Privacy Policy

1. Information You Provide Directly

When you create an account or use the Service, we collect:

• Account: name, email, password (hashed with bcrypt), phone, company name, website, locale
• Billing: payment method handled by our payment processor — we do not store full card numbers
• Knowledge base content: products, documents (PDF, DOCX, spreadsheets), URLs, photos, videos, FAQ snippets
• Configuration: AI agent settings, sales scripts, workflow definitions, team member roles

2. End-Customer Messages Routed Through Revol

When you connect a messaging or voice channel and end-customers communicate with your AI agents or human team, we process:

• Message content (text, attachments, voice notes, transcripts)
• Sender identifiers (page-scoped user ID, phone number, username, chat ID)
• Public profile information disclosed by the platform (display name, profile picture URL where available)
• Message metadata (timestamps, delivery status, read receipts, conversation thread IDs)

3. Information From Meta Platforms

When you authorize a Meta integration (Facebook Messenger, Instagram Direct, WhatsApp Business), we receive:

• Page access tokens (long-lived, ~60 days) used to send and receive messages on your authorized Pages
• Page-scoped User IDs (PSIDs) and Instagram-scoped IDs of people who message your Page
• Message content sent to and from your Page or WhatsApp number
• Page metadata (Page ID, name, category)
• WhatsApp Phone Number ID and Business Account ID
• Webhook signatures (X-Hub-Signature-256) used only to verify authenticity

4. Information From Telephony Providers

When you connect Twilio, Ringostat, or Binotel, we process call audio (for transcription), caller phone numbers, call duration, and call metadata.

5. Tracker and Widget Data

Our website widget and tracker collect:

• Visitor session ID and a truncated IP address (used for geolocation only)
• Browser, operating system, and device type
• Page URLs visited within your site, referrer, UTM parameters
• Custom events you define (clicks, form submissions, phone clicks)

6. Cookies

We use essential cookies for authentication, locale preference, and session management. We do not use advertising cookies. Visitor analytics for the tracker are stored under your account and are not used for cross-site advertising.

7. How We Use Information

• Provide, maintain, and improve the Service
• Route messages between end-customers and your team or AI agents
• Generate vector embeddings of your knowledge base for retrieval-augmented generation (RAG)
• Send messages through your authorized channels on your behalf
• Analyze conversations for KPI, script compliance, and sentiment
• Bill subscriptions and add-on packs
• Detect abuse, fraud, and security incidents
• Comply with legal obligations

8. Sharing With Third Parties

We share information only with the following categories of processors, strictly to provide the Service. We do not sell personal information.

9. Data You Send to Meta

When your AI agents or team members send replies through Messenger, Instagram, or WhatsApp, that content is delivered through Meta's Graph API and is also subject to Meta's privacy practices.

10. Data Retention

• Account and configuration data: retained for the lifetime of your account
• Conversation messages: retained for the lifetime of your account or until you delete them
• Vector embeddings: regenerated when you retrain; stale embeddings purged within 30 days
• Encrypted backups: retained for up to 30 days then deleted
• Server logs: 30 days
• Account deletion: data is deleted within 30 days of confirmed account closure, except where retention is required by law (e.g. tax records — up to 7 years in Ukraine)

11. Your Rights

Depending on your location (GDPR, CCPA, Ukraine's Law on Personal Data Protection), you have the right to access, correct, delete, restrict processing of, or port your personal information; to object to processing; to withdraw consent at any time; and to lodge a complaint with a supervisory authority. To exercise any right, email revol.pro.official@gmail.com or follow the steps in our Data Deletion page.

12. Security

We use industry-standard practices: TLS for all traffic, hashed passwords, encrypted backups, scoped API tokens, HMAC signature validation on all incoming webhooks, and least-privilege access controls. No method of transmission or storage is 100% secure — please report suspected vulnerabilities to revol.pro.official@gmail.com.

13. International Transfers

Our primary infrastructure is in the European Union (Hetzner — Germany / Finland). Some processors (OpenAI, Anthropic, Stripe) are located in the United States. We rely on Standard Contractual Clauses or equivalent safeguards for transfers outside the EEA.

14. Children

The Service is not directed at children under 16. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, contact us and we will delete it.

15. Changes to This Policy

We will post any material changes to this Policy on this page and update the "Last updated" date. For material changes we will notify account holders by email at least 30 days before the change takes effect.

16. Contact

• Email: revol.pro.official@gmail.com
• Postal address: to be added after Business Verification