Privacy Policy - Revenue Growth Agent

Company: RevenueCEO, LLC

Effective Date: May 10, 2025

Last Updated: November 1, 2025

Introduction

RevenueCEO, LLC ("we," "our," or "us") operates the Revenue Growth Agent platform (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

By using the Service, you agree to the collection and use of information in accordance with this Privacy Policy.

1. Information We Collect

1.1 Personal Information

We collect personal information that you provide directly to us:

Account Information: Name, email address, company name, job title
Payment Information: Billing details, credit card information (processed by third-party payment processors)
Contact Information: Phone number, company address
Profile Information: User preferences, settings, and configurations

1.2 CRM Data

When you integrate Revenue Growth Agent with your CRM platform (Salesforce, HubSpot, or other supported systems):

Data We Collect from CRM:

Contact/Lead Information: First Name, Last Name, Email, Phone
Company Information: Company Name, Website URL, Industry, Company Size
Professional Information: Job Title, LinkedIn Profile URL
Meeting Prep Form Data: Any additional information you enter when generating meeting preps or discovery sessions

Data We Store:

We store the above CRM data in our database (Airtable) for the following purposes:

Generate meeting preparation documents
Track meeting prep history
Provide discovery session support
Improve service quality

Data We Do NOT Store:

Full CRM records (we only store fields listed above)
Opportunity data, deal stages, or pipeline information
Custom CRM fields not explicitly entered in our forms
Sensitive personal information (SSN, financial data, health data)

Important: We access CRM data via OAuth tokens and signed requests, but only retain the specific fields you provide through our meeting prep and discovery forms.

1.3 Client-Provided Content

You may upload or provide content to enhance our Service:

Documents: PDFs, case studies, presentations, sales collateral
Links: Website URLs, LinkedIn profiles, news articles
Company Information: Product descriptions, value propositions, positioning
Custom Data: Any other content you provide for AI training

AI Training: This client-provided content is processed by AI models and stored in our retrieval-augmented generation (RAG) database powered by Pinecone. This enables personalized, company-specific insights in meeting preps and discovery sessions.

1.4 Generated Content

Meeting Preparation Documents:

We generate Google Docs containing meeting prep content
These documents are stored in our Google Drive (not your personal Drive)
Document URLs are stored in our database (Airtable)
Documents are accessible via unique, long-form URLs shared only with you
No one else can access your documents without the specific URL

Discovery Session Documents:

Same storage and access model as meeting prep documents

1.5 Usage Data

We automatically collect information about how you use the Service:

Log Data: IP address, browser type, operating system, pages visited
Usage Patterns: Features used, frequency of use, session duration
Device Information: Device type, unique device identifiers
Performance Data: Error logs, load times, API response times

1.6 Cookies and Tracking

We use cookies and similar tracking technologies to:

Maintain user sessions
Remember user preferences
Analyze usage patterns
Improve service performance

You can control cookies through your browser settings.

2. How We Use Your Information

2.1 Service Delivery

Generate AI-powered meeting preparation documents
Create discovery session summaries and insights
Integrate with your CRM platform (Salesforce, HubSpot, etc.)
Store and retrieve meeting prep history
Provide customer support and troubleshooting

2.2 Service Improvement

Analyze usage patterns to enhance features
Improve AI-generated insights using your client-provided content (stored in your private RAG database only)
Identify and fix bugs and technical issues
Develop new features and capabilities
Optimize performance and reliability

Important: We configure all AI providers (OpenAI, Anthropic, Perplexity, Grok) to opt-out of using your data for their model training. Your data is never used to train commercial AI models.

2.3 Communication

Send service-related notifications
Provide customer support responses
Share product updates and new features
Send billing and payment confirmations
Deliver marketing communications (with your consent)

2.4 Legal and Compliance

Comply with legal obligations
Enforce our Terms of Service
Protect against fraud and abuse
Respond to legal requests (subpoenas, court orders)
Protect our rights and property

2.5 What We Do NOT Do

We do NOT:

Use your data to train commercial AI models (we opt-out with all AI providers)
Allow AI providers (OpenAI, Anthropic, etc.) to train on your data
Sell your data to third parties
Share your data with advertisers
Use your CRM data for purposes outside of providing the Service
Access your CRM platform beyond what you authorize via OAuth

3. Data Sharing and Third-Party Services

3.1 Third-Party Service Providers

We share data with trusted third-party providers who assist in operating our Service:

Infrastructure & Hosting:

Vercel - Application hosting and serverless functions
Privacy Policy: https://vercel.com/legal/privacy-policy

