Privacy Policy

REVERIE is a creative-design marketplace operated by Inevara Pty Ltd (ABN [TBD — confirm with Inevara Pty Ltd before public launch]), a company incorporated in Australia (“Inevara”, “we”, “us”, or “our”). REVERIE is one of the SINGULARITY family of marketplace platforms operated by Inevara.

This Privacy Policy explains how we collect, use, disclose, store, and protect your personal information when you use the REVERIE platform, accessible at app.reverie.design and associated applications (collectively, the “Platform”).

We are bound by the Privacy Act 1988 (Cth) and the Australian Privacy Principles (“APPs”). For users in the European Economic Area or United Kingdom, additional rights under the GDPR and UK GDPR may apply as described in Section 12 below.

By creating an account or using the Platform you acknowledge you have read this Policy. If you do not agree, please do not use the Platform.

2.1 Account information

When you register for a REVERIE account, we collect:

• Full name and display name
• Email address
• Password (stored as a salted cryptographic hash — never in plain text)
• Mobile phone number (optional)

2.2 Consumer profile and project preferences

To enable our AI-powered creative matching service, we collect:

• Project type (interior design, architecture, photography, etc.)
• Style preferences and aesthetic keywords
• Project brief and description
• Budget range and project timeline

2.3 Creative provider profile information

If you register as a creative professional, we also collect:

• Business name and ABN or ACN (where applicable)
• Professional credentials and licence details
• Portfolio images and project examples
• Service offerings, pricing, and service areas
• Bank account details for payment disbursement (held by our payment processor)

2.4 Project and transaction records

For every project created through the Platform, we record:

• Project brief, milestones, and deliverables
• Consumer and provider identifiers
• Project status history
• Payment metadata (amount, currency, transaction reference, partial card details)

2.5 Device and analytics data

When you use the Platform, we automatically collect technical information including IP address, browser type, device identifiers (anonymised), pages visited, and session identifiers (stored in secure HTTP-only cookies). We use this data for security monitoring, fraud detection, and aggregate analytics. We do not sell this data to third-party advertisers.

We use personal information only for the purposes set out below:

We do not sell your personal information. We disclose it only in the following circumstances:

4.1 With creative professionals upon project creation

When you create a project and engage a creative professional, we share your name, contact information, project brief, and preferences with the provider.

4.2 Payment processors

Payments are processed by Stripe and/or Paddle. We do not store full card numbers on our infrastructure.

4.3 Infrastructure and hosting providers

We host the Platform on Amazon Web Services (AWS) in the Sydney region (ap-southeast-2). Inevara has data processing agreements in place with AWS.

4.4 Legal and regulatory requirements

We may disclose personal information if required by law, court order, or regulatory direction, or where necessary to prevent harm or investigate suspected illegal activity.

• Account and profile data: retained for the life of your account plus 24 months after closure.
• Project and transaction records: retained for 7 years from the date of the transaction, as required by Australian taxation law.
• Device and analytics logs: retained for 13 months in identifiable form, then aggregated and de-identified.

• TLS 1.2+ encryption for all data in transit
• AES-256 encryption at rest for sensitive fields and stored files
• Passwords stored using cryptographic hashing (never in plain text)
• Role-based access controls
• Multi-factor authentication required for administrative access
• Data stored in AWS ap-southeast-2 (Sydney) — Australian soil

If you believe your account has been compromised, please contact us immediately at [email protected].

• Essential cookies: Maintain your session and authentication state. These cannot be disabled.
• Preference cookies: Remember your settings and search filters.
• Analytics cookies: Help us understand how the Platform is used so we can improve it. Used with your consent where required by law.

The Platform is not directed at individuals under the age of 18. We do not knowingly collect personal information from anyone under 18. If you believe we have inadvertently collected information from a minor, please contact us at [email protected].

• Access: You can request a copy of the personal information we hold about you. We will respond within 30 days.
• Correction: You can update most information directly in your account settings.
• Deletion: You may request deletion of your account and associated personal information, subject to retention obligations in Section 5.
• Withdrawal of consent: Where we rely on consent, you may withdraw it at any time by adjusting your notification preferences in account settings.
• Complaint to a regulator: You may lodge a complaint with the Office of the Australian Information Commissioner (OAIC). We encourage you to contact us first.

Our primary infrastructure is located in Australia. Some service providers are based overseas, including the United States. We take steps to ensure transferred data receives adequate protection, including contractual data processing agreements and use of SOC 2 Type II certified providers.

If you are in the European Economic Area or the United Kingdom, you have additional rights under the GDPR and UK GDPR, including the right to data portability, restriction, objection, and to lodge a complaint with your local supervisory authority.

If you have any questions about this Privacy Policy or wish to exercise your privacy rights, please contact our Privacy Officer:

We may update this Privacy Policy from time to time. When we make a material change, we will notify you by email and display a prominent notice on the Platform at least 14 days before the changes take effect.