Reveal Acquires Onna

Privacy Policy

The protection of your personal data is important to us. We collect your personal data when you use Reveal Software and when you use our websites. We use that data for marketing, sales, and employment purposes. We also use that data to provide you with software products and professional services. We are committed to the lawful, fair, transparent, accountable, accurate, confidential, and limited collection and processing of your personal data.

What personal data do we collect and why?

The data you provide to us voluntarily

In general, you can visit our Websites without providing any identifying personal data other than the data we collect automatically. There are times, however, when we may need information from you. For example, we may ask for and collect personal data about you, such as your name, address,
email address, phone numbers, and credit card information, when you register for an event, email list, certification, training, or sales contact. We use this information to complete your request and contact you with any issues. Please note that if you do not provide us with personal data, we may not be able to provide you with the products or services that you have requested.

We may ask for and collect personal data when you enter a contest or other promotion; when you subscribe to our marketing communications or newsletters; when you complete surveys; when you participate in a user forum or blog; or when you interact with us at an event. We use the information you provide to help us design and improve our website and our products, and for other purposes that are further described within this policy.

Once you have provided us with your personal data through any of our Websites, we may collect data about your use of the site and your interest in our content. We only track this information as personal data after you have voluntarily submitted your personal data. We may use any of this information to offer and improve our products and services, to provide you with requested information or technical support, to facilitate your movement through our Websites, to improve the advertising and marketing of our products and services, to diagnose problems with our products and services in connection
with our security and compliance programs, to administer our Websites, to communicate with you, to target prospective customers, to offer you a
personalized experience or otherwise tailor our Websites, product and service offerings to you, or as otherwise described in this privacy statement. We
may aggregate and anonymize data received to produce reports on trends and statistics, such as mobile search trends, email open rates by industry, campaign best practices, or the number of users that have been exposed to, or clicked on, our sites or evaluated or purchased our products and services.

Finally, we may also ask for your personal data when you express an interest in employment opportunities by applying through our careers page. The information we collect from you will be made apparent at the time you are submitting your application, and we will use this information only to evaluate your employment candidacy and to comply with our certifications and legal obligations.

The data we collect automatically

Our web server logs collect the domain names and network information of visitors to our Websites automatically (such as IP address or device identifier). This information is used to measure the number of visits, average time spent on our websites, specific pages viewed, and website usage information, to meet legal or regulatory requirements, to improve the content of our sites, and to provide content to our community. This information is not collected in a way that allows identification of any of our visitors. We may, however, collect this information in a way that allows identification of our visitors by using cookies.

How do we use cookies?

Cookies are small files that a site transfers to your computer’s hard drive through your web browser (if you allow) that enables it to recognize your browser and capture and remember certain information. A cookie cannot read data off of your hard drive or read cookie files created by other sites. Cookies may do things like allow you to navigate faster through the site, remember your preferences and passwords, and generally improve the user experience. You can turn off the ability to receive cookies by adjusting your browser settings — please note that if you do so, this may affect the functionality of the website and the information you can access through it.

We use cookies to compile aggregate data about website traffic and interaction so that we can offer better site experiences and content in the future. We use third-party companies, such as Google Analytics, to assist us in understanding our site visitors.

The data you provide to us when using the Reveal software

Users of the Software log into the application with their individualized credentials. These credentials are associated with your username, first name, last name, email address, and other identifying fields entered by the administrators of your instance of the Reveal software. We maintain robust audit logs detailing when you log into our software and the actions that you perform.

We never share personal data, cookies, audit logs, uploaded data, or any other personally identifiable information generated by or stored within our Software with a third-party without first seeking your authorization in writing.

If you contact our Reveal Support or Success Teams, then your personal data will be recorded within a support ticket to facilitate the speedy resolution of your issue. We keep this data for to track recurring issues and improve our processes and products.

What sensitive personal data do we collect?

We do not intentionally collect any sensitive personal data through our Websites. Sensitive personal data means the various categories of personal data that have been identified by applicable data privacy laws as requiring special treatment and can include data relating to ethnic origin or race, marital status, political opinions or affiliations, ideological views or activities, trade union membership, religious beliefs, physical or mental health, sexual orientation, social security information, government benefits, or administrative or criminal proceedings or records. We suggest that you do not provide sensitive personal data to us. If you do provide us with any sensitive personal data, you consent to our use of this data in the ways described in this policy.

