Privacy Policy

1. Information We Collect

We collect information in several ways depending on how you interact with our platform:

a) Account Information

When you create an account, we collect your name, email address, and password (stored as a secure hash). If you sign up through a third-party provider (e.g., Google OAuth), we receive your name and email from that provider.

b) Organization Data

We collect the organization name, address, phone number, logo, and configuration settings you provide when setting up your workspace.

c) Lead & Contact Data

The leads and contacts you create within Revenue Venue — including names, email addresses, phone numbers, company information, notes, and pipeline status — are stored in your organization's isolated database partition.

d) Communication Data

When you use our communication features, we store metadata and content related to your emails (sent and received via the Gmail integration), SMS messages (via Twilio), and phone call records (via Twilio), including timestamps, participants, and message content.

e) Payment Information

Payments are processed by Stripe. We do not store credit card numbers or bank account details on our servers. We retain only a Stripe customer identifier and subscription status for billing purposes.

f) Usage & Log Data

We collect standard log data such as IP addresses, browser type, pages visited, and timestamps to monitor performance and diagnose issues.

2. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve our platform and services.
• Authenticate your identity and manage your account and organization.
• Facilitate communications on your behalf (email, SMS, and voice calls).
• Process payments and manage your subscription.
• Send transactional notifications such as account invitations and billing receipts.
• Monitor for security threats, fraud, and abuse of the platform.
• Comply with legal obligations and respond to lawful requests.

We do not sell your personal data to third parties. We do not use your data for advertising or marketing purposes unrelated to our service.

3. Gmail & Google API Data

Revenue Venue integrates with the Gmail API (via Nylas) to enable email communication directly within the CRM. This section describes how we handle data obtained through Google APIs.

a) Scopes We Request

We request the following Gmail OAuth scopes:

• gmail.modify — To send emails, mark messages as read, and manage labels on your behalf.
• gmail.readonly — To read incoming emails so they appear in your CRM communication timeline.

b) How We Use Gmail Data

• We send and receive emails on your behalf through your connected Gmail account.
• We store email metadata (subject line, sender, recipients, date, and a short snippet) in our database to display your communication timeline within the CRM.
• Email content is transmitted through Nylas's secure infrastructure and is not retained beyond what is necessary to provide the service.

c) What We Do Not Do With Gmail Data

• We do not sell, rent, or share your Gmail data with any third party for advertising, marketing, or any purpose unrelated to providing our CRM service.
• We do not use your Gmail data for training machine learning or artificial intelligence models.
• We do not allow any human to read your email content except where required by law, necessary to investigate abuse, or with your explicit consent.

d) Google API Services User Data Policy

e) Revoking Access

You can disconnect your Gmail account from Revenue Venue at any time through your account settings. You can also revoke access directly from your Google Account permissions page. Upon disconnection, we will delete stored Gmail connection credentials and cease accessing your Gmail data.

4. Third-Party Services

We use the following third-party services to operate our platform. Each service processes data in accordance with its own privacy policy:

• Supabase — Database hosting, user authentication, and file storage.
• Nylas — Email integration (Gmail API connectivity, email sending and receiving).
• Twilio — SMS messaging and voice call services.
• Stripe — Payment processing and subscription management.
• Vercel — Application hosting and content delivery.

We share only the minimum amount of data necessary for each service to function. We do not sell or rent your data to these or any other third-party providers.

5. Data Security

We take the security of your data seriously and implement the following measures:

• Encryption in transit: All data transmitted between your browser and our servers is encrypted using TLS (Transport Layer Security).
• Encryption at rest: Database storage is encrypted at rest through our infrastructure provider.
• Row-Level Security (RLS): Our database enforces row-level security policies ensuring that each organization can only access its own data.
• Multi-tenant isolation: Each organization's data is logically isolated. Users in one organization cannot view, modify, or access data belonging to another.
• Secure authentication: Passwords are hashed using industry-standard algorithms. Session tokens are stored in secure, httpOnly cookies.

While we strive to protect your data, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security but commit to promptly notifying affected users in the event of a data breach.

6. Data Retention

We retain your data for as long as your account is active or as needed to provide our services:

• Account data: Retained until you delete your account or request deletion.
• Lead and communication data: Retained for the duration of your active subscription.
• Billing records: Retained for up to 7 years to comply with tax and accounting obligations.
• Server logs: Automatically purged after 90 days.

Upon account deletion or organization closure, we will delete or anonymize your personal data within 30 days, except where retention is required by law. You may request a data export before closing your account.

7. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

• Access: Request a copy of the personal data we hold about you.
• Correction: Request correction of inaccurate or incomplete personal data.
• Deletion: Request deletion of your personal data, subject to legal retention requirements.
• Data portability: Request an export of your data in a machine-readable format.
• Withdraw consent: Where processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, contact us at hivedigitalapp@gmail.com. We will respond to your request within 30 days.

8. Cookies

Revenue Venue uses cookies strictly for essential platform functionality:

• Session cookies: Used to authenticate your identity and maintain your logged-in session. These are httpOnly and secure.
• Preference cookies: Used to remember your display preferences (e.g., sidebar state).

We do not use tracking cookies, advertising cookies, or third-party analytics cookies.

9. Children's Privacy

Revenue Venue is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us and we will promptly delete it.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email or through a prominent notice on our platform at least 14 days before the changes take effect. Your continued use of Revenue Venue after the effective date constitutes acceptance of the updated policy.

11. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

• Email: hivedigitalapp@gmail.com
• Website: www.revenuevenue.app