Legal
Last updated: May 25, 2026
This Cookie Policy explains how reviz.design – operated by Bengi Kirici, Stralauer Platz 37, 10243 Berlin, Germany ("reviz.design", "we", "us", or "our") uses cookies and similar technologies when you visit or use our website, web application, and related services.
Contact: contact@reviz.design
Cookies are small text files that are stored on your device when you visit a website. Similar technologies include pixels, tags, local storage, session storage, and software development kits.
These technologies help websites function, remember preferences, improve performance, analyze usage, and, where applicable, support marketing and advertising.
These cookies are required for the website and Service to function properly.
They may be used for:
Strictly necessary cookies do not require consent because the Service cannot function properly without them.
Legal basis: Art. 6(1)(f) GDPR, legitimate interest in providing a secure and functional service.
We use analytics tools to understand how users interact with our website and Service, improve product performance, detect usability issues, and make better product decisions.
We may use:
Analytics tools may collect information such as:
Product analytics cookies and similar technologies are only used where you have given consent. Error tracking is described separately in section 2.6.
Legal basis: Art. 6(1)(a) GDPR, consent.
We use Google Analytics to measure website traffic and understand how users use reviz.design.
Google Analytics may process:
Where required, Google Analytics is only activated after you consent to analytics cookies through our cookie banner.
Google may process data outside the European Economic Area. Where applicable, appropriate safeguards such as Standard Contractual Clauses may apply.
You can withdraw your consent at any time through our .
We use PostHog for product analytics and to understand how users interact with the Service. PostHog error tracking is described separately in section 2.6.
For product analytics, PostHog may process:
PostHog product analytics is used to understand user flows and improve the user experience. This may include session replay (recording of on-screen activity and interactions).
Where required, PostHog product analytics is only activated after you consent to analytics cookies through our cookie banner.
Legal basis: Art. 6(1)(a) GDPR, consent.
We may use marketing or advertising cookies in the future to measure advertising performance, optimize campaigns, or create remarketing audiences.
These cookies are only used with your consent.
Legal basis: Art. 6(1)(a) GDPR, consent.
We use PostHog error tracking to detect, diagnose, and fix technical errors in the Service. Error tracking captures stack traces, URL, browser metadata, device metadata, and the error message. It is analogous to server logs and is used for service stability and debugging.
For anonymous visitors, PostHog error tracking does not write cookies or local storage on the user's device, and no person profile is created in PostHog. Events are captured anonymously.
For logged-in users who have accepted analytics, or have not yet decided, no PostHog cookies or local storage are written on the user's device until the analytics-consent choice is "accept". However, the account identifier (user.id) is transmitted to PostHog whenever the app loads while logged in, not only when an error occurs, and is attached to error events. As a result, a person profile keyed by that identifier exists in PostHog.
For logged-in users who have explicitly rejected analytics, the account identifier is not transmitted to PostHog from the browser, and client errors are captured anonymously. Server-side errors for these users are still attributed to their account in PostHog through a server-side cascade that reads the Supabase session directly.
Legal basis: Art. 6(1)(f) GDPR, legitimate interest in service stability and account-level debugging.
| Category | Provider | Purpose | Legal Basis | Duration | Consent |
|---|---|---|---|---|---|
| Strictly necessary | reviz.design, Supabase | Authentication, login sessions, account security, and session continuity. | Art. 6(1)(b) and Art. 6(1)(f) GDPR | Session or limited persistent duration, depending on login state. | No |
| Strictly necessary | Stripe | Checkout, payment processing, fraud prevention, billing security, and dispute prevention. | Art. 6(1)(b), Art. 6(1)(c), and Art. 6(1)(f) GDPR | Determined by Stripe and payment/security requirements. | No, when required for checkout/security |
| Security and infrastructure | Cloudflare, Vercel | CDN, caching, DDoS protection, bot protection, performance, deployment, hosting, and network stability. | Art. 6(1)(f) GDPR | Session or limited persistent duration depending on security need. | No, where strictly necessary for security or delivery |
| Analytics | Google Analytics | Website analytics, traffic measurement, usage trends, and product improvement. | Art. 6(1)(a) GDPR | Limited persistent duration according to our analytics settings and Google settings. | Yes, where required |
| Service stability / Error tracking | PostHog | Error diagnostics, stack traces, URL, browser and device metadata, and error messages. | Art. 6(1)(f) GDPR | No local cookies or storage on the user's device pre-consent; server-side state may exist as described in section 2.6. | No. No local cookies/storage on the user's device pre-consent. A server-side PostHog profile keyed by the account identifier is created for logged-in users who have accepted analytics or not yet decided; for users who have rejected analytics, a profile is created only if a server-side error occurs while they are logged in. See section 2.6. |
| Product analytics | PostHog | Product usage events, feature usage, funnels, user flows, and experience improvement. | Art. 6(1)(a) GDPR | Limited persistent duration according to our PostHog configuration. | Yes, where required |
| Email and communications | Resend | Transactional emails, account notices, service emails, and delivery metadata. | Art. 6(1)(b) and Art. 6(1)(f) GDPR | According to email delivery and operational needs. | No for transactional emails |
| Object storage | Cloudflare R2 | Object storage for uploaded images, generated outputs, previews, and temporary processing files. | Art. 6(1)(b) and Art. 6(1)(f) GDPR | For as long as needed to provide the Service, support workflows, or comply with legal obligations. | No, where required to provide requested features |
When you first visit our website, we display a cookie banner that allows you to:
Non-essential cookies, including analytics and marketing cookies, are not activated unless you give consent.
You can change or withdraw your consent at any time via the on our website.
Withdrawing consent does not affect the lawfulness of processing based on consent before withdrawal.
Some cookies or similar technologies may be set by third-party providers we use to operate and improve the Service.
These may include:
These providers may process data according to their own privacy policies and terms.
Cookies may be stored for different periods depending on their purpose.
Session cookies are deleted when you close your browser.
Persistent cookies remain on your device for a limited period or until you delete them.
Analytics and marketing cookies are only stored if you have consented to them.
Authentication, payment, security, and infrastructure cookies or similar technologies may remain for as long as necessary to provide the Service, keep your account secure, complete checkout, prevent abuse, or comply with legal obligations.
You can manage cookies in several ways:
Please note that blocking strictly necessary cookies may affect the functionality of the website or Service.
We may update this Cookie Policy from time to time.
The latest version will always be available on our website.
reviz.design – operated by Bengi Kirici
Stralauer Platz 37
10243 Berlin
Germany
Email: contact@reviz.design