Privacy Policy

1. Introduction

RevFlow, Inc. ("RevFlow," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our GTM AI Platform and related services (collectively, the "Services").

By using our Services, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with our policies and practices, please do not use our Services.

2. Information We Collect

2.1 Information You Provide

• Account Information: Name, email address, password, company name, job title
• Billing Information: Payment card details, billing address (processed securely via Stripe)
• Profile Information: Profile photo, preferences, settings
• Communication Data: Messages, support requests, feedback
• Content: Data you upload, including leads, contacts, and campaign content

2.2 Information Collected Automatically

• Usage Data: Features used, actions taken, time spent on pages
• Device Information: IP address, browser type, operating system, device identifiers
• Log Data: Access times, pages viewed, referring URLs
• Cookies and Tracking: See our Cookie Policy for details

2.3 Information from Third Parties

• CRM Integrations: Data from Salesforce, HubSpot, or other connected services
• OAuth Providers: Information from Google, Microsoft when you authenticate
• Data Enrichment: Business information from public sources

3. How We Use Your Information

We use your information for the following purposes:

• Provide Services: Operate and maintain our platform, process transactions
• AI Processing: Power our AI agents for lead scoring, content generation, and automation
• Improve Services: Analyze usage patterns, develop new features, enhance performance
• Communication: Send service updates, security alerts, support messages
• Marketing: With consent, send promotional materials (you can opt-out anytime)
• Security: Detect and prevent fraud, abuse, and security threats
• Legal Compliance: Comply with legal obligations and enforce our terms

4. How We Share Your Information

We may share your information with:

• Service Providers: Cloud hosting (Cloudflare), payment processing (Stripe), AI services (OpenAI, Anthropic), analytics providers
• Business Transfers: In connection with mergers, acquisitions, or asset sales
• Legal Requirements: When required by law, court order, or government request
• With Your Consent: When you authorize specific sharing

We do not sell your personal information to third parties.

5. Data Retention

We retain your information for as long as your account is active or as needed to provide Services. We may retain certain information as required by law or for legitimate business purposes.

• Account Data: Retained until account deletion, then 30 days grace period
• Usage Logs: Retained for 12 months
• Billing Records: Retained for 7 years for tax/legal compliance
• Backup Data: Retained for 90 days after deletion

6. Your Privacy Rights

Depending on your location, you may have the following rights:

• Access: Request a copy of your personal data
• Correction: Request correction of inaccurate data
• Deletion: Request deletion of your data ("Right to be Forgotten")
• Portability: Receive your data in a portable format
• Objection: Object to certain processing activities
• Restriction: Request restricted processing
• Withdraw Consent: Withdraw consent where processing is based on consent

To exercise these rights, visit your Privacy Settings or contact us at [email protected].

7. GDPR Compliance (EU/EEA Users)

For users in the European Union and European Economic Area:

• Legal Basis: We process data based on contract performance, legitimate interests, legal obligations, and your consent
• Data Transfers: When transferring data outside the EU/EEA, we use Standard Contractual Clauses and ensure adequate protection
• DPO: Contact our Data Protection Officer at [email protected]
• Supervisory Authority: You have the right to lodge a complaint with your local data protection authority

8. CCPA Compliance (California Users)

California residents have additional rights under the CCPA:

• Right to Know: What personal information we collect and how it's used
• Right to Delete: Request deletion of personal information
• Right to Opt-Out: Opt-out of the sale of personal information (we do not sell data)
• Non-Discrimination: We won't discriminate against you for exercising your rights

To exercise CCPA rights, email [email protected] with subject "CCPA Request".

9. Data Security

We implement industry-standard security measures to protect your data:

• Encryption: TLS 1.3 for data in transit, AES-256 for data at rest
• Access Controls: Role-based access, multi-factor authentication
• Infrastructure: SOC 2 compliant cloud providers
• Monitoring: 24/7 security monitoring and incident response
• Audits: Regular security assessments and penetration testing

10. Children's Privacy

Our Services are not intended for individuals under 16 years of age. We do not knowingly collect personal information from children. If we learn that we have collected data from a child, we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through our Services. Your continued use after changes constitutes acceptance of the updated policy.

12. Contact Us

If you have questions about this Privacy Policy or our privacy practices: