts.
Machine learning and automated decision-making
Re-venue's Demand Index operating system uses machine learning models to analyse booking patterns and generate revenue optimisation recommendations. The following applies to this processing:
- Models are trained on historical booking and occupancy data scoped to each individual client's organisation. Client data is not combined across organisations for model training.
- Re-venue retains the right to use anonymised, aggregated booking pattern data (from which no individual customer, venue, or client can be identified) to improve its proprietary algorithms, as set out in each client's engagement contract.
- Where Re-venue uses third-party AI model APIs, no additional training, reinforcement learning, or fine-tuning is performed on those foundation models using client data.
- All automated pricing recommendations, capacity rules, and booking flow interventions can be reviewed, overridden, and configured by authorised client personnel through the Re-venue dashboard. Re-venue does not make fully automated decisions with legal or similarly significant effects on end users without human oversight.
AI transparency
Before the platform goes live for each client, Re-venue discloses in writing which components of the platform services use AI and the function each performs (for example, pricing recommendations, demand forecasting, or booking flow optimisation). Clients are notified of any material changes to the AI components thereafter.
Client-directed integrations
Where a client configures an integration with a third-party booking platform (such as ROLLER, TicketingHub, SevenRooms, Smeetz, or BookedIt), that platform acts as a separate controller or processor under the client's own agreement with that platform. Re-venue processes data received from these platforms solely to perform the platform services.
Re-venue does not act as a subprocessor for the client's payment provider (typically Stripe, Adyen, or similar). Payment data flows between the client and their payment provider directly. Re-venue receives read-only access to transaction values for the purpose of revenue reporting and fee calculation only.
Integration credentials (API keys, OAuth tokens) provided by clients are encrypted at rest and stored separately from application data.
Security measures
Re-venue implements technical and organisational measures appropriate to the risk presented by the processing, including:
- Encryption in transit using TLS 1.2 or higher for all data transmitted between clients, servers, and third-party services.
- Encryption at rest for data stored in cloud databases and storage services.
- Encryption of stored integration credentials (API keys, OAuth tokens) with key material managed separately from the encrypted data.
- Role-based access controls enforced at application and database layers, with least-privilege access for all Re-venue personnel.
- Multi-tenancy isolation ensuring client data is logically separated, with organisation-scoped data access preventing cross-tenant visibility.
- Audit logging for data modifications, configuration changes, and access events.
- Dependency scanning and application error monitoring.
- Rate limiting on API endpoints and request throttling on external API integrations.
All application data is hosted within the UK and EU (AWS London eu-west-2 and Ireland eu-west-1 regions). No client personal data is stored outside the UK/EEA at the infrastructure level.
Clients may request reasonable documentation of Re-venue's security controls, subject to mutual confidentiality obligations. Audit rights are governed by the terms of each client's engagement contract.
Data retention
Re-venue retains personal data for the duration of the platform services agreement. The following retention schedule applies after termination or upon a deletion request.
| Data category | Retention period |
| Active account and booking data | Retained for the duration of the services agreement |
| Granular booking snapshots | Aggregated into daily or weekly summaries after 90 days; granular records deleted after aggregation |
| Historical aggregates and model training data | Retained for up to 3 years to support model accuracy, then anonymised or deleted |
| Audit logs | Retained for up to 7 years to satisfy regulatory and compliance obligations |
| Revenue and transaction records | Retained as required by applicable tax and financial regulations (typically 7 years) |
| Post-termination deletion | Personal data deleted or returned within 30 days of termination or written request, except where retention is required by law or the schedules above. Backups purged on standard rotation cycles not exceeding 90 days. |
International transfers
Re-venue's primary infrastructure is hosted within the UK and EU (AWS London and Ireland regions). Client personal data is not stored outside the UK/EEA at the infrastructure level.
Certain subprocessors (Datadog, PostHog, Google Analytics) process data in the United States for the purposes described in section 3. Where personal data is transferred from the European Economic Area, United Kingdom, or Switzerland to the United States, Re-venue relies on one or more of the following transfer mechanisms:
- UK International Data Transfer Agreement (UK IDTA)
- UK Addendum to the EU Standard Contractual Clauses
- EU Standard Contractual Clauses (SCCs)
The specific transfer mechanism applicable to each subprocessor is listed in the subprocessor tables above. Where a client operates venues in multiple jurisdictions, the data protection obligations in Re-venue's engagement contract extend to the legislation applicable in each jurisdiction where the client's venues use the platform services.
Incident response
Re-venue will notify clients without undue delay, and in any event within 48 hours, upon becoming aware of a confirmed or suspected personal data breach affecting client data. Notification will include, to the extent reasonably available at the time: the nature of the breach, the categories and approximate number of affected data subjects, the anticipated consequences, and the measures taken or proposed to mitigate the impact.
The detailed breach notification mechanics, including escalation procedures and cooperation obligations, are set out in the Data Processing Agreement within each client's engagement contract.
Changes to this page
We update this page from time to time as our subprocessors or data processing practices change. Where we add or replace a subprocessor, we will update this page and notify affected clients at least 30 days before any change takes effect, in accordance with the data processing terms in our engagement contracts.
Clients may object to a new subprocessor on reasonable data protection grounds within the notice period. If the objection cannot be resolved, the client may terminate the agreement in accordance with the terms of their engagement contract.
To receive notifications of changes to this page by email, contact privacy@re-venue.ai.