Who can access your personal data?

We are the only owners of the personal data we collect. For personal data collected for marketing and product development purposes, we use sophisticated and well-tested platforms to handle our data processing. We may use the data that you have voluntarily provided us with to keep in touch, track your certifications and event attendances, conduct market research, administer and improve our sites, or comply with our applicable legal obligations.

Any consultants that we engage to help analyze personal data are held to the same standards as our employees. At your request, we will let you know if any third-party data processors have used your data as part of an engagement with us.

How do we secure your personal data?

The security of your personal data is important to us. We follow generally accepted standards to protect the personal data submitted to us, both during transmission and once we receive it. However, no method of transmission over the Internet, or method of electronic storage is one hundred percent secure and we cannot guarantee its absolute security. Please contact us, if you have any questions about security on our Websites or in our Software.

What are your rights?

You have the right to send us a request to access, correct, delete, or limit the use and disclosure of your personal data in our possession and we will respond in accordance with the applicable requirements. If we cannot complete your request due to legal restrictions or because we cannot locate your data, we will let you know. These services are provided free of charge.

If after you have contacted us, you still have any unresolved issues and you live in the European Union or Switzerland, then you may contact your local Data Protection Authority for more information. The local Data Protection
Authorities are a public service provided at no cost to you. For more information, please visit

Is your data transferred internationally?

We are headquartered in the United States. Personal data may be accessed by us or transferred to us in the United States or to our affiliates elsewhere in the world. By providing us with personal data, you consent to this transfer. We will protect the privacy and security of personal data according to this privacy statement, regardless of where it is processed or stored. However, by providing us personal data you acknowledge that personal data stored or
processed in the United States will be subject to the laws of the United States, including the ability of governments, courts or law enforcement or regulatory agencies of the United States to obtain disclosure of your personal data, and you consent to such activities.

For the purposes of European Directive 95/46/EC and applicable national implementing laws in your jurisdiction, we are a data controller with respect to your data, and we are a data processor with respect to our customers’ data. Any personal data we collect is transferred in accordance with our agreements based on the Standard Contractual Clauses set out by the European Union.

If you have any inquiries about how we handle or transfer your personal data, please contact us at


We provide reasonable and appropriate physical, electronic, and procedural safeguards intended to maintain the confidentiality of the personal data we collect. While we endeavor to provide reasonable security for information we process and maintain, but no security system can prevent all potential security breaches.

What happens when I go to another site?

Our Websites provide links to other third-party websites. Even if the third party is affiliated with us, we are not responsible for the privacy policies, practices, or content of such external links. These links are provided to you for convenience purposes only, and you access them at your own risk.

How do you find out about changes to this privacy policy?

We may occasionally update this privacy policy. When we make these updates, we will change the “last updated” date listed below. We encourage you to periodically review this page for the latest information on our privacy practices. Your use of our websites after an updated privacy policy becomes effective will indicate your acceptance of the updated policy.

Do you collect information on children?

We do not knowingly collect personal data from or market to anyone under the age of 16. If you are a parent or guardian and become aware that your child provided us with information without their consent, you should contact us at

EU-U.S. / Swiss-U.S. Data Privacy Framework Principles

Reveal complies with the EU-U.S. Data Privacy Framework Principles and the Swiss-U.S. Data Privacy Framework Principles as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States. Reveal has certified to the Department of Commerce that it adheres to the Data Privacy Framework Principles. If there is any conflict between the terms in this privacy policy and the Data Privacy Framework Principles, the Data Privacy Framework Principles shall govern. To learn more about the Data Privacy Framework Principles program, and to view our certification, please visit

In compliance with the EU-U.S. DPF and the Swiss-U.S. DPF, Reveal commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) about unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the Swiss-U.S. DPF.

