Legal

Privacy Policy

Last updated: June 29, 2026

This Privacy Policy explains how Mark Lim, operating under the Namarix brand ("Namarix", "we", "us", or "our"), collects, uses, shares, and protects personal data when you visit our website, communicate with us, use Revont, or interact with a Revont-powered AI agent or content experience.

Namarix is currently a brand name, not a separate legal entity. Revont is the product name used for our AI SaaS / AI agency service. If Namarix GmbH is formed and becomes the operator of Revont, this Privacy Policy will be updated.

1. Controller

Controller for this website and Namarix's own business processing:

Mark Lim
Winterhuder Weg 29, 7. Stock
22085 Hamburg
Germany
Email: mark@namarix.ai
Website: https://namarix.ai

VAT ID: DE458015605

No separate Data Protection Officer has been appointed. Privacy requests can be sent to mark@namarix.ai.

2. Controller / Processor Roles

For Namarix's own website, sales, marketing, account administration, product administration, analytics, security, billing, legal, and business communications, Mark Lim is the controller.

For Revont deployments operated for a client, the client is usually the controller for its prospect/customer data, and Mark Lim / Namarix acts as a processor under the client's instructions and under a data processing agreement.

Where Namarix independently decides why and how personal data is used, such as for its own account administration, security, billing, legal compliance, product analytics, or marketing where legally permitted, Namarix may act as an independent controller for that processing.

3. Personal Data We Collect

We may collect:

  • Contact and account data: name, business email address, company name, role, login information, workspace details, and account settings.
  • Communications data: messages, demo requests, sales calls, support requests, form submissions, preferences, and opt-out status.
  • AI agent interaction data: work email, chat messages, questions, prompts, conversation history, session metadata, timestamps, summaries, pain points, objections, topics, sentiment, engagement signals, and inferred business needs.
  • Client content and configuration data: webinar, podcast, video, transcript, sales, CRM, knowledge-base, brand, prompt, and AI-agent configuration content.
  • Technical and usage data: IP address, browser/device information, log data, pages visited, referrers, cookies, identifiers, product usage events, and security metadata.
  • Analytics and tracking data if enabled in the future: page views, clicks, scroll behavior, approximate location, device/browser data, session replay events, advertising pixel events, campaign attribution, and similar interaction data.
  • Integration data: CRM, webhook, workflow, enrichment, or notification data made available through HubSpot, Clay, n8n, Supabase, client-selected webhooks, or similar systems.
  • Public-source and third-party business data: company, role, website, LinkedIn, firmographic, enrichment, and business contact information obtained from clients, public sources, enrichment tools, or lead-generation tools.

Do not submit sensitive personal data, health data, financial account data, government ID data, special-category data, confidential information, or trade secrets into the public AI agent unless we have expressly agreed in writing to handle that data.

4. How We Use Personal Data

We use personal data to:

  • provide, operate, secure, maintain, and improve the website, Revont, AI agents, dashboards, workflows, and related services;
  • create and manage workspaces, accounts, content pages, sessions, notifications, and client configurations;
  • register prospects for client content experiences and allow them to interact with AI agents;
  • record, analyze, summarize, and route AI-agent conversation history;
  • provide client-specific prospect insights, CRM updates, Slack alerts, Clay webhook payloads, HubSpot records, reports, and similar operational outputs to the relevant client or authorized integration;
  • tailor AI-agent responses to a visitor's company domain or business context;
  • improve search/retrieval quality, prompts, benchmarks, analytics, product quality, and messaging using aggregated, de-identified, or anonymized learnings where possible;
  • conduct Namarix sales, marketing, and customer research where legally permitted;
  • respond to inquiries, provide support, manage contracts, process billing, prevent misuse, maintain security, comply with law, and enforce agreements.

We do not disclose one client's identifiable prospect data or confidential content to another client.

5. AI Agent And Email Capture

When you interact with a Revont-powered AI agent, we may collect your work email address and the content of your conversation. This may include the questions you ask, the business problems you describe, objections, topics of interest, and engagement signals.

We collect work email addresses so the AI agent can customize responses to your company context, improve the relevance of answers, help the client follow up on your inquiry, and connect the conversation to the relevant client workflow or CRM where enabled. The email prompt and footer notice are intended to explain this collection at the point of interaction.

If the AI agent is operated for one of our clients, your data may be shared with that client so they can respond to your inquiry, analyze demand signals, personalize follow-up, and improve their own marketing, sales, content, and product strategy.

We may use aggregated, de-identified, or anonymized interaction patterns and product learnings across clients to improve Revont. We do not share one client's identifiable prospect data with another client.

The AI agent does not make decisions that produce legal effects or similarly significant effects about you. AI-generated outputs may be inaccurate and should be reviewed before important decisions are made.

6. Legal Bases

For individuals in the EEA, United Kingdom, or Switzerland, we rely on the following legal bases where applicable:

  • Contract: to provide services, accounts, support, and requested product functionality.
  • Legitimate interests: to operate, secure, analyze, improve, and market our B2B services; understand buyer intent and product-market signals; prevent abuse; support client sales and marketing workflows; and improve product performance, provided these interests are not overridden by your rights and freedoms.
  • Consent: where we ask for consent, such as for certain marketing communications, optional cookies, or specific processing activities.
  • Legal obligation: to comply with accounting, tax, corporate, regulatory, security, and legal obligations.

You may object to processing based on legitimate interests, including certain marketing and profiling activities, by contacting mark@namarix.ai.

