1. Introduction
Revenue Recovery Engine ("RRE", "we", "us", or "our") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.
By using the Service, you consent to the data practices described in this policy.
2. Information We Collect
2.1 Information You Provide
We collect information that you voluntarily provide when using the Service:
- Account Information: Name, email address, company name, phone number, business details
- Payment Information: Credit card details (processed securely by Stripe; we do not store full card numbers)
- Lead Data: Customer contact information, messages, call recordings, transcriptions
- Settings: Business hours, SMS templates, pricing configurations, webhook URLs
- Communications: Support requests, feedback, survey responses
2.2 Automatically Collected Information
When you use the Service, we automatically collect certain information:
- Usage Data: Pages visited, features used, time spent, click patterns
- Device Information: IP address, browser type, operating system, device type
- Log Data: Access times, error logs, performance metrics
- Cookies: Session cookies, authentication tokens (see Cookie Policy)
2.3 Information from Third Parties
We may receive information from:
- Your CRM: Lead data sent via webhooks (GoHighLevel, Salesforce, etc.)
- Twilio: SMS delivery status, phone call metadata
- Stripe: Payment status, subscription information
- Anthropic: AI classification results
3. How We Use Your Information
We use the collected information for the following purposes:
3.1 Provide the Service
- Process and classify leads using AI
- Send automated SMS and email responses
- Generate revenue analytics and reports
- Manage your account and subscriptions
- Process payments and billing
3.2 Improve the Service
- Analyze usage patterns to improve features
- Monitor system performance and reliability
- Train and improve AI models (aggregated, anonymized data only)
- Conduct research and development
3.3 Communicate with You
- Send service-related notifications (usage warnings, payment failures)
- Respond to support requests
- Send product updates and announcements
- Request feedback or surveys
3.4 Security and Compliance
- Detect and prevent fraud, abuse, and security threats
- Comply with legal obligations
- Enforce our Terms of Service
- Maintain audit logs for security purposes
4. How We Share Your Information
We do not sell your personal information. We may share your information in the following circumstances:
4.1 Service Providers
We share information with third-party service providers who perform services on our behalf:
- Anthropic: AI classification (lead data, messages)
- Twilio: SMS and voice communications (phone numbers, messages)
- Resend: Email delivery (email addresses, message content)
- Stripe: Payment processing (payment information)
- DigitalOcean: Cloud hosting (all Service data)
- Sentry: Error monitoring (usage data, error logs)
4.2 Your CRM
If you configure an outbound webhook URL, we will send enriched lead data to your specified CRM or system. This is done at your direction and is necessary to provide the Service.
4.3 Legal Requirements
We may disclose your information if required to do so by law or in response to:
- Subpoenas, court orders, or legal processes
- Requests from law enforcement or government agencies
- Protection of our rights, property, or safety
- Prevention of fraud or illegal activities
4.4 Business Transfers
In the event of a merger, acquisition, reorganization, or sale of assets, your information may be transferred to the acquiring entity.
5. Data Security
We implement industry-standard security measures to protect your information:
- Encryption: All data transmitted over HTTPS/TLS
- Authentication: Secure password hashing (bcrypt), JWT tokens
- Access Control: Role-based access, multi-tenant data isolation
- Monitoring: 24/7 error monitoring, security alerts
- Backups: Daily automated database backups
- Auditing: Comprehensive audit logs (90-day retention)
However, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security.
6. Data Retention
We retain your information for different periods depending on the type of data:
- Account Data: Retained while your account is active
- Lead Data: Retained while your account is active or until you delete it
- Audit Logs: 90 days
- Payment Records: 7 years (legal requirement)
- Deleted Accounts: 30-day soft delete period, then permanently deleted
7. Your Privacy Rights
Depending on your location, you may have the following rights:
7.1 Access and Portability
You have the right to access and download your data. You can export your data at any time through the Settings page or by contacting support.
7.2 Correction
You have the right to correct inaccurate or incomplete information. You can update your account information through the Settings page.
7.3 Deletion
You have the right to request deletion of your data. You can delete your account through Settings or by contacting support. Note: Some data may be retained for legal compliance.
7.4 Objection and Restriction
You have the right to object to certain processing of your data or request restrictions on how we use it.
7.5 Opt-Out
You can opt out of marketing communications by clicking "unsubscribe" in emails or contacting support.
To exercise these rights, contact us at privacy@revenuerecovery.io
8. International Data Transfers
Your information may be transferred to and processed in countries other than your country of residence. We use DigitalOcean data centers in the United States.
By using the Service, you consent to the transfer of your information to the United States and other countries where we operate.
9. Children's Privacy
The Service is not intended for children under 18. We do not knowingly collect personal information from children. If we become aware that we have collected information from a child, we will delete it immediately.
10. California Privacy Rights (CCPA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):
- Right to know what personal information is collected, used, shared, or sold
- Right to delete personal information
- Right to opt-out of the sale of personal information (we do not sell your information)
- Right to non-discrimination for exercising your rights
To exercise these rights, contact us at privacy@revenuerecovery.io
11. European Privacy Rights (GDPR)
If you are in the European Economic Area (EEA), you have rights under the General Data Protection Regulation (GDPR):
- Right to access your personal data
- Right to rectification of inaccurate data
- Right to erasure ("right to be forgotten")
- Right to restrict processing
- Right to data portability
- Right to object to processing
- Right to withdraw consent
- Right to lodge a complaint with a supervisory authority
Legal Basis for Processing: We process your data based on:
- Contract performance (providing the Service)
- Consent (where required)
- Legitimate interests (improving the Service, security)
- Legal obligations (compliance, fraud prevention)
12. Do Not Track Signals
Some browsers include a "Do Not Track" (DNT) feature. Our Service does not currently respond to DNT signals, as there is no industry standard for how to respond to such signals.
13. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of material changes via:
- Email notification
- Notice on the Service
- Updated "Last Updated" date at the top of this policy
Your continued use of the Service after changes constitutes acceptance of the updated policy.