Data Storage:

Airtable - Database for CRM data, meeting prep records, and configuration
Privacy Policy: https://www.airtable.com/privacy
Pinecone - Vector database for RAG (client-provided content only)
Privacy Policy: https://www.pinecone.io/privacy/
Google Workspace - Document storage (meeting preps, discovery sessions)
Privacy Policy: https://policies.google.com/privacy

AI & Language Models:

OpenAI - GPT models for content generation
Privacy Policy: https://openai.com/policies/privacy-policy
Anthropic - Claude models for content generation
Privacy Policy: https://www.anthropic.com/legal/privacy
Perplexity - AI research and content generation
Privacy Policy: https://www.perplexity.ai/privacy
Grok - AI content generation
Privacy Policy: [Check xAI website for current policy]

CRM Platforms:

Salesforce - CRM integration via Canvas app and OAuth
Privacy Policy: https://www.salesforce.com/company/privacy/
HubSpot - CRM integration via API and OAuth
Privacy Policy: https://legal.hubspot.com/privacy-policy

Workflow Automation:

Make.com - Webhook automation and workflow orchestration
Privacy Policy: https://www.make.com/en/privacy-policy

Error Monitoring:

Sentry - Application error tracking (PII excluded from logs)
Privacy Policy: https://sentry.io/privacy/

Payment Processing:

Stripe (or your payment processor) - Payment and subscription management
Privacy Policy: https://stripe.com/privacy

3.2 Data Processing Agreements

Upon request, we can provide Data Processing Agreements (DPAs) for customers requiring contractual data protection commitments, particularly for GDPR compliance. Contact [email protected].

3.3 We Do NOT Sell Your Data

We do not sell, rent, or trade your personal information to third parties for their marketing purposes.

4. Data Storage and Security

4.1 Where Your Data is Stored

Primary Storage:

CRM Data (Contact/Lead info from meeting prep forms): Airtable (US-based)
Generated Documents (Meeting preps, discovery sessions): Google Drive (US-based)
Client-Provided Content (RAG database): Pinecone (US-based)
Application Data (logs, configurations): Vercel (US-based)

International Transfers:

If you are located outside the United States, your data may be transferred to and processed in the United States. We ensure appropriate safeguards are in place through:

Standard Contractual Clauses (SCCs) with processors
EU-US Data Privacy Framework compliance (where applicable)
Contractual commitments with third-party processors

4.2 Security Measures

We implement industry-standard security practices:

Encryption:

All data transmitted via HTTPS/TLS 1.3
CRM OAuth tokens encrypted in transit
Sensitive credentials encrypted at rest (AES-256)

Access Controls:

Role-based access control (RBAC)
Multi-factor authentication (MFA) for admin access
Principle of least privilege

Authentication:

OAuth 2.0 for CRM integrations (Salesforce, HubSpot)
Signed request validation (HMAC-SHA256) for Salesforce Canvas
Session management with secure tokens

Monitoring:

Automated error tracking and alerting
Security audit logs
Regular security assessments

Application Security:

Rate limiting (100 req/min for Canvas, 30 req/min for webhooks)
Input validation on all endpoints
Regular dependency updates and security patches

However, no system is 100% secure. You acknowledge that you use the Service at your own risk.

4.3 Data Breach Notification

In the event of a data breach affecting your personal information:

We will notify affected customers within 72 hours of discovery
We will provide details of the breach and remediation steps
We will cooperate with regulatory authorities as required by law

5. Data Retention

5.1 Active Subscription

While your subscription is active, we retain:

Account Information: For the duration of your account
CRM Data (from meeting prep forms): For the duration of your subscription + 3 months
Generated Documents: Stored indefinitely in our Google Drive (accessible via URL)
Client-Provided Content: Stored in RAG database for the duration of your subscription
Usage Logs: Retained for 90 days for debugging and security

5.2 After Cancellation

When you cancel your subscription:

CRM Data: Retained for 3 months after cancellation, then deleted
Generated Documents: Retained in Google Drive (you can request deletion)
Client-Provided Content: Removed from RAG database within 30 days
Account Information: Retained for 30 days, then deleted (unless legal obligation)

Early Deletion: You may request immediate deletion of your data by emailing [email protected]. We will process requests within 30 days.