7. Marketing Communications

We may send B2B marketing communications only where permitted by applicable law.

In Germany and much of the EU, marketing emails usually require prior consent unless a narrow legal exception applies. We treat cold outreach to Germany/EU prospects as a separate compliance-controlled workflow.

In the United States, commercial emails must identify the sender and include an opt-out method. Marketing emails will identify the sender, include a valid postal address where required, and provide an unsubscribe or opt-out method.

You can opt out of marketing communications at any time by using the unsubscribe link in an email or contacting mark@namarix.ai.

8. Cookies And Tracking

We may use cookies, pixels, scripts, analytics tools, and similar technologies to operate the website, understand usage, improve performance, remember preferences, and measure marketing effectiveness.

Where required, we will request consent before using non-essential cookies, analytics pixels, advertising pixels, session replay, or similar tracking technologies. You can control cookies through your browser settings and, where available, through our cookie banner or preference tool.

9. Sharing And Subprocessors

We may share personal data with:

  • clients, when you interact with a Revont deployment operated for that client;
  • service providers and subprocessors that host, store, secure, analyze, process, automate, communicate, and deliver the service;
  • integration partners authorized by us or our clients, such as CRM, webhook, messaging, enrichment, email, or workflow tools;
  • professional advisers, such as lawyers, accountants, auditors, insurers, and security consultants;
  • authorities, courts, regulators, or other parties where required by law or necessary to protect rights, safety, security, or contractual interests;
  • buyers, successors, or transaction participants in connection with a merger, financing, restructuring, asset sale, or future GmbH transition.

Depending on the deployment, current subprocessors and major systems may include OpenAI, Anthropic, Supabase, Cloudflare/R2, Vercel, Webflow, HubSpot, n8n, Railway, Clay, and client-selected webhook, CRM, enrichment, or automation providers. Slack may process internal operational alerts if configured, but it is not currently used to receive prospect data in production. Google/Gmail and Discord are not currently used as product subprocessors.

Not every vendor receives every user's data.

10. International Transfers

We may process and transfer personal data in Germany, the European Union, the United States, and other countries where we or our service providers operate.

Some subprocessors are based in, or may process data from, the United States. Where we transfer personal data from the EEA, UK, or Switzerland to countries without an adequacy decision, we rely on appropriate safeguards such as standard contractual clauses, the EU-U.S. Data Privacy Framework where applicable, data processing agreements, and supplementary measures where required.

11. Retention

We retain personal data only for as long as reasonably necessary for the purposes described in this Privacy Policy, including to provide the service, maintain security, comply with law, resolve disputes, enforce agreements, and support legitimate business needs.

Unless a different period is required by law, contract, or client instruction:

  • Account and workspace data: for the life of the account or client relationship, plus up to 24 months.
  • AI agent conversation history and session data: up to 24 months from the last interaction.
  • Prospect email and campaign engagement data: up to 24 months from last meaningful engagement.
  • CRM, sales, and marketing records: up to 24 months from last engagement for inactive prospects, and for the active business relationship plus up to 24 months for customers.
  • Aggregated, de-identified, or anonymized analytics and product learnings: indefinitely, provided they no longer identify an individual and are not used to re-identify them.
  • Marketing suppression records: as long as needed to honor opt-outs.
  • Security logs: normally up to 12 months, unless needed longer for security, abuse prevention, legal claims, or compliance.
  • Contract, invoice, tax, bookkeeping, and compliance records: for the statutory period required by applicable law, which may be up to 10 years for certain business and tax records in Germany.

If we use OpenAI API or similar business AI services, we configure and treat submitted customer content as business/customer content where available. Our own retention periods apply to copies stored in Namarix, client, CRM, workflow, and backup systems.

12. Security

We use technical and organizational measures designed to protect personal data against unauthorized access, loss, misuse, alteration, and disclosure. These measures may include access controls, encryption in transit, credential and secret management, logging, backups, provider security controls, and internal access restrictions.

No system is perfectly secure, and we cannot guarantee absolute security.

13. Your Rights

Depending on your location, you may have rights to:

  • request access to personal data;
  • request correction;
  • request deletion;
  • request restriction of processing;
  • object to processing based on legitimate interests;
  • request portability;
  • withdraw consent where processing is based on consent;
  • lodge a complaint with a data protection authority.

For Namarix's current Hamburg location, the competent authority is the Hamburg Commissioner for Data Protection and Freedom of Information (Hamburgischer Beauftragter fuer Datenschutz und Informationsfreiheit): https://datenschutz-hamburg.de/

To exercise your rights, contact mark@namarix.ai. If your data was processed on behalf of one of our clients, we may forward your request to that client or help the client respond.

14. U.S. Privacy Rights

If you are located in a U.S. state with applicable privacy rights, you may have rights to know, access, correct, delete, port, or opt out of certain uses or disclosures of personal information.

We do not sell personal information in the traditional sense. If we use advertising, analytics, enrichment, or tracking technologies that may be considered a "sale," "sharing," or "targeted advertising" under applicable law, we will provide required notices and opt-out methods.

15. Children's Privacy

Our services are intended for business users and are not directed to children. We do not knowingly collect personal data from children under 16.

16. Changes

We may update this Privacy Policy from time to time. The updated version will be posted on our website with a new "Last updated" date. If changes are material, we may provide additional notice where required.

17. Contact

Mark Lim
Operating under the Namarix brand
Winterhuder Weg 29, 7. Stock
22085 Hamburg
Germany
mark@namarix.ai
https://namarix.ai