Privacy Policy
Last updated: 14 June 2026
This Privacy Policy explains how Jelly Bean Jar Pty Ltd (ABN 15 653 300 862) (“Revizly”, “we”, “us”) collects, uses, shares, and protects personal data when you use our
websites, dashboards, APIs, and image and media processing and delivery services (the “Service”), offered under the “Revizly” and “Scalepix” brands at scalepix.xyz, our
content-delivery domains (including scalepixxyz.com), the revizly.io account dashboard, and related
domains. For personal data we process about you, the data controller is Jelly Bean Jar Pty Ltd (ABN 15 653 300 862).
Where you use the Service to process images and media that you supply or source, you are generally the controller of that material and we act as your processor, handling it on your behalf and on your instructions as described in these terms and any applicable data processing agreement.
1. Information We Collect
Account and sign-in information
When you create an account or sign in — including via a third-party identity provider such as Google — we collect your name, email address, profile identifier, and (for organizations) company and role information. If you sign in with Google, we receive basic profile information from your Google Account as described in “Google User Data” below.
Billing information
We collect billing contact details and records of your plan, usage, and charges. Payment card details are collected and processed by our payment processor (for example, Stripe); we do not store full card numbers.
Configuration and content
We collect the source configurations, origin URLs, access keys, signing keys, custom domains, and other settings you provide, and we process the images and media (“Content”) that you upload or that the Service retrieves from origins you designate, in order to transform, optimize, cache, and deliver them.
Usage, log, and technical data
We automatically collect technical and usage data, including request URLs and parameters, IP address, user agent, timestamps, response and error codes, bandwidth and pixel volumes, performance metrics, and similar log data, to operate, secure, meter, and improve the Service.
Cookies and similar technologies
We use strictly necessary cookies and similar technologies to keep you signed in and to operate the Service, and we may use limited analytics to understand usage. See “Cookies” below.
2. Google User Data
If you choose to sign in with Google, we request access only to your basic Google Account profile information — your name, email address, and profile/account identifier — for the purpose of creating and authenticating your account and associating it with your organization. We use this information solely to provide and secure the Service.
Our use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. We do not use Google user data for advertising, we do not sell it, and we do not transfer or disclose it except as necessary to provide or improve the Service, to comply with applicable law, or as part of a merger or acquisition with appropriate notice. You can revoke our access at any time in your Google Account permissions.
3. How We Use Information
- to provide, operate, maintain, secure, and improve the Service;
- to authenticate you, manage your account, and provide support;
- to process Content into transformed and optimized images and media and deliver them;
- to meter usage and bill you, and to detect and prevent fraud, abuse, and security incidents;
- to communicate with you about the Service, including service, security, and billing notices;
- to comply with legal obligations and enforce our terms.
4. Legal Bases (EEA/UK)
Where the GDPR or UK GDPR applies, we rely on the following legal bases: performance of a contract (to provide the Service you request); our legitimate interests (to secure, improve, and operate the Service, and to prevent abuse); compliance with legal obligations; and your consent where required (for example, certain cookies). You may withdraw consent at any time without affecting prior processing.
5. How We Share Information
We do not sell your personal data. We share information only as follows:
- Service providers / subprocessors who process data on our behalf to run the Service, such as cloud infrastructure and content delivery (e.g., Cloudflare), compute and hosting (e.g., DigitalOcean), object storage and serverless processing (e.g., Amazon Web Services), identity (e.g., Google), and payments (e.g., Stripe). These providers are bound by confidentiality and data-protection obligations.
- Origins you configure, to retrieve the Content you ask us to process and deliver.
- Legal and safety: where required by law, regulation, legal process, or governmental request, or to protect the rights, property, or safety of Revizly, our users, or others.
- Business transfers: in connection with a merger, acquisition, financing, or sale of assets, subject to this Policy.
6. International Transfers
We and our subprocessors may process data in countries other than your own, including via globally distributed infrastructure. Where required, we use appropriate safeguards for international transfers, such as the European Commission’s Standard Contractual Clauses or equivalent mechanisms.
7. Data Retention and Deletion
We retain personal data for as long as your account is active and as needed to provide the Service, and thereafter as necessary to comply with legal obligations, resolve disputes, and enforce our agreements. Cached and processed Content is transient and may be evicted or deleted at any time. When your account is closed, suspended, or terminated, we may delete your Content and account data, subject to limited retention required by law or for legitimate business records. You are responsible for exporting anything you wish to keep.
8. Security
We use technical and organizational measures designed to protect personal data, including encryption in transit, access controls, and the option to encrypt sensitive source secrets. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.
9. Your Rights
Depending on where you live, you may have rights to access, correct, delete, port, or restrict the processing of your personal data, to object to certain processing, and to withdraw consent. If you are in California, you have rights under the CCPA/CPRA, including the right to know, delete, and correct personal information and to opt out of “sale” or “sharing” (we do not sell or share personal information as those terms are defined). To exercise any right, contact us at [email protected]. We will respond as required by applicable law and will not discriminate against you for exercising your rights. You may also have the right to lodge a complaint with your local data-protection authority.
10. Cookies
We use strictly necessary cookies to authenticate you and operate the Service, and we may use limited, privacy-respecting analytics. You can control cookies through your browser settings; disabling strictly necessary cookies may prevent the Service from functioning.
11. Children
The Service is not directed to children, and we do not knowingly collect personal data from anyone under the age of 16 (or the age required by your local law). If you believe a child has provided us personal data, contact us and we will delete it.
12. Third-Party Links and Services
The Service may link to or rely on third-party websites and services that have their own privacy practices. We are not responsible for those practices, and we encourage you to review their policies.
13. Changes to This Policy
We may update this Policy from time to time. If we make material changes, we will take reasonable steps to notify you, for example by posting the updated Policy with a new “Last updated” date or by notice through the Service. Your continued use of the Service after changes take effect constitutes acceptance of the updated Policy.
14. Contact
Privacy questions or requests: [email protected]. Jelly Bean Jar Pty Ltd (ABN 15 653 300 862).