Rev Platform

Legal

Privacy Policy

Transparency about personal data across RevPlatform websites and services.

RevPlatform Privacy Policy

Effective Date: May 8, 2026 Last Updated: May 8, 2026 Controller: ROHQ, Inc. d/b/a RevOps HQ ("ROHQ," "RevPlatform," "we," "us," or "our") Address: 3 Franklin Square, STE 4, Saratoga Springs, NY 12866 Privacy Contact: contact@revplatform.io

This Privacy Policy describes how ROHQ collects, uses, discloses, and safeguards personal information in connection with the RevPlatform websites, applications, APIs, marketplace apps, embedded apps, integrations, and related services (collectively, the "Services"), including:

  • Rev Platform — Unified authentication, billing, and platform shell (revplatform.io)
  • RevOps Connect — Integration infrastructure and data synchronization (revopsconnect.io)
  • RevCPQ — Configure, price, quote, contract, and billing (revcpq.com)
  • Field Pro — Field service management, scheduling, and dispatch (field.pro)
  • Schedule Pro — Calendar scheduling and meeting management (theschedulepro.com)
  • RevOps Cortex — AI-powered analytics and intelligence (revopscortex.ai)
  • RevERP — Enterprise resource planning modules (reverp.co)
  • RevPortal — External portals for customers, partners, and vendors (revportal.io)
  • MiniMap — Geospatial CRM visualization and territory management (minimap.so)
  • RevGTM — GTM strategy platform for people inventory, tech inventory, and desired reporting (revgtm.io)
  • RevAudit — Automated HubSpot health checks, data quality scans, and compliance audits (revaudit.io)

This Policy applies when ROHQ acts as a controller of personal information (e.g., for visitors to our websites, prospects, end users of our public Services). When ROHQ processes personal data on behalf of a customer (a "Customer Controller"), ROHQ acts as a processor and the Customer Controller's privacy notice governs the data subjects' relationship with that controller; ROHQ's processing in that capacity is governed by the Data Processing Agreement.

1. Scope

1.1 This Policy applies to personal information processed by ROHQ in connection with: (a) marketing websites and content; (b) account registration and administration; (c) purchase, subscription, and billing activities; (d) Customer use of the Services, including AI Features and integrations; and (e) communications with ROHQ.

1.2 This Policy does not apply to (a) Third-Party Services that you connect to the Services, which are governed by their own privacy policies; or (b) Customer Data that ROHQ processes solely on behalf of a Customer Controller, which is governed by the Customer Controller's privacy notice and the Data Processing Agreement.

2. Information We Collect

2.1 Information You Provide

  • Account and registration data: name, email, password, employer, role/title, phone, billing/shipping information, account preferences, and similar identifiers.
  • Payment information: processed by our payment processors (e.g., Stripe). ROHQ does not store full payment card numbers on its servers.
  • Communications: messages, support tickets, survey responses, feedback, and content you submit to ROHQ.
  • Marketing preferences: subscription status, event registrations, content downloads.

2.2 Customer Data Submitted to the Services

Customer Data submitted by Customers or Authorized Users to the Services may include personal information about Customers' employees, contacts, leads, customers, end users, or other individuals (e.g., names, email addresses, phone numbers, job titles, company information, CRM records, communications, transaction records, scheduling data, custom fields). ROHQ processes this data as a processor on behalf of the Customer Controller pursuant to the Data Processing Agreement.

2.3 Information Collected Automatically

  • Usage analytics: features accessed, pages viewed, clicks, scroll depth, time-on-page, navigation paths, search queries, and interaction events.
  • Performance and diagnostic data: API call latency, error logs, crash reports, version data, and similar telemetry.
  • Device and browser information: device type, operating system, browser type and version, language preference, screen resolution, time zone.
  • Network information: IP address (which may indicate approximate location), referring/exit URLs, ISP, mobile carrier.
  • Identifiers and tags: session IDs, cookie IDs, advertising identifiers, user-agent strings.
  • Log data: server logs, request metadata, and audit trails for security and operational purposes.

2.4 Cookies and Tracking Technologies

We and our service providers use cookies, pixels, web beacons, local storage, SDKs, and similar technologies. See the Cookie Policy for details.

2.5 OAuth and Third-Party Integrations

When you connect Third-Party Services (e.g., HubSpot, Google, Microsoft, Stripe, QuickBooks, Shopify, Twilio, PandaDoc, Aircall) via OAuth, API keys, or other authorization methods, the Services may access, retrieve, and process data exposed by those services in accordance with the scopes you authorize. The data accessed depends on the integration and may include CRM records, contacts, calendars, files, mailboxes, deal records, billing data, communication logs, and metadata.