EU and Swiss individuals with inquiries or complaints regarding our Data Privacy Framework Principles policy should first contact Reveal at:


Reveal Data Corporation
Data Privacy and Security
145 S. Wells St.
Suite 600
Chicago IL 60606

Reveal is committed to resolve all complaints in timely manner. If you do not receive timely acknowledgment of your complaint from us, or if you are not satisfied with our response, or if contacting us does not resolve your complaint, EU individuals may request Reveal to refer unresolved Data Privacy Framework Principle complaints to, or you may bring a complaint before, the United States Council for International Business (USCIB). The USCIB is the American affiliate of the International Chamber of Commerce, the Business and Industry Advisory Committee to the OECD, and the International Organization of Employers, and has agreed to act as a trusted third party on behalf of the European Union (EU) Data Protection Authorities. Information about how to file a complaint before the USCIB can be found at As a last resort, EU individuals may seek redress through binding arbitration. The services of this process are provided at no cost to you.


All vendors with access to data covered under this policy are required to sign an EU Data Protection Agreement prior to working with Reveal Data.
This document addresses common requirements concerning Notice, Choice, Onward Transfer, Access, Security, Data Integrity and Enforcement of the Personal Data with respect to the vendor’s Personal Data. Any vendor has the right to terminate its working relationship with Reveal Data and request the deletion of Personal Data pertaining to them. However, Reveal Data will continue to maintain its historical business records in such a way so that Reveal Data may retain its historical knowledge and relationships concerning any legal or regulatory inquiries which may later arise. This practice is in
the best interests of both parties so that identifying information relating to a particular matter is accessible but sufficiently discrete so that Reveal Data does not accidentally contact them for projects in the future.

Reveal remains responsible for any Information that is shared under the Onward Transfer Principle with third parties for external processing on our behalf.


Reveal Data undertakes to verify compliance with its Privacy Policy not less than once per year and in connection with Reveal Data’s annual review and internal compliance measures. Reveal Data will use its best commercial efforts to ensure that compliance with this Privacy Policy is maintained and that the Privacy Policy is accurate, comprehensive, and continues to conform to applicable law. We encourage CVEs to raise and discuss any issues
or concerns with Reveal Data’s Privacy Officer directly who address and resolve such complaints regarding the use of data and noncompliance with our Privacy Policy. Reveal Data is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC)

Reveal Data provides information regarding the below through policies and trainings:

  • Reveal Data is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC)
  • The possibility, under certain conditions, for the individual to invoke binding arbitration
  • The requirement for your organization to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements
  • Reveal Data’s liability in cases of onward transfers to third parties

With respect to complaints related to our Privacy Policy that cannot be resolved through our internal process, we agree to abide by the dispute resolution procedures established by the Data Privacy Framework Principles.


You have a choice about whether or not you wish to receive certain information from Reveal. You may choose to receive email-based and in-application messages from Reveal related to things such as the completion of a processing job, project creations or deletions, collaborative communications from a user within your account, or product updates. If you would like to discontinue receiving this information, you may update your email preferences by using the "Unsubscribe" link found in the emails Reveal sends to you or by changing your notification preferences from within the application. If needed you can contact Reveal's Customer Success team for help with these adjustments at You may also opt out of marketing-related email communications by using the "Unsubscribe" link found in the emails Reveal sends to you or by contacting Reveal at You may not be able to opt-out of certain notifications to the extent necessary to comply with applicable law or legal process and to prevent fraud or security issues.

If you are a client of one of Reveal's customers and would no longer like to be contacted by one of Reveal's customers that uses Reveal's Service or if you wish to request the removal of personal data under their control, please contact the customer who you interact with directly.

You can opt out or choose whether your information is a) to be disclosed to a third party or; b) to be used for a purpose that is materially different from the purpose for which it was originally collected or subsequently authorized by the individuals by a) contacting or sending notice to the address below. Most data that Reveal collects can also be modified or deleted using your instance of the Reveal application and browsing to User Preferences or Company Admin.

For sensitive information, Reveal will obtain affirmative express consent from individuals if such information is to be a) disclosed to a third party or; b) used for a purpose other than those for which it was originally collected or subsequently authorized by the individuals through the exercise of opt-in choice. Reveal will treat as sensitive any personal information received from a third party where the third party identifies and treats it as sensitive.

Who can you contact to learn more?

If you have any questions regarding our privacy policy or our use of personal data, please contact us at

Reveal Data Corporation
Data Privacy and Security
145 S. Wells St.
Suite 600
Chicago IL 60606

Modified 28 August 2023