Privacy Policy

1. Information we collect

Account information

When you sign in with Google, we receive basic profile information from your Google Account, including your name, email address, profile image, and Google account identifier. We use this to create and secure your account.

Google services data (with your consent)

If you connect your Google account for data features, we request access to the following scopes and use the data solely to provide the features you ask for:

• Google Ads (`adwords`) — read access to your campaigns, ad groups, keywords, and performance metrics so we can analyze your account and generate audits, insights, and recommendations.
• Google Search Console (`webmasters.readonly`) — read-only access to search performance and site data used to inform site audits and analytics.
• `openid`, `email`, `profile` — to authenticate you and associate the connection with your account.

We request read-only access where possible and never make changes to your Google Ads or Search Console accounts.

Content you provide

We process information you submit to the Service, such as website URLs you ask us to audit or import, brand assets, landing pages you generate or edit, prompts, and settings.

Usage and device data

We collect log and usage data (such as pages viewed, actions taken, IP address, browser type, and timestamps) and use essential cookies to keep you signed in and operate the Service.

2. How we use information

• Provide, operate, secure, and improve the Service.
• Generate audits, insights, recommendations, analytics, and landing pages you request.
• Authenticate you and prevent fraud or abuse.
• Respond to support requests and communicate about the Service.
• Comply with legal obligations.

3. Google API Services — Limited Use

Revlytics's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically, we affirm that we:

• Only use access to Google user data to provide or improve user-facing features that are prominent in the Service.
• Do not transfer or sell Google user data for advertising, or to build advertising profiles or other independent purposes.
• Do not sell Google user data under any circumstances.
• Do not allow humans to read your Google user data unless we have your affirmative consent for specific messages, it is necessary for security purposes (such as investigating abuse), to comply with applicable law, or the data has been aggregated and anonymized.
• Limit our use of data from Google Workspace APIs to providing or improving user-facing features, and do not use it to develop, improve, or train generalized AI/ML models.

4. AI processing

The Service uses third-party AI providers to generate audits, recommendations, and content. The relevant inputs you provide or authorize (for example, campaign metrics, page content, or submitted URLs) may be sent to these providers to produce results for you. We do not use your Google user data to train generalized AI/ML models, and we send only the data needed to deliver the feature you requested.

5. How we share information

We do not sell your personal information. We share information only as described here:

• Service providers (subprocessors) who process data on our behalf, under contractual confidentiality and data-protection obligations, including: Supabase (authentication, database, and file storage), Anthropic (AI processing), Firecrawl (web content retrieval), Microlink (website screenshots), and Vercel (hosting).
• Google, when you authenticate or when we call Google APIs on your behalf.
• Legal and safety — when required to comply with law, enforce our terms, or protect the rights, safety, and security of users and the public.
• Business transfers — in connection with a merger, acquisition, or sale of assets, subject to this Policy.

6. Data retention

We retain your information for as long as your account is active or as needed to provide the Service. You may delete your data or account at any time, and we will delete or anonymize your personal information within a reasonable period unless we are required to retain it for legal, security, or fraud-prevention purposes.

7. Your choices and rights

• Revoke Google access at any time in your Google Account permissions or by disconnecting Google in the Service settings.
• Access, correct, export, or delete your personal information by contacting us.
• Depending on your location, you may have additional rights under laws such as the GDPR or CCPA, including the right to object to or restrict processing.

8. Security

We use industry-standard safeguards, including encryption in transit, access controls, and reputable infrastructure providers, to protect your information. OAuth tokens are stored securely and used only to provide the features you enable. No method of transmission or storage is completely secure, but we work to protect your data and continually improve our safeguards.

9. International transfers

We may process and store information in countries other than your own. Where required, we use appropriate safeguards for international data transfers.

10. Children's privacy

The Service is not directed to children under 16, and we do not knowingly collect personal information from them.

11. Changes to this Policy

We may update this Policy from time to time. We will revise the “Last updated” date above and, for material changes, provide additional notice where appropriate. Your continued use of the Service after changes take effect constitutes acceptance of the updated Policy.

12. Contact us

If you have questions about this Policy or our data practices, contact us at privacy@revlytics.co.