2.6 CRM and Contact Synchronization

When CRM/contact synchronization is enabled, the Services may import, export, mirror, or update contact, company, deal, ticket, custom property, and related records between platforms. Customers are responsible for ensuring lawful basis and consent where required for such processing.

2.7 AI Processing

When AI Features are used, prompts, retrieved context, and Output may be processed by AI providers (e.g., OpenAI, Anthropic, Google, Microsoft) acting as subprocessors. See Section 7 and the AI Usage & Disclosure Policy.

2.8 Uploaded or Imported Data

Files, attachments, documents, datasets, and exports uploaded or imported into the Services are processed and stored to deliver the Services and may be parsed, indexed, or transformed (including via AI Features) for that purpose.

2.9 Information from Third Parties

We may receive information from publicly available sources, data enrichment providers, marketing partners, marketplace operators, and Third-Party Services in connection with sales, marketing, fraud prevention, and integration delivery.

3. How We Use Information

We use personal information to:

(a) provide, operate, maintain, support, and improve the Services; (b) authenticate users, administer accounts, and process transactions; (c) deliver, configure, and personalize features, including AI Features; (d) communicate with you regarding the Services, security, billing, support, and updates; (e) deliver marketing and promotional content (subject to applicable law and your preferences); (f) prevent, detect, and respond to fraud, abuse, security incidents, and unauthorized use; (g) develop, test, and improve products, including training and evaluating ROHQ's models on de-identified or aggregated data; (h) measure performance, generate analytics, and conduct research; (i) comply with legal obligations, enforce our Terms, and protect rights, property, and safety.

4. Legal Bases for Processing (EEA/UK)

Where processing is subject to GDPR or UK GDPR, we rely on the following legal bases:

  • Contract: to provide the Services and perform our agreement with you.
  • Legitimate interests: to operate, secure, improve, and market the Services, and to develop new offerings, balanced against your rights.
  • Consent: where required (e.g., certain cookies, marketing communications, sensitive processing), revocable at any time.
  • Legal obligation: to comply with applicable laws.
  • Vital interests / public interest: where applicable.

5. How We Disclose Information

5.1 Subprocessors and service providers. We share personal information with vendors that support the Services (hosting, infrastructure, analytics, payment processing, communications, AI providers, support, security). See the Subprocessor Disclosure.

5.2 Third-Party Services and integrations. Where you authorize integrations, data flows between the Services and the connected Third-Party Services as you direct.

5.3 Marketplace operators. Where the Services are provided through a marketplace (e.g., HubSpot App Marketplace), the marketplace operator may receive metadata about installation, usage, and account.

5.4 Affiliates. We may share information with ROHQ Affiliates for the purposes described in this Policy.

5.5 Business transfers. In connection with a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, personal information may be transferred to a successor entity.

5.6 Legal and safety. We may disclose information to comply with law, respond to lawful requests, enforce our Terms, or protect the rights, property, or safety of ROHQ, our users, or others.

5.7 With your consent or direction. We share personal information as you direct or authorize.

5.8 Aggregated/de-identified data. We may share aggregated or de-identified data that does not identify any individual for any lawful purpose.

We do not sell personal information for monetary consideration. Where "sale" or "share" is interpreted under U.S. state privacy laws to include certain analytics or advertising activities, see Section 11.

6. International Data Transfers

6.1 ROHQ is headquartered in the United States. Personal information may be transferred to, processed, and stored in the U.S. and other countries where we, our Affiliates, or our subprocessors operate, which may have data protection laws different from those of your jurisdiction.

6.2 For transfers from the EEA, UK, and Switzerland, we rely on appropriate safeguards, including the EU Standard Contractual Clauses (and the UK Addendum, where applicable), and other lawful transfer mechanisms.

6.3 Copies of relevant transfer mechanisms may be requested at contact@revplatform.io.

7. AI Providers and AI Processing

7.1 The Services use AI Features that may rely on third-party AI providers, including OpenAI, Anthropic, Google, and Microsoft. When you use AI Features, prompts, retrieved context, and other inputs may be transmitted to such providers, who process the data as subprocessors.

7.2 ROHQ contractually requires AI providers it engages as subprocessors to: (a) process inputs solely to provide AI services to ROHQ; (b) not use inputs to train their foundation models without ROHQ's instruction; and (c) implement appropriate security and confidentiality safeguards.

7.3 ROHQ may log, retain, and analyze prompts, Output, and metadata for security, abuse prevention, debugging, evaluation, quality, and product improvement, as further described in the AI Usage & Disclosure Policy.

8. Data Retention

8.1 We retain personal information for as long as necessary to provide the Services, comply with legal obligations, resolve disputes, and enforce agreements.

8.2 Default retention periods include:

Data CategoryRetention
Account dataDuration of subscription + 30 days
Customer DataPer Customer instructions / DPA; default 30 days post-termination
Usage and analytics dataUp to 24 months (aggregated longer)
Logs and security dataUp to 12 months
AI prompts/Output logsUp to 30 days
Billing and transaction recordsAs required by law (typically 7 years)
Marketing dataUntil consent withdrawn or 3 years of inactivity

8.3 Backup and disaster-recovery copies may persist beyond active retention windows for the duration of the backup cycle, after which they are overwritten or destroyed.

9. Your Rights

Subject to applicable law, you may have the following rights:

  • access to personal information we hold about you;
  • correction of inaccurate or incomplete information;
  • deletion of personal information;
  • restriction or objection to certain processing;
  • portability of personal information;
  • withdrawal of consent (without affecting the lawfulness of prior processing);
  • the right to lodge a complaint with a supervisory authority.

To exercise rights, contact contact@revplatform.io. We may need to verify your identity. For requests concerning Customer Data, please contact the relevant Customer Controller; we will assist as required by the DPA.

10. Security

ROHQ maintains administrative, technical, and physical safeguards designed to protect personal information against unauthorized access, alteration, disclosure, or destruction. See the Security & Compliance Overview. No system is perfectly secure; we cannot guarantee the security of any information.

11. U.S. State Privacy Rights

11.1 California (CCPA/CPRA). California residents may have the right to: (a) know the categories and specific pieces of personal information collected, sources, business or commercial purposes, and categories of recipients; (b) request deletion; (c) request correction; (d) opt out of the "sale" or "sharing" of personal information and limit use of "sensitive personal information"; and (e) non-discrimination for exercising rights.

11.2 We do not knowingly sell personal information for monetary consideration. To the extent any analytics or advertising cookie activity constitutes a "sale" or "share" under California law, you may opt out via the cookie banner, the "Do Not Sell or Share My Personal Information" link, or by enabling Global Privacy Control (GPC).

11.3 To submit a request, contact contact@revplatform.io. Authorized agents may submit requests with appropriate documentation.

11.4 Other U.S. states. Residents of states such as Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, Delaware, New Hampshire, New Jersey, Iowa, Tennessee, Minnesota, Maryland, Nebraska, Kentucky, Rhode Island, and Indiana may have similar rights, which we honor in accordance with applicable law.

12. GDPR Rights (EEA/UK)

In addition to the rights described in Section 9, EEA, UK, and Swiss data subjects may exercise applicable rights by contacting contact@revplatform.io and may lodge a complaint with their local supervisory authority.

13. Children's Privacy

The Services are not directed to children under 16 (or such higher age as required by local law). We do not knowingly collect personal information from children. If we learn we have collected such information, we will delete it.

14. Marketing Communications

You may opt out of marketing emails via the "unsubscribe" link or by contacting contact@revplatform.io. We may continue to send transactional and Service-related communications.

15. Automated Decision-Making

The Services may include features that use automated processing, including profiling, scoring, classification, and recommendation generation. Where required by law, individuals have the right not to be subject to a decision based solely on automated processing that produces legal or similarly significant effects without human involvement. Customer Controllers configuring automation in the Services are responsible for ensuring appropriate human oversight.

16. Third-Party Links and Services

The Services may contain links to or interoperate with third-party websites, applications, marketplaces, and services. ROHQ is not responsible for the privacy practices of those third parties; their use is governed by their own privacy policies.

17. Changes to This Policy

We may update this Policy from time to time. The "Last Updated" date indicates when the Policy was last revised. Material changes will be communicated by email, in-product notice, or website posting.

18. Contact

Privacy Inquiries: contact@revplatform.io Mailing Address: 3 Franklin Square, STE 4, Saratoga Springs, NY 12866

Appendix A — Categories of Personal Information (CCPA/CPRA)

CategoryExamplesSourcesPurposesRecipientsRetained
IdentifiersName, email, IP, account IDYou; automatic; integrationsService, security, commsSubprocessors, integrationsPer Section 8
Customer recordsBilling/contact infoYouBilling, accountingPayment processorsPer Section 8
Commercial informationSubscription, transaction historyYou; automaticService, billingSubprocessorsPer Section 8
Internet/network activityPages, clicks, logsAutomaticOperations, analytics, securitySubprocessorsPer Section 8
Geolocation (approx.)IP-based locationAutomaticSecurity, fraud preventionSubprocessorsPer Section 8
Professional informationTitle, employerYou; enrichmentService, marketingSubprocessorsPer Section 8
InferencesPreferences, segmentsDerivedPersonalization, marketingSubprocessorsPer Section 8

We have not knowingly collected sensitive personal information for the purpose of inferring characteristics. We do not use sensitive personal information beyond purposes permitted under California Civil Code § 1798.121.