5.3 Legal Retention

We may retain certain data longer if required by:

Legal obligations (tax records, audit requirements)
Dispute resolution or litigation
Fraud prevention or security investigations

6. Your Rights and Choices

6.1 Access and Portability

You have the right to:

Request a copy of your personal information
Export your data in CSV or JSON format
Access your CRM data stored in our database

How to Request: Email [email protected]

6.2 Correction and Update

You have the right to:

Correct inaccurate personal information
Update your account details
Modify your CRM integration settings

How to Update: Access your account settings or email [email protected]

6.3 Deletion ("Right to be Forgotten")

You have the right to:

Request deletion of your personal information
Request deletion of CRM data we've stored
Request deletion of generated documents from our Google Drive
Close your account

How to Request: Email [email protected]. We will process within 30 days.

Limitations: We may retain data if required by law or for legitimate business purposes (fraud prevention, dispute resolution).

6.4 Opt-Out of Marketing

You have the right to:

Unsubscribe from marketing emails (click "unsubscribe" in any email)
Opt out of promotional communications
Continue receiving service-related emails (account updates, billing, security)

6.5 CRM Permissions

You control what data we access via CRM integrations:

Revoke OAuth tokens at any time via Salesforce/HubSpot settings
Uninstall Canvas app from Salesforce
Disconnect HubSpot integration
This will stop all data access immediately

7. GDPR Compliance (European Union)

If you are located in the European Economic Area (EEA):

7.1 Legal Basis for Processing

We process your data based on:

Contract Performance: To provide the Service you subscribed to
Legitimate Interest: To improve the Service, prevent fraud, ensure security
Consent: For marketing communications, optional features

7.2 Data Controller and Processor

Data Controller: You (the customer/subscriber)
Data Processor: RevenueCEO, LLC (we process data on your behalf)

7.3 Your GDPR Rights

Right to access your personal data
Right to rectification (correct inaccurate data)
Right to erasure ("right to be forgotten")
Right to restrict processing
Right to data portability
Right to object to processing
Right to withdraw consent
Right to lodge a complaint with your supervisory authority

Data Protection Officer: [email protected]

EU Representative: (If required, add details or state "Not currently appointed")

7.4 International Transfers

We transfer data from the EEA to the United States. We use Standard Contractual Clauses (SCCs) approved by the European Commission to ensure adequate protection.

8. CCPA Compliance (California)

If you are a California resident:

8.1 Categories of Data Collected

Identifiers: Name, email, IP address, device ID
Commercial Information: Purchase history, subscription details
Professional Information: Job title, company name, industry
Internet Activity: Usage patterns, browsing history on our Service
Inferences: Preferences derived from usage patterns

8.2 Purpose of Collection

Provide and improve the Service
Process payments and subscriptions
Customer support and communication
Security and fraud prevention
Legal compliance

8.3 Third-Party Sharing

We share data with service providers listed in Section 3. We do NOT sell your personal information.

8.4 Your CCPA Rights

Right to Know: Request what data we collect, use, and share
Right to Delete: Request deletion of your personal information
Right to Opt-Out: Opt out of data sales (not applicable - we don't sell data)
Right to Non-Discrimination: We will not discriminate for exercising your rights

How to Exercise Rights: Email [email protected] or call (239) 456-3336

Verification: We will verify your identity before processing requests.

9. Children's Privacy

Our Service is not intended for children under 18. We do not knowingly collect personal information from children. If you believe we have inadvertently collected data from a child, contact us immediately at [email protected] and we will delete it promptly.

10. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements.

We will notify you of material changes by:

Posting the updated policy on our website
Updating the "Last Updated" date
Sending email notifications (for significant changes)

Your continued use of the Service after changes indicates acceptance of the updated Privacy Policy.

11. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy:

Email: [email protected]

Privacy Inquiries: [email protected]

Mailing Address:
RevenueCEO, LLC
1616 Cape Coral Parkway West
Suite 102-196
Cape Coral, FL 33914
United States

Response Time: We aim to respond to all inquiries within 5 business days.

12. State-Specific Disclosures

12.1 Nevada Residents

Nevada residents may opt out of the sale of personal information. We do not sell personal information as defined by Nevada law. If you have questions, contact [email protected].

12.2 Other US States

If you reside in Virginia, Colorado, Connecticut, Utah, or other states with privacy laws, you may have additional rights similar to GDPR and CCPA. Contact us at [email protected] to exercise these rights.

Acknowledgment

By using the Revenue Growth Agent Service, you acknowledge that:

You have read and understood this Privacy Policy
You consent to the collection, use, and processing of data as described
You understand your rights and how to exercise them
You have authority to agree to these terms on behalf of your organization

Last Updated: November 1, 2025

Effective Date: May 10, 2025

Version: 2.0 (AppExchange